build.security Bags $6M in Seed Backing

November 25, 2020

build.security secured $6 million in seed funding led by YL Ventures with participation from cybersecurity luminary George Kurtz, CEO and Co-founder of CrowdStrike. Founded by industry veterans Amit Kanfer (CEO) and Dekel Braunstein (CTO), build.security is offering a new approach to authorization, providing developers with the building blocks they need to quickly generate and manage best-practice authorization controls across enterprise applications at scale.

Joining this seed round are Michael Sutton, former CISO of Zscaler; Sounil Yu, former Chief Security Scientist at Bank of America; Dan Amiga, former CTO and Co-founder of Fireglass (acquired by Symantec); Eyal Gruner, CEO and Co-founder of Cynet; and Eran Barak, former CEO and Co-founder of Hexadite (acquired by Microsoft). CrowdStrike CPO Amol Kulkarni has joined build.security’s board of directors.

Developers are key players in today’s cybersecurity landscape as gatekeepers of the operations and sensitive data involved in enterprise applications. As responsibility for secure code shifts left, developers are tasked with overseeing key security measures in application development, chief among them authorization and authentication. However, unlike authentication, authorization remains an elusive challenge for many engineering teams, largely due to an absence of enterprise grade solutions. As a result, developers are forced to build an array of highly complex authorization models, policy engines and enforcement points themselves to account for an ever-growing list of identities, resources and context attributes. The time consuming, confusing and error-prone nature of these processes heightens the risk of insufficient software protection, leaving enterprises vulnerable to exploitation.

build.security is offering the first “true platform for authorization,” providing developers with a simple way to eliminate the kind of product vulnerabilities that have the potential to capsize entire organizations when exploited. According to George Kurtz, CEO and Co-founder of CrowdStrike, “build.security’s innovative approach allows developers to focus on developing apps at unprecedented speed without the burden of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) implementation weighing them down.”

build.security resolves the complexity, time and hassle typically associated with building authorization into applications by offering open-sourced tooling for implementing fine-grained access controls, full visibility into policy enforcement at runtime and decoupled logic that enables a more agile and robust development cycle. Leveraging Open Policy Agent (OPA), the solution decouples authorization policy from code, thereby allowing changes and updates to be made as required to help developers keep their authorization implementation attuned to their specific environment and changing needs. Users can choose to implement access policies with declarative policy language, or by using the platform’s unique drag-and-drop policy builder.

“build.security’s innovation is an incredible win for the developer community—they’ve made authorization easy,” said John Brennan, Partner at YL Ventures and build.security board member. “We’re excited by Amit and Dekel’s unique plug-and-play approach to API and function-level authorization, as well as the breadth of visibility their control plane offers. Their approach will enable developers and enterprises to build secure software at scale.”

build.security will offer a free-tier authorization policy management solution for developers and a premium version of its platform for enterprises.

The platform’s key features will include:

● A unified pane of glass that enables developers to easily author, evaluate, distribute and monitor policies at scale

● Policy-as-code, allowing developers to express authorization policies with a no-code drag and drop policy builder or through a low-code declarative language

● Seamless integrations with identity providers, databases and other API-based services

● Automatic policy suggestions based on runtime interactions between services

● Lightweight and performance-optimized hybrid cloud/on-prem architecture

“We’ve solved the inherent complexity of authorization resulting from how radically its implementation varies from one application to the next,” said Amit Kanfer, CEO and Co-founder of build.security. “We’re helping developers easily express RBAC and ABAC with a flexible, managed and off-the-shelf platform, as well as open-source projects, that provide all the tools developers need to author and immediately enforce policies at scale. build.security is building authorization so that developers don’t have to.”