Myrror Security, an Israeli company specializing in application security for organizations utilizing open-source packages, has officially launched today, backed by $6 million in seed funding from prominent investors Blumberg Capital and Entrée Capital. The primary objective of Myrror Security is to bolster the security of enterprises’ Software Development Life Cycle (SDLC) process, given the escalating threat of software supply chain attacks exploiting open-source dependencies and CI/CD pipelines. The infusion of capital will empower the company to enhance its product capabilities and expand its distribution channels.
In recent years, there has been a significant surge in software supply chain attacks, with a staggering 740% increase in Open Source Software (OSS) supply chain attacks reported in 2022. These attacks target the SDLC through various vectors, with open-source components being one of the most accessible and concerning entry points, as they constitute a substantial portion (70-90%) of modern software. Conventional solutions primarily focus on known vulnerabilities but fail to address unknown risks. Moreover, they inundate security teams with alerts for vulnerabilities that may not even be present in the final code, creating unnecessary distractions and a false sense of urgency. Security teams are in dire need of a solution that can accurately detect real threats, prioritize them, and facilitate efficient remediation, allowing them to concentrate on the most critical software supply chain risks.
Myrror Security’s platform seamlessly integrates two crucial aspects necessary to combat modern software supply chain threats effectively: the detection of malicious packages and CI/CD attacks, and the prioritization of known vulnerabilities. Utilizing proprietary binary-to-source code analysis capabilities and advanced AI matching techniques, the company can identify both known and unknown threats, such as malicious packages, malicious code, and CI/CD breaches, in real-time—before they can reach the production environment. Additionally, Myrror Security employs an advanced reachability model in its Code Aware Software Composition Analysis (SCA) solution to determine whether a vulnerable function is utilized in the code, reducing the noise generated by traditional SCA tools. The company also provides comprehensive mitigation plans to expedite and facilitate risk remediation.
Yoad Fekete, Co-Founder and CEO at Myrror Security, remarked, “The integration of unverified open-source components into the software development process creates a massive attack risk on one hand, and a large amount of false positives for security teams on the other hand. Until now, there hasn’t been a solution on the market capable of tackling both of these problems effectively. We founded Myrror Security to help security teams protect their organizations from attacks and sort through their mess of alerts before code gets to production, without requiring any engineering behavioral change.”
Myrror Security’s Breach Detection solution employs a distinctive AI-enhanced binary-to-source analysis process, allowing it to reverse-engineer binary artifacts and compare them to the original source code. Any discrepancies trigger real-time alerts, thereby preventing compromised packages from ever making their way into the software.
Ilia Shnaidman, Vice President at Blumberg Capital, emphasized the evolving tactics of malicious actors, stating, “Malicious actors continue to shift their attention to the software development process – using open-source packages and CI/CD pipelines to infiltrate companies that otherwise have tight security in place. There is a clear market demand for a solution that detects attacks and prioritizes vulnerabilities and helps defenders address this risk.”
Zohar Alon, Chairman at Myrror Security, highlighted the inherent risks associated with the use of open-source components in application development and praised Myrror Security’s pioneering binary-to-source analysis solution for its proactive approach to addressing the SDLC security challenge.
Myrror Security aims to transform the industry by providing a comprehensive solution that prioritizes risk, detects attacks, and offers mitigation plans within a single platform, ultimately leading the way toward end-to-end software integrity.