Legit Security, a cybersecurity company focused on identifying app vulnerabilities from code, has successfully raised $40 million in a Series B funding round. The funding was led by CRV and saw participation from Cyberstarts, Bessemer Venture Partners, and TCV. With this latest investment, Legit Security’s total funding now stands at $77 million.
The CEO and co-founder of Legit Security, Roni Fuchs, stated that the funds will be used to expand the company’s sales, marketing, and R&D teams. Fuchs expects the company’s headcount to exceed 100 employees by the end of the year.
Fuchs highlighted the need for a more comprehensive platform in the application security industry. He believes that the current market is filled with numerous point solutions that lack consolidation. Legit Security aims to address this gap by modernizing app security and offering a broader platform to meet the industry’s needs.
The three co-founders of Legit Security, Roni Fuchs, Liav Caspi, and Lior Barak, all have experience in the cyber warfare division of the Israel Defense Forces (IDF). After leaving the IDF, they worked in cybersecurity at companies like Microsoft and Checkmarx.
Based on their collective experiences, Fuchs, Caspi, and Barak realized that traditional app security scanners were not effectively helping businesses understand risk and take action. They believed that these scanners lacked broader context and focused on a narrow section of application risk. Additionally, securing apps required collaboration between security, engineering, and DevOps, which presented challenges at scale.
In response to these challenges, Legit Security was launched in 2020. The platform offers real-time visibility and security control across development environments while providing a unified plane to orchestrate apps.
Initially focused on securing software supply chains, Legit Security now aggregates vulnerabilities from various sources and integrates with traditional app security tools. The platform also scores vulnerabilities alongside the native vulnerabilities identified by Legit Security.
Fuchs claims that Legit Security can secure the entire app development environment, from code to cloud. The platform enforces security policies in CI/CD pipelines, servers, and other infrastructure. It automatically discovers and maps pre-production dev pipelines and third-party security tools, including their dependencies, misconfigurations, and vulnerabilities.
Legit Security can trace vulnerabilities found in cloud production environments back to their origin in the pipeline and source code. The platform also identifies duplicate and redundant tools, helping companies reduce waste and save costs.
Legit Security operates in the emerging category of application security posture management (ASPM) tools. ASPM tools collect, analyze, and prioritize security issues throughout the software lifecycle. According to Gartner, the demand for ASPM tools is expected to grow significantly in the coming years.
While there are other players in the ASPM market, including Apiiro, Cycode, and ArmorCode, Fuchs believes that Legit Security has a competitive edge. The company has already secured notable customers such as Google, the New York Stock Exchange, Kraft Heinz, and Takeda Pharmaceuticals.
Despite a relatively slow period for cybersecurity startup mergers and acquisitions, Legit Security remains optimistic about its prospects. Fuchs emphasized the strength of Legit Security’s auto-discovery, correlation, and analysis capabilities, which differentiate it from other ASPM vendors.