Legit Security raises $26.5 million Series A to protect software supply chains

Israeli cyber startup Legit Security, developer of a solution for securing the software supply chain and development environments, has raised $26.5 million in Round A funding, led by Bessemer Venture Partners and TCV, which has invested in Netflix, Gitlab, Spotify, Facebook and more. The company raised $3.5 million in a seed round from Gili Raanan's Cyberstarts VC fund.

The solution developed by Legit allows organizations to ensure that the enterprise software development process is fully secure at all stages. The solution automatically maps all the tools and processes in the enterprise software system including code writing, development pipeline, software infrastructure and permissions and applies an advanced security model at all relevant stages.

Legit Security was established in September 2020 by Roni Fuchs, who serves as the company's CEO, Liav Caspi, CTO, and Lior Barak, VP R&D. The three met while serving in the IDF’s 8200 military intelligence unit. Fuchs was one of the first Aorato employees, which was acquired by Microsoft in 2014. Fuchs then set up a cyber startup called Lumobit, which Caspi and Barak joined as the first employees. Within a few months, Lomobit merged into Checkmarx with the aim of establishing the field of open-source security. After merging with Checkmarx, Fuchs, Caspi and Barak decided to take an independent route with Legit Security, realizing that protecting the content of the code is no longer sufficient.

In a conversation with Calcalist, CEO Roni Fuchs said: “The field in which we operate is new, but it has players today. The problem we are facing now is we have a majority of new and young players who are facing difficult challenges such as the SolarWinds attack and others. In the beginning we talked to many security managers who couldn’t wait for our product. Within eight months of the company’s founding we already had a paying customer. There are not enough good solutions or solutions which answer the need at all. The attacks in our field have increased significantly in recent years and can be compared to an octopus which has arms reaching out in every direction. This is a serious attack that also affects the organization's customers and you might detect it too late after you have already hurt others. We map out the development process and constantly protect them and identify attacks if they happen. We provide constant protection throughout the release of the software and its development.

"The company employs 45 people and we will expand both the sales teams in the U.S. and the research team in Israel," Fuchs said. "We do not feel any change in the field and the demand for us is still rising. The financing fits the plans we have set and at the moment our business goals are being met and we raised more funds two months ago so we have no plans to raise any more money."

According to Gartner, attacks on organizations and software supply chains are expected to triple in volume in the coming years and by 2025, 45% of organizations will experience such attacks. Attacks and security vulnerabilities such as SolarWinds, Kaseya, CodeCov, Log4J and others have heightened the understanding of the importance of this security issue.

Amit Karp, a partner at Bessemer Ventures Partners, said: "Software supply chain attacks will continue to grow until new solutions are developed and shut down the abundance of security gaps in these environments."

Gili Raanan, founder of Cyberstarts, the first VC fund to invest in Legit, said: "Code is the new oil because almost every business is becoming driven by software."