Back to stories

Our Investment in oak9

By Venky GanesanJune 2, 2021

Infrastructure-as-Code Security Platform Ensures Cloud-Native Products Are Built Securely from the Get-Go

In today’s world, we don’t need more security products, we need more secure products. The only way to do that is to build products securely from the ground up. That’s where our newest portfolio company oak9 comes in.

Before oak9, businesses had to make a call: They could wait for security to sign off, or keep moving and accept the risk. But oak9 offers a better option, supporting the accelerated delivery of cloud-native applications without compromising on security. Its platform seamlessly integrates into the software development lifecycle (SDLC), analyzes infrastructure as code, and builds in security based on a holistic and comprehensive view of its architecture and components in their broader context. Continuous, dynamic monitoring maintains security—not just within individual components, but across evolving ecosystems.

Built into CI/CD workflows, the oak9 platform brings intelligent automation and seamless security to infrastructure as code. The platform’s pre-built security-as-code blueprints support any architecture on any cloud provider, and with automated design changes and continuous dynamic monitoring, the platform ensures security keeps up with evolving requirements and potential drift. Organizations gain a comprehensive view of security across the entire application architecture, not just individual configurations. Put simply, oak9 offers an incredibly elegant solution to an exceedingly thorny problem.

oak9 is a nice fit for our current areas of focus. The company sits at the intersection of two interconnected mega-trends—cloud domination and the heightened need for cybersecurity—areas in which we’ve invested heavily. And it ticks many of the boxes that we look for in our cybersecurity investments:

  • Cloud-native – The oak9 platform analyzes infrastructure as code and builds security into cloud-native applications so they are secure and compliant by design
  • Key DevOps features that marry security functionality ­– oak9 integrates across the SDLC and brings DevSecOps to infrastructure and the infrastructure-as-code ecosystem
  • Focus on applications and data – Security teams can design their guardrails and desired security architecture within the oak9 platform and assess their existing applications against it

Menlo was first introduced to the oak9 founders by Stephen Boyer, the founder and CTO of BitSight, another Menlo portfolio company. The three founders, Raj Datta (CEO), CTO Aakash Shah, and CPO Om Vyas, have known each other for 20 years, and all three live within blocks of each other in Chicago. We were instantly impressed by the chemistry of the team, which offers a powerful combination of operational experience and technical expertise. A personal introduction from someone we know and respect always carries a lot of weight, so we were even more delighted to learn that Raj had worked closely with Brendan Hannigan, the CEO of Sonrai Security—another Menlo portfolio company—during his time at IBM. With every common touchpoint the oak9 team had to our portfolio companies, we felt an increasing sense that our partnership was meant to be.

oak9 Founding Team

That gut feeling was cemented when our newest partner, Tim Tully, got excited. Tim joined Menlo last month from Splunk, where he was CTO and oversaw the company’s shift from on-prem software to a cloud-first organization. The space in which oak9 is building is a space he knows well. His enthusiasm for the oak9 approach was validating, but he didn’t want to just stand on the sidelines and watch them grow. So, I’m excited to announce that Tim will be joining the oak9 board alongside me. I’m excited about what he will bring to the partnership. His background as a developer, operator, and architect is a great match for oak9, and together, we are excited to help oak9 grow and succeed. 

We are excited to welcome oak9 as the newest addition to our cybersecurity portfolio, alongside Abnormal Security, Appdome, BitSight, Dedrone, Signifyd, Sonrai Security, StackRox (acquired by Red Hat) and Strata Identity. Cybersecurity is an important area of focus for our firm, and we will continue to show that by investing our money to help great teams build impressive and lasting companies. If you are building one of those companies, we’d love to hear from you.