Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Miggo Security Gets $7.5 Million Seed Funding to Build ADR Technology

YL Ventures leads an early stage funding round for Miggo Security, a Tel Aviv startup working on application detection and response technology.

Tel Aviv-based startup Miggo Security has raised $7.5 million in seed funding led by YL Ventures and including Cyber Club London. Miggo is introducing a new application detection and response (ADR) technology.

The internal operation of today’s complex applications is considered the biggest blind spot in corporate cybersecurity. Miggo’s new ADR is designed to do for applications what EDR does for endpoints.

“Eighty percent of all breaches today start with an application attack,” Miggo CEO and co-founder Daniel Shechter said in a conversation with SecurityWeek. “They are hard to detect, and are currently missed by other tools. Our goal is to change that.” He cites the MOVEit, SharePoint, Ivanti and GoAnywhere breaches as recent examples.

The problem is today’s applications have become complex and distributed, with multiple chains of trust in which attackers can hide. It’s a blind spot for defenders once the attacker is into the application; they can manipulate flows between services without detection by existing security sensors like EDR, WAF and CNAPP tools. 

Once plugged into the app, Miggo automatically generates a map showing its components, their interactions, and the chains of trust. This alone demonstrates which data flows are internet facing, and which touch sensitive data – it identifies the important services and possible attack chains. 

More importantly, the ADR also shows how people are using the application. It establishes baseline standards of behavior between different services, data flows and authentication mechanisms, allowing it to identify and prevent subsequent malicious activities – in real time.

This visibility is the detection side of Miggo’s ADR. It already begins the response element by showing the user where controls are needed. The name ‘Miggo’, incidentally, comes from an ancient Aramaic word meaning ‘from the inside’ – the implication being that defending applications must come from inside the application.

“Our ability to understand the internal chains of trust and how the application should be used,” said Shechter, “allows us to recognize with high fidelity if something bad is happening. We can either terminate the session, or use the customer’s other tools to prevent continuing execution.” 

Advertisement. Scroll to continue reading.

Put simply, from within the Application, Miggo can Detect and then Respond to bad behavior.

The firm hopes that ultimately the response to bad behavior within an application will happen as automatically as its detection. This functionality is already built into the product, but Shechter accepts that customers will initially want to operate a manual alert and response. Shechter hopes and expects that as trust in the product grows, more customers will switch to fully automatic ADR.

The combination of detecting live threats to applications and responding to those threats from within the applications are considered the key innovations being introduced by Miggo. According to CISO Mike Melo, “Miggo is finally providing transparency for our most significant attack vector with the exact tools each stakeholder requires to protect and defend mission-critical assets. ADR,” he claims, “is the unified solution we need to not only give us application-layer visibility and control but also dramatically lower our mean time to detect and respond to application attacks.”

The seed funding will be used to further expand Miggo’s R&D team and grow its reach into the US market.

Related: Sweet Security Emerges From Stealth With $12 Million Seed Funding

Related: Invary Raises Pre-Seed Funding for Runtime Integrity Solution

Related: Microsec.ai Exits Stealth With Cloud Application Runtime Protection Platform

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights