Accurics, a company providing what it describes as “self-healing” infrastructure for cloud environments, has raised $20 million. A spokesperson says the funding will be used to bolster Accurics’ 35-person workforce as it pursues customer acquisition opportunities.
Cloud datacenters will process 94% of workloads in 2021, according to a recent survey from Cisco. But be that as it may, over two-thirds of organizations continue to see security as the biggest adoption challenge, LogicMonitor reports. An estimated 24% of organizations have hosts in their public clouds that are missing high-severity patches, and 49% of databases aren’t encrypted by default.
Accurics purports to address this challenge with tools like Terrascan, which employs algorithms to mitigate misconfigurations, policy violations, and more across codebases prior to provisioning cloud infrastructure. Accurics scans “infrastructure as code” platforms including Terraform, Kubernetes YAML, and OpenFaaS YAML to detect and remediate policy violations and potential breach paths. In runtime, the platform can identify changes to deployed cloud applications across Amazon Web Services, Azure, and Google Cloud Platform environments and assess for risk.
According to Accurics, Terrascan provides over 500 out-of-the-box policies so that customers can check against policy standards, leveraging an engine that supports custom policies with a query language. Terrascan can be integrated into pipelines to canvas code repositories in GitHub, Slack, Jira, Bitbucket, and GitLab via a command-line interface. It can also act as a guardrail during the continuous integration and continuous delivery phase to detect violations and block risky builds by identifying potential paths to achieving attacks.
The broader Accurics platform generates code to resolve issues and checks them into repositories as pull requests. Customers need only review requests to accept the changes; Accurics alerts the appropriate developer automatically with notifications. Moreover, Accurics can roll back cloud environments to the last known secure baseline to address risks, generating a topology across infrastructure to model threats by detecting resources, configurations, and dependencies among them.
Accurics CEO Sachin Aggarwal makes the claim that cyber resilience will become increasingly important as more businesses embrace the cloud. The core security issue with cloud-native infrastructure is that it’s programmatically built and provisioned using infrastructure as code, he says, making it difficult to keep pace with the high velocity of change using manual approaches.
“The cloud offers endless potential for innovation, speed, and productivity — but only when security can scale to keep up. So far, that has not been the case,” Aggarwal, who cofounded Accurics in early 2019 along with former executives from Symantec and Palo Alto Networks, told VentureBeat via email. “Our approach is different: We believe that effective cyber resilience in the cloud can only be achieved through self-healing cloud-native infrastructure and codifying security throughout the development lifecycle.”
Evidently, customers are in agreement with Aggarwal’s assessment of risks associated with the cloud. Accurics counts the NBA, LendingClub, Automation Anywhere, and ServiceMax among its client base.
The $20 million in funding came from a $5 million seed round and a series A round closed in the past six months. Both had participation from ClearSky and Intel Capital; previous Accurics investors include WestWave Capital, Firebolt Ventures, and Secure Octane.