Tel Aviv-based startup Miggo Security has raised $7.5 million in seed funding led by YL Ventures and including Cyber Club London. Miggo is introducing a new application detection and response (ADR) technology.
The internal operation of today’s complex applications is considered the biggest blind spot in corporate cybersecurity. Miggo’s new ADR is designed to do for applications what EDR does for endpoints.
“Eighty percent of all breaches today start with an application attack,” Miggo CEO and co-founder Daniel Shechter said in a conversation with SecurityWeek. “They are hard to detect, and are currently missed by other tools. Our goal is to change that.” He cites the MOVEit, SharePoint, Ivanti and GoAnywhere breaches as recent examples.
The problem is today’s applications have become complex and distributed, with multiple chains of trust in which attackers can hide. It’s a blind spot for defenders once the attacker is into the application; they can manipulate flows between services without detection by existing security sensors like EDR, WAF and CNAPP tools.
Once plugged into the app, Miggo automatically generates a map showing its components, their interactions, and the chains of trust. This alone demonstrates which data flows are internet facing, and which touch sensitive data – it identifies the important services and possible attack chains.
More importantly, the ADR also shows how people are using the application. It establishes baseline standards of behavior between different services, data flows and authentication mechanisms, allowing it to identify and prevent subsequent malicious activities – in real time.
This visibility is the detection side of Miggo’s ADR. It already begins the response element by showing the user where controls are needed. The name ‘Miggo’, incidentally, comes from an ancient Aramaic word meaning ‘from the inside’ – the implication being that defending applications must come from inside the application.
“Our ability to understand the internal chains of trust and how the application should be used,” said Shechter, “allows us to recognize with high fidelity if something bad is happening. We can either terminate the session, or use the customer’s other tools to prevent continuing execution.”
ADVERTISEMENT. SCROLL TO CONTINUE READING.
Put simply, from within the Application, Miggo can Detect and then Respond to bad behavior.
The firm hopes that ultimately the response to bad behavior within an application will happen as automatically as its detection. This functionality is already built into the product, but Shechter accepts that customers will initially want to operate a manual alert and response. Shechter hopes and expects that as trust in the product grows, more customers will switch to fully automatic ADR.
The combination of detecting live threats to applications and responding to those threats from within the applications are considered the key innovations being introduced by Miggo. According to CISO Mike Melo, “Miggo is finally providing transparency for our most significant attack vector with the exact tools each stakeholder requires to protect and defend mission-critical assets. ADR,” he claims, “is the unified solution we need to not only give us application-layer visibility and control but also dramatically lower our mean time to detect and respond to application attacks.”
The seed funding will be used to further expand Miggo’s R&D team and grow its reach into the US market.