Cloud security firm Sweet Security announced a $33 million Series A funding round just six months after emerging from stealth with an initial $12 million seed funding.
The Tel Aviv-based cloud runtime security firm’s funding was led by Evolution Equity Partners, joined by Munich Re Ventures and Glilot Capital Partners.
“The seed funding was to allow us to open a US office and expand into the US market. We thought the timing was right,” Eyal Fisher, co-founder and CPO, told SecurityWeek; “but we’ve found the market is more than ready.”
The new money will be used to further develop Sweet’s technology, but with heavy focus on expanding its go to market operations. Both the firm and its backers believe that cloud operations lack, but need, the runtime security offered by Sweet. “That,” said Fisher, “is why we’re going to use the round to run even faster than we imagined when we started this journey.”
He points to the recent Leaky Vessels flaws found in Docker’s RunC tool – four vulnerabilities with CVSS scores ranging from 8.6 to 10.0. RunC is an open source library and typifies one of the major threats within software development: the use of OSS libraries without adequate knowledge of where vulnerabilities might be included, nor even whether the parts of the library that are used do or do not contain those vulnerabilities. If they aren’t used, they are not a threat – if they are used, they are often an invisible and unknown threat.
Sweet’s vulnerability detection capabilities can surface the existence of those threats before they are discovered and used by attackers. Key to this ability is the firm’s patent-pending eBPF-based technology. eBPF itself is not new. It’s part of Linux. “It lets you see what’s happening at the kernel level of the environment – it gives you access to areas you cannot usually access,” explained Fisher.
“The problem,” he continued, “is that building an eBPF sensor that will not disturb the environment while consuming few resources, is difficult. It’s beyond the ability of most software engineers. But Sweet knows where to find that level of talent.”
Two of Sweet’s founders, retired Brigadier General Dror Kashti (CEO), and retired Colonel Fisher (CPO), were careerists within the IDF. The third, Orel Ben Ishay (VP R&D), was R&D group lead within Israeli Military Intelligence. The IDF’s knowledge and imaginative use of technology is well known – both of which have been combined in the development of Sweet’s eBPF sensor. Continuing the military theme, Sweet describes its technology as giving it ‘boots in the cloud’.
“It provides deep and actionable insights about who, where and what is happening. From detection and response to vulnerability management, posture enhancement and non-human identity management (NHI), Sweet’s innovative technology identifies risks that matter, instead of creating a backlog of noisy alerts from passive API scans,” claims the firm. “It enables security teams to cut through the noise and address critical cloud risks as they unfold.”
The Sweet suite adds the necessary ability to look right during runtime to the often quoted need to shift left during development.
Sweet Security was founded in January 2023 in Tel Aviv, Israel. It emerged from stealth with $12 million seed funding from Glilot Capital Partners and angel investors including Gerhard Eschenbach and Travis McPeak in August 2023.
Related: Sysdig Launches Realtime Attack Graph for Cloud Environments
Related: Investors Betting Big on Upwind for CNAPP Tech
Related: US Government Releases Security Guidance for Open Source Software in OT, ICS
Related: CISA Releases Open Source Software Security Roadmap
