Containers and micro services may not be a new concept at this point, but lots of companies are struggling with the transition to cloud native applications, and the impact of that approach on their security.
Operant is an early startup that’s trying to solve the security problem in a way it stays in the background while protecting the application from development to deployment. The company is having its coming out party this week at RSAC and is announcing a $3 million seed while it’s at it.
Vrajesh Bhavsar, CEO and co-founder, says his company has developed a unique solution to protect cloud native applications without instrumentation. “Operant is the first runtime application protection platform. And what that means is, we can prevent lateral attacks and data breaches by securing cloud native applications from the inside out,” Bhavsar told TechCrunch.
Priyanka Tembey, CTO and co-founder, says that the solution helps security teams build guard rails for runtime applications as they are being developed. “Operant customers can install Operant within their dev staging and production Kubernetes environments, and we start learning about their application interactions, service-to-service interactions, API interactions, as well as data flows at runtime, so when they are running live in the production environments. And then we are able to apply those learnings back into the dev staging environments, as well to start protecting the applications and the API’s from the get-go,” she said.
This means that companies use Operant across the development process including the development tooling, the CI/CD pipeline, the API gateways and the containers and micro services themselves. Tembey admits they are covering a lot of ground, but that’s the idea. “The product does a lot of things today, and that’s where we actually see the application security direction going because applications in the cloud tend to be multilayer,” she said.
That requires a comprehensive approach to keep the application secure. “It’s not just the application, but then it’s the container, it’s the microservice layer, it’s the API, the data flow layer and so on. And so we interface at different layers of the applications with our technology and are able to get the right telemetry, and by that I mean the right data, the operational data about what is happening at those layers” she said.
Operant has the intelligence to put all of that data and those context streams together. “And it creates live API catalogs, service interaction maps for customers, and then through enforcements it interacts with different layers in the Kubernetes as well as in the cloud layers to actually protect those APIs and those data flows by enforcing the security policies that customers approve or create through our product,” she said.
The company launched in 2020, and began building the product in 2021. It took some time to build a product of this complexity. They began working with design partners last year and are emerging today and companies can begin signing up to use the product. The startup has six people right now with plans to perhaps double that this year. With two women co-founders — CMO Ashley Roof is also part of the founding team — the company cares deeply about building a diverse organization as they scale up.
“We are very passionate about diversity. As you can tell, there are two women on the founding team and just building that diverse team from the ground up is very important to us,” Tembey said.
Today’s $3 million investment was led by Felicis. The company previously raised a $500,000 pre-seed round, bringing the total raised to $3.5 million.