Legit Security comes out of stealth mode with $30 million Series A round

Legit Security, a cyber security startup with an enterprise SaaS solution for securing an organization’s software supply chain, said today that it has emerged from stealth mode with a $30 million Series A fundraising round co-lead by Bessemer Venture Partners and TCV.

CyberStarts, Israel’s leading cybersecurity venture capital firm, provided seed money.

Legit Security protects software supply chains from attack by automatically discovering and securing the pipelines, infrastructure, code, and people so that businesses can stay safe while releasing software fast.

Founded in September 2020 by CEO Roni Fuchs, CTO Liav Caspi, and VP of Research and Development Lior Barak. The company has gathered a team of security experts from the renowned Israeli Defense Forces Unit 8200, Checkmarx, Ping Identity, Duo/Cisco, Microsoft, and other leading cybersecurity firms in the United States and Israel.

According to Gartner, by 2025, 45 percent of enterprises would have suffered attacks on their software supply chains, a threefold increase from 2021. Businesses cannot rely on traditional security technologies and code scanners alone to defend themselves as more firms adopt modern applications, agile development, and DevOps.

These intricate software supply chains at the heart of the digital business and vital infrastructure are increasingly prominent targets for cyberattacks, necessitating the development of novel solution approaches.

“Enterprises increasingly rely on software to do business, and they’re embracing cloud, DevOps, continuous integration and continuous delivery (CI/CD), and agile techniques to keep up,” said Roni Fuchs, CEO of Legit Security. “However, this has resulted in the creation of a massive new unprotected attack surface that hackers have targeted, and their attacks are intensifying. Enterprises do not require additional code scanners at the moment. They want a comprehensive security solution for the larger software supply chain. That is why we launched Legit Security and enlisted the services of world-renowned cybersecurity specialists who share our mission.”

Bob Durfee, Takeda Pharmaceutical Company’s Head of DevSecOps said. “Legit provides a single pane of glass for mitigating software development risk. We can now inventory all of our SDLC systems and security tools, monitor developer activity, and quickly identify and repair issues across them. Legit’s security ranking also enables me to assess the security postures of other teams and demonstrate progress toward improving them.”

Legit Security enables businesses to defend their end-to-end software supply chain environment and software releases in real-time by automating vulnerability discovery and analysis, enforcing security policies, and providing continuous assurance.

The platform performs gap and leak detection on software development pipelines, development infrastructure and systems within those pipelines, and the people and their security hygiene as they operate within them. The system is compatible with existing development tools and workflows and offers continuous assurance and governance capabilities for real-time monitoring of regulatory compliance standards and frameworks.

“Until new solutions are developed to tackle varied security weaknesses across these environments, software supply chain threats will continue to grow,” stated Amit Karp, Partner at Bessemer Venture Partners. “We admired Legit’s ability to design an enterprise solution that is simple to adopt and provides benefits in a matter of hours.”

The money will be used to expand the company’s engineering team and to continue expanding its go-to-market organization in the United States, which currently includes locations in Austin and Palo Alto.