Everyone wants to talk about software supply chain risks these days, be it security teams, developers or… officials. It is therefore no surprise that, despite the current economic climate, VCs continue to fund startups in this area as well. One of the newest members in this club is Arnica, a startup that takes a somewhat broader view of supply chain security than most of its competitors and helps companies. The company announced today that it has raised a $7 million seed round.
The round was led by Joule Ventures and First Rays Venture Partners. A number of angel investors, including Avi Shua (Co-founder and CEO of Orca Security), Dror Davidoff (Co-founder and CEO of Aqua Security), and Baruch Sadogursky (Head of Developer Relations at JFrog), also participated in this round.
Arnica founding team. Image Credits: Arnica
“As a former purchaser of application security products, I tested more than a dozen solutions for securing my previous company’s software supply chain, but ran into a dead end. Most of the products were expensive visibility dashboards powered by different definitions of “best practices,” said Arnica CEO and co-founder Nir Valtman. “We have decided to offer this visibility to unlimited users for free forever. However, we went further and developed a comprehensive solution to not only identify risks based on historical and anomalous behavior, but also to mitigate them. We do this by leveraging automated workflows with one-click mitigations that enable developers to get proprietary security from the tools they already use.”
The team argues that supply chain attacks succeed because of inefficient developer access control or the inability to detect anomalous identity or code behavior. So that’s where Arnica comes in. The behavior-based approach combines access control and a service that can detect deviant behavior of developers that may be the result of an infringement.
“Each of our machine learning algorithms has thousands of features that identify whether it was actually the developer who wrote the pushed code,” explains Valtman. “When an anomaly is detected, a workflow is immediately started to validate it with the developer in a simple and secure way. That is not only good for the company, but also for developers.”
There is also covert detection to prevent leaks, a service that continuously monitors security and compliance, and tools for identifying the open source libraries used in an organization, which can also compile a full software bill (SBOM).
The company plans to use the new funding to accelerate its go-to-market and R&D efforts, with a focus on expanding its automated workflows and mitigation capabilities.
“In a market full of value-added security solutions, Arnica’s immediate solution-focused approach is a game changer for enterprise development teams,” said Brian Rosenzweig, partner at Joule Ventures. “Arnica goes beyond just identifying security vulnerabilities – any identified issue can be addressed immediately with a one-click solution. This allows companies to quickly protect their software supply chain from attacks, while behavior-based detection ensures it remains secure in the long run.” Arnica’s pragmatic approach and advanced technology enable companies to avoid costly breaches without sacrificing flexibility.”