Enterprise

The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!


Mondoo, an under-the-radar infrastructure security platform aimed at developer operations (DevOps) teams, has raised $12 million in a series A round of funding led by European VC Atomico, and revealed a previously undisclosed $3 million seed round of funding which closed back in April.

The San Francisco and Berlin-based company, which launched its platform out of stealth just three weeks ago, constitutes part of a growing trend in the cybersecurity sphere, which has seen security teams increasingly share responsibilities for safeguarding company infrastructure with developers.

“Our goal is to bring DevOps and Security teams closer together and help them secure their environments,” Mondoo CEO and cofounder Soo Choi-Andrews told VentureBeat.

Mondoo was founded in 2020 by former Googlers Choi-Andrews and Dominik Richter, along with Christoph Hartmann, who had worked alongside his fellow cofounders several years previously at DevOps software company Chef Software.

Bottom up

The “bottom up” cybersecurity approach is perhaps best exemplified by Snyk, which targets its open source security scanning smarts at developers rather than security teams — this helps catch issues in real time as the developer codes, rather than later in the process after they’re pushing into the live codebase. For context, Snyk raised $375 million in fresh capital just last month, and is now valued at $8.6 billion.

Mondoo, for its part, is a cloud-native security platform that gives infrastructure developers automated risk assessment and insights into all their business critical infrastructure, including public and private cloud environments like AWS, Azure, Google Cloud, and VMWare; Kubernetes clusters such as Amazon EKS and Google Kubernetes Engine; servers and endpoints running Windows, Linux, and MacOS; and software supply chain services like GitHub, Jenkins, and GitLab.

This helps to highlight a major selling point for Mondoo. Although it touts itself as a “cloud-native” security and vulnerability risk management platform, it is in fact suited to businesses that run a hybrid infrastructure, giving DevOps engineers the tools to automate security assessments and discover hidden risks everywhere.

A company running on an AWS environment, for example, can connect Mondoo to test their cloud security posture and the workloads that run on it, and instantly find vulnerabilities across all their operating systems and virtual machines while pushing higher priority issues to the top of the list to investigate. Mondoo can also identify compliance and policy violations, while users can extract key data about their infrastructure and write custom policies.

Above: Mondoo: Asset vulnerabilities

In terms of the competitive landscape, well, Mondoo encroaches on a space that counts well-established names such as Rapid7, Qualys, and Tenable’s Nessus, though it also jibes with newer upstarts such as Orca, Wiz, and Laceworkeach of which have raised sizable sums of cash this year.

Where Mondoo said that it’s carving its niche, however, is that it’s not only aiming its platform at developers, but it’s targeting a broad gamut of use-cases instead of focusing on a single element such as cloud security posture management.

“Mondoo focuses on the DevOps audience and helps them to identify and act on issues in their fleet and raise the security baseline across all technologies,” Choi-Andrews said. “Unlike competitors, we support vulnerability, compliance, security, and best practices across on-prem, servers, cloud, VMs, containers, Kubernetes, SaaS services, and APIs.”

For now, Mondoo is offered under a software-as-a-service (SaaS) subscription which includes a basic free plan with limited cloud accounts and assets, though the company noted that it intends to offer a self-hosted option in the near future.

Aside from Atomico, Mondoo has ushered in a slew of other institutional and angel investors across its recent seed and series A rounds, including Firstminute Capital, System.One, MongoDB chairman Tom Killalea, Intuit CTO Marianna Tessel, Google product VP Bradley Horowitz, and Puppet cofounder Andrew Clay Shafer.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member