Cybersecurity startup OX Security raises $34m seed round

Lior Arzi and Neatsun Ziv  credit: Shelly Brail
Lior Arzi and Neatsun Ziv credit: Shelly Brail

OX Security, founded by two former Check Point managers, has a developed a new software supply chain security standard.

OX Security, a cybersecurity company founded by two former senior managers at Check Point (Nasdaq: CHKP), was unveiled to the media for the first time today, after a little under a year of activity. OX Security has completed a fundraising round of $34 million in two parts. This is one of the largest ever seed rounds for an Israeli startup.

OX Security operates in the hot field of securing the software supply chain, protecting all the processes involved in developing and distributing software before it reaches customers. This field, in which several Israeli startups are active, gathered momentum following the hacking of US company SolarWinds Corporation that was uncovered in late 2020 and was described as the most serious such incident in US history.

In that attack, the hackers, apparently from Russia and acting with state backing, managed to penetrate the software development system at SolarWinds, a company that develops IT infrastructure monitoring systems. The hackers contaminated the development process and introduced attack tools into the periodic update sent by SolarWinds to its customers. When the customers downloaded the update, the hackers at once gained access to the systems of the organizations concerned, which included US government agencies, exemplifying the great potential damage in such supply chain attacks.

OX Security was registered as a company in late July this year after its two founders, by Neatsun Ziv and Lior Arzi, left Check Point. Both had worked there for about a decade. In their last positions at the company, Ziv served as VP Cyber Products, while Arzi was director of End Point Cyber Security. Ziv is currently CEO of OX Security and Arzi is chief product officer.

For Ziv, this is a second attempt at entrepreneurship. He founded startup Vanadium and managed it between 2003 and 2011. Vanadium, which dealt in end point security, raised $5 million and reached annual sales of over $1 million, but was eventually shut down. "That was the period after the crisis of 2008, when investors saw cyber as passé. The fact that we had reached sales of $1 million didn’t impress anyone," Ziv says.

Ziv and Arzi decided to work on OX Security in October 2021 as part of the Team8 company building incubator, which gave the company its first investment. The pair reached Team8 through Ziv’s acquaintance with Team8 managing partner Amir Zilberstein from their military service in the IDF’s 8200 signals intelligence unit. Unlike in Team8’s usual model, in which the group decides on an area in which it will deal and then looks for entrepreneurs who will work on a solution, Ziv and Arzi came with their own mature idea. Immediately after obtaining investment from Team8, the pair decided to expand the seed round and bring in additional investors, led by Evolution Equity Partners, and Microsoft's venture fund M12, with participation from Rain Capital and Team8.

Ziv declines to disclose how much Team8 invested initially and how much was invested in the completion of the round in the summer. "You have to remember that at that time it looked as though the sky was falling on the technology sector and we were going back to a period of austerity, so we decided to utilize the option we had to expand the round so that we would have the cash. At that stage, we were making very rapid progress, and we already had customers who wanted to buy the product, so it was a good time to step up our activity," he says.

Use of third party resources

One reason that software supply chain security is attracting attention is that, in order to develop software faster, developers these days do not write all the code from the beginning, but more and more use resources such as ready-made code developed by third parties. This means that an organization does not have full control over what goes into its software, which leaves an opening for security weaknesses.

As mentioned, many Israeli startups deal in supply chain security, each of them specializing in a different aspect. The best-known name among these companies is Snyk, which was valued at $8.5 billion last year. Snyk’s original expertise was in providing visibility for the use of open-source code components in software development and identifying weaknesses in them.

Other Israel companies with activity close to that of OX Security are Apiiro, currently in negotiations for an acquisition by Palo Alto Networks, and Legit Security, which emerged from stealth mode this year with a $30 million investment round. What is special about OX Security, according to Ziv, is that it looks at the entire development track, from writing the code to uploading to the cloud, and tries to spot problems in the process and also highlight the most important ones.

Because of the need for software supply chain security and the use of third-party resources in development, software firms are required to use a tool called a Software Bill of Materials (SBOM), which produces a listing of everything that has gone into the code. Instead of this, OX Security, together with partners, has developed a new standard, called PBOM (Pipeline Bill of Materials), which it claims is more comprehensive and describes in greater detail what happened to each piece of code in the course of the development process.

OX Security has about 30 active customers, some them paying customers and some on their way to becoming so, according to Ziv. The company employs 30 people. 

Published by Globes, Israel business news - en.globes.co.il - on September 29, 2022.

© Copyright of Globes Publisher Itonut (1983) Ltd., 2022.

Lior Arzi and Neatsun Ziv  credit: Shelly Brail
Lior Arzi and Neatsun Ziv credit: Shelly Brail
Twitter Facebook Linkedin RSS Newsletters גלובס Israel Business Conference 2018