Everybody wants to talk about software supply chain risks these days, whether that's security teams, developers or government officials. It's no surprise then, that VCs, despite the current economic climate, continue to fund startups in this space, too. One of the newest members in this club is Arnica, a startup that takes a somewhat broader view of supply chain security than most of its competitors and helps companies. The company today announced that it has raised a $7 million seed round.
The round was led by Joule Ventures and First Rays Venture Partners. A number of angel investors, including Avi Shua (co-founder & CEO of Orca Security), Dror Davidoff (co-founder & CEO of Aqua Security) and Baruch Sadogursky (head of Developer Relations at JFrog), also participated in this round.
Arnica founding team. Image Credits: Arnica
"As a former buyer of application security products, I tested more than a dozen solutions for securing my previous company’s software supply chain but reached a dead end. Most products were expensive visibility dashboards driven by varying definitions of “best practices," said Arnica CEO and co-founder Nir Valtman. "We decided to provide this visibility for free, for unlimited users, forever. We went further though and developed a comprehensive solution to not only identify risks based on historical and anomalous behavior but also to mitigate them. We do this by using automated workflows with single-click mitigations that empower developers to own security from within the tools they already use."
The team argues that supply chain attacks succeed because of inefficient developer access management or the inability to detect anomalous identity or code behavior. So that's where Arnica comes in. Its behavior-based approach combines access management and a service that can detect anomalous developer behavior that could be the result of a breach.
"Each of our machine learning algorithms have thousands of features that identify whether it was actually the developer who wrote the pushed code," explained Valtman. "When an anomaly is detected, it kicks off an immediate workflow to validate it with the developer in a simple and secure way. It is not only good for the company, but also good for developers."
There's also secret detection to avoid leaking those, a service that continuously monitors security and compliance and tools for identifying the open source libraries used across an organization, which can also compile a full software bill of materials (SBOM).
The company plans to use the new funding to accelerate its go-to-market and R&D efforts, with a focus on expanding its automated workflows and mitigation capabilities.
“In a market full of security solutions adding only incremental value, Arnica's instant resolution-oriented approach is a game changer for enterprise dev teams,” said Brian Rosenzweig, partner at Joule Ventures. “Arnica goes beyond just flagging security problems — every issue that is identified can be immediately addressed with a provided one-click fix. This allows businesses to quickly protect their software supply chain from attacks, while behavior-based detection ensures it remains secure in the long term. Arnica’s pragmatic approach and advanced technology enable companies to avoid costly breaches without compromising on agility.”