ShiftLeft Exits Stealth Mode
October 11, 2017

ShiftLef emerged from stealth mode to enable organizations to secure their cloud applications and microservices as part of their continuous integration pipeline, rather than merely reacting to threats discovered in production.

The company is launching with a $9.3 million Series A round of funding from top-tier venture capital firms Bain Capital Ventures and Mayfield, and from individual investors. In addition, Enrique Salem, Bain Capital Ventures managing director, FireEye board chairman, and former Symantec CEO; and Ursheet Parikh, Mayfield partner and StorSimple founder and former CEO, have joined the company’s Board of Directors.

ShiftLeft also announced the general availability of fully-automated Security-as-a-Service (SECaaS) for cloud software that understands the security needs of each version of each application, and creates custom security and threat detection for it. It is offered as a try-and-buy solution. With ShiftLeft, organizations can now secure their cloud applications as part of their continuous integration pipeline, rather than merely reacting to threats discovered in production. ShiftLeft also identifies vulnerabilities, including contextual vulnerabilities with usage of Open Source Software (OSS) and data leakage risks, allowing organizations to either fix them or protect against them in production using ShiftLeft’s Microagent.

ShiftLeft founders are experts with an extensive background in security and cloud infrastructure. CEO Manish Gupta (formerly of FireEye, Cisco, and McAfee) has been at the helm of several security innovations such as malware sandbox and Next Generation Firewall. CTO Chetan Conikee (formerly of Cloud Physics, Business Signatures, and CashEdge), and Chief Architect Vlad A Ionescu (formerly of Google, LShift, and Founder of Lever OS) have enabled innovations that underpin the electronic transactions in the financial industry and several open source initiatives.

ShiftLeft is directed by a strong Advisory Board, including Florian Leibert, Mesosphere CEO; Mitch Wainer, DigitalOcean co-founder and head of brand marketing; and Gabe Monroy, lead program manager for containers at Microsoft Azure.

“With its DevOps and SecOps friendly solution that blends security knowledge of code from build-time with runtime data from production, ShiftLeft solves a real problem for customers without slowing them down,” said Leibert.

ShiftLeft was founded with the mission to develop a better approach to protecting the next engine of innovation – software. The team sought to solve the problem of matching signatures to fast changing threats that results in an overwhelming amount of false alerts, making security capital and operationally inefficient. They realized scarce security talent coupled with the rapid increase in software causes traditional security approaches to fail. The team set out to invent a solution that with each new build extracts all security relevant aspects from the codebase, called Security DNA, and uses it to create a custom Microagent to provide runtime protection. Now for the first time, software is able to inform teams how it should be protected around its unique security specific needs.

“There is a large and important opportunity in the industry today to insert highly accurate security in the continuous integration and delivery (CI/CD) lifecycle, without impacting an organization’s pace of innovation,” said Gupta. “By assembling a world-class team that truly understands security, modern software development practices that enable Cloud adoption, and modern program analysis techniques, ShiftLeft is in an unparalleled position to deliver on this opportunity.”

The Latest

November 15, 2018

Serverless infrastructure environments are set to become the dominant paradigm for enterprise technology deployments, according to a new report — Why the Fuss About Serverless? — released by Leading Edge Forum ...

November 14, 2018

What to automate? Which parts of the delivery process are good candidates? Which applications will benefit from automation? At first, those sound like silly questions. Automate all your repetitive processes. If you think that you'll do the same thing manually more than once, automate it. Why would you waste your creative potential and knowledge by doing things that are much better done by scripts? Yet, an average company does not adhere to that logic. Why is that? ...

November 13, 2018

I'd love to see more security automation deeply integrated into the development process. Everybody knows since the 1990s that security as an afterthought just doesn't work, yet we keep doing it. The reason, I think, is because it's very hard to automate security ...

November 09, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 5, the final installment, covers deployment and production ...

November 08, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 4 is all about security ...

November 07, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 3 covers the development environment and the infrastructure ...

November 06, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 2 covers the coding process ...

November 05, 2018

Everyone talks about automating the software development lifecycle (SDLC) but the first question should be: What should you automate? With this question in mind, DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 1 starts with by-far the most popular recommendation: Testing ...

October 31, 2018

Halloween is a time for all things spooky, but not when it comes to your mobile app experience. A poor experience can not only scare off your customers but keep them away for good ...

October 30, 2018

As organizations have embraced open source, they have become polyglot — using multiple programming languages and technology stacks to accomplish software and hardware related tasks. Enterprises are caught between the benefits provided by a polyglot environment and the complexities and challenges these environments bring. Ultimately, if the situation remains unchecked, polyglot will kill your enterprise ...

Share this