Solvo, a Tel Aviv-based startup that promises to automatically generate cloud security permissions by analyzing a developer's code, today announced that it has raised a $3 million seed funding round from TLV Partners and Surround Ventures. The idea here is to analyze the code and generate the least-privilege permissions that still allow the code to run.
Currently, Solvo's focus is on AWS, with support for Python, Java and Node.js, but the team plans to expand its service to other clouds and languages over time.
The company was co-founded by its CEO Shira Shamban and its CTO, David Hendri. Shamban has 17 years of cybersecurity experience, leading security teams at Dome9 and CheckPoint, in addition to her time in the Israeli Intelligence Corps' Unit 8200. Similarly, Hendri was one of the first R&D employees at Dome9 and served as an officer in the Israeli Intelligence Corps.
"Today, every software developer has their own AWS account -- and they can scale up an entire crypto mining farm wherever in the world," Shamban explained. "And when they do that, or when they write the next Tinder for cats, they have to grant security permissions to the infrastructure because this is how it works. But they are software developers, not security engineers."
Similarly, she argues, DevOps teams don't typically focus on these security permissions either. At the same time, the security engineers also often don't exactly know why a specific Lambda function in AWS is communicated to a specific database, for example. Because of that, it's often not quite clear who is in charge of infrastructure security.
"We created a solution that developers like to use [...]. The developers like it, but the security team needs it -- because they don't have visibility and they don't know the risks in their cloud account," said Shamban.
Because Solve creates very granular permissions, down to the row level in a database table, for example, when malicious actors do get into the system, they will only be able to access a small slice of the available data. That's still obviously a problem, but it keeps the blast radius small.
As developers update their applications, the system automatically learns how a given company operates and updates its rules accordingly.
The company is already working with a Fortune 500 design partner to build out its service, which it offers as a SaaS product. But in addition to big enterprises, the team believes that small and medium-sized companies can also benefit from its service.
Unsurprisingly, the company plans to use the new funding round, which it raised entirely over Zoom, to build out the team and product.
"The big problem that Solvo solves is the result of a growing trend in the market — the transfer of responsibility for code and product security in the cloud from the DevOps people to the development people," said Shahar Tzafrir, a managing partner at TLV Partners . "In light of the enthusiastic responses we’ve received from potential customers that affirmed the necessity of the solution along with the unique ability of this particular team to offer a quick solution, we were quick to offer this seed investment to the entrepreneurs— and we are happy and proud that they chose us."