RapidFort, a startup that helps developers reduce the potential attack surface of their applications by automatically removing unused software components from their containers, announced today that it has raised an $8.5 million seed round. The round was led by Felicis, which also included ForgePoint Capital, Bloomberg Beta, Global Founders Capital, Plug & Play Ventures, GIT1K Club and a group of investors from previous rounds of RapidFort.
In addition to announcing the new funding, RapidFort also launched its free tier today.
The company was co-founded by Mehran Farimani and Rajeev Kumar Thakur. “He worked at Palo Alto Networks about three years ago,” Farimani said of Thakur when I asked him how the company started. “He came to me with a long list of grievances about how this new DevOps thing and vulnerability management and so on affected his product launch.”
While Thakur’s team modernized some of Palo Alto’s firewall service to scale to more hits per day, the security team held them back because of the thousands of potential vulnerabilities in the application — mostly from open source third-party components used.
And that’s where RapidFort comes in. The service reduces the total attack surface by analyzing which components in a container are actually needed to run an application. Development teams normally run them in development, test or production, while RapidFort finds out which components it can remove. The company says improvements are typically between 60 and 90 percent, so security and developer teams can ultimately focus on the vulnerabilities that really matter.
Aydin Senkut, founder and managing partner at Felicis, noted that, in addition to the team’s experience and a fast-growing market, he was particularly attracted to the company because it already had many interesting users, including many government clients.
“We’re excited about security because, despite the technology’s major downturn in the market in general, security appears to be the most resilient sector,” Senkut noted. “We’re getting excited about it because I think software that’s deployed everywhere – in government and private – is only going to get bigger and I think there’s going to be a lot of vectors that security companies need to tackle. So given that software isn’t smaller but a lot growing, we actually thought it was very pragmatic and smart to support RapidFort and we really liked their approach.”
Farimani added that while infrastructure today is not where many organizations focus their security budgets, that is rapidly changing.
He also noted that while we often talk about Software Bills of Materials (SBOMs) these days, the analogy doesn’t quite work because in manufacturing Bills of Materials are carefully crafted. “We don’t work like that in software,” he said. “The bandwidth is cheap, the storage is cheap – and I just want my application to work. But now it’s becoming very clear that there is a price to all that waste we leave behind in these applications. There are ongoing costs to the business, for us to keep it as suppliers, etc. And so I think the problem is getting more visibility.” So instead of just assembling SBOMs from existing applications, he says the focus should be on building and optimizing clean SBOMs.
In its current iteration, RapidFort focuses on working with containers. They can run just about anywhere, including standard Kubernetes clusters or managed services like AWS Fargate. But the company is also working to make its service work for virtual machines, which are usually much larger and consist of many more components. However, the team believes it is a problem it can solve.