PureSec raises $7M in Series A funding to secure serverless applications; launches a free tier plan.

Serverless computing is revolutionizing the IT landscape and turning the traditional computing architecture on its head. Gone are the days when organizations have to spend millions of dollars on computing infrastructure, later to replace it every 5 years. Serverless computing changes all that. It levels the playing field and saves organizations on upfront infrastructure cost or capital expenditure (CAPEX).  Traditionally, as organization get towards enterprise sized servers they can become increasingly expensive. Not only do they cost between thousands to a couple million dollars a piece, they also need the data center or computing space to house them, and a staff of engineers for ongoing maintenance. Since average life cycle of a server is about 5 years, this means that not only do organizations have to replace the machine every 5 years, but they also constrained by the capacity and limitations of the machine.

Serverless applications significantly depend on third-party services (knows as Backend as a Service or “BaaS”) or on custom code that’s run in ephemeral containers (Function as a Service or “FaaS”). They let you run your code without provisioning or managing servers. You pay only for the compute time you consume – there is no charge when your code. One survey showed it’s growing by 700% a quarter. Companies are rushing to take advantage of the cheap, fast and easy ability to deploy functions directly to the cloud, especially to AWS Lambda, the market leader.

With all these benefits, serverless applications are not without their challenges. Because the concept is so new and so easy to use, many companies are struggling with securing serverless applications. Traditional security tools don’t work, forcing a paradigm shift and a different way of thinking about application security. That is the problem a new startup is on a mission to solve. PureSec is a Tel Aviv, Israel based security startup. PureSec developed the first ever Serverless Security Platform which came out of beta a couple of months ago.

Today, they just announced $7 million Series A funding, following a $3 million seed round, to secure serverless applications. In addition, PurSec is also launching a free tier of their solution. The latest round was led by Square Peg Capital (portfolio companies include Uber, Stripe and Fiverr), with participation from previous investors including TLV Partners (investor in Next Insurance and container security company Aqua) and Entrée Capital (Meerkat, Monday and Prospa). This brings total money raised to a total of $10 million. Following the current round, PureSec said, Square Peg Capital’s Dan Krasnostein will join as a member of the PureSec board.

Founded in 2016 by Avi Shulman, Ory Segal, and Shaked Zin, PureSec enables its customers to build and maintain secure and reliable serverless applications in a trusted and safe computing environment. PureSec supports all serverless vendors, including AWS Lambda, Google Cloud Functions, Azure Functions and IBM Cloud Functions, allowing organizations to detect, prevent and respond to suspicious activity and attacks. PurSec’s end-to-end serverless security solution is the industry’s first and most comprehensive security protection for serverless architectures. The company currently has 12 employees. Their main office is in Tel Aviv. Customers include numerous Fortune 1000 companies, alongside emerging startups in the US, Canada, the United Kingdom, Australia and Israel.

“PureSec is pioneering the serverless security industry and is poised to become the gold standard for securing serverless applications,” said Dan Krasnostein. “With many organizations adopting cloud-native serverless platforms, application security and visibility rank among the most critical hurdles for mass adoption. The PureSec team has accomplished impressive goals in 2018 – it positioned itself as the clear leader in serverless security, raising awareness and educating the industry about the security risks and challenges that organizations must consider when adopting serverless, it launched the world’s first Serverless Security Platform, acquired new customers, and forged strong partnerships with the leading serverless providers. Square Peg Capital looks forward to helping PureSec scale up its business and attain the next phase of growth.”.

In addition, PureSec today announced the release of a free-tier plan enabling organizations starting their adoption of serverless architectures to freely implement security early on.  “We’re on a mission to protect each and every serverless application out there,” said Shaked Zin, PureSec Co-founder and CEO. “Transitioning to serverless can reduce the future attack surface of your organization to a bare minimum. With the cloud provider’s experts making sure your infrastructure is secure, and with the right Serverless Security Platform to protect the application layer, your serverless application could be the most secure application you’ve ever built”.

PureSec now offers an early sign-up for its free-tier plan. Early joiners will also receive an exclusive advisory session from the serverless security professionals of the PureSec team, tailored to their specific serverless environment. The free-tier plan helps bridge the gap between developers and security professionals by providing a mutual language and a clear standard for securing serverless applications.

Serverless computing is a cloud-computing execution model in which the cloud provider effectively acts as the server. running code directly and dynamically managing the allocation of machine resources. Organizations no longer have to worry about the infrastructure required to run their applications. Due to its superiority over traditional architectures in every aspect, serverless is considered to be the future of cloud computing. The adoption of serverless platforms like AWS Lambda, Microsoft Azure Functions and Google Cloud Functions is growing exponentially, at an estimated annual rate of 700%.

Organizations adopting serverless are still responsible for ensuring that application code doesn’t introduce application-layer vulnerabilities. However, all traditional security protections are unsuitable for serverless. Since organizations that use serverless architectures do not have access to the underlying infrastructure, they cannot deploy traditional security layers such as endpoint protection, host-based intrusion prevention, Web Application Firewalls, or RASP (runtime application self-protection) solutions.

PureSec solves these problems through its holistic approach to serverless security. The PureSec platform integrates into existing CI/CD process, providing static analysis of serverless code and cloud configurations, detecting misconfigurations and vulnerabilities while providing best-practices based mitigation. Deployed applications benefit from the PureSec patent-pending runtime protection, empowering serverless functions to protect themselves, while providing unparalleled visibility to the application behavior.