StackRox Secures $25 Million in Series B Funding for Container Security

StackRox, which offers continuous detection for applications running on container technologies, has secured $25 million in Series B funding. The round, which brings StackRox’s total funding to $39 million, is being led by Redpoint Ventures and includes follow-on investments from Sequoia Capital and Amplify Partners.

Highlighting the Importance of Container Security

Ali Golshan, CTO and Co-Founder of StackRox

The investment highlights the importance of container security as a major issue confronting cyber security professionals today. Tomasz Tunguz, general partner at Redpoint Ventures, explained, “Along with enabling this new developer landscape, we recognized the criticality of securing it. At a time when most companies are building commodity scanning technology, StackRox has focused its sophisticated team on solving the problem of continuous detection in containerized environments. The innovation of its Rox Engine in identifying adversarial intent and stopping attacks early in their life cycle will enable companies to reap the benefits of containerized development while protecting the business.”

“Containers and microservices, the cloud, and DevOps, continuous integration and agile methodologies, have radically altered the world of development and IT operations, but they’ve also prompted a profound change in the way we should all view security practices,” said Ali Golshan, CTO and Co-Founder of StackRox. “Unlike in earlier times, we no longer have a single ‘choke point’ or a single endpoint to control access to applications, infrastructure and data assets. Applications are spread out amongst containers and services that go in and out of—and far beyond—anything approaching what we might call a perimeter.”

Continuous Detection for Applications Running on Container Technologies

StackRox addresses this new risk environment by offering continuous detection for applications running on container technologies like Docker and Kubernetes. StackRox software secures containerized applications from deployment to runtime. It enables security teams to apply and manage policies, leveraging the power and flexibility of the Rox Engine to automatically detect and correlate threat behavior. StackRox monitors events over time and applies its Adversarial Intent Model to “connect the dots,” alert IT organizations of potential threats across the attack life cycle and take action to stop and contain attacks.

Built with DevOps and cloud computing environments in mind, the StackRox security architecture combines distributed collection and centralized event correlation as well as analysis with machine learning to identify and stop malicious activity. It includes:

• StackRox Prevent – to minimize the attack surface, centralize governance, and rank-order risks for container environments
• StackRox Detect and Respond – to monitor activities in runtime, pinpoint attack tactics, and disrupt and stop attacks

Adversarial Intent Model (AIM)

Proceeds from the investment will be used to accelerate the company’s product development and release schedule and to support expanded go-to-market programs, including the hiring of new sales and marketing executives to facilitate the company’s next stage of growth.

Headed into the industry’s largest trade show, the RSA Conference, next week, StackRox is also announcing the general availability of its Prevent product. Prevent enables security teams to apply centralized governance over their organizations’ container deployments, inventorying and stack-ranking the risk of those environments. The company will also announce an updated version of its flagship Detect and Respond solution, with faster performance, increased scalability, and improved detection capabilities.

Sameer Bhalotra, StackRox CEO and former Senior Director for Cybersecurity at the White House, and Ali Golshan, StackRox CTO and former co-founder and CTO of Cyphort, formed StackRox together. They created the company to secure high-velocity, distributed container environments that cannot be protected with traditional enterprise security solutions.

StackRox collaborates with a number of research and governmental organizations to more deeply understand the attack surface containerized environments present. StackRox counts Google as one of its key partners, and customers already using the StackRox platform include City National Bank, the U.S. Department of Homeland Security, government agencies, and Global 2000 companies in the finance, media and technology sectors.