Oligo Cloud Application Detection & Response (CADR)
Runtime application security detecting exploits through eBPF-based library-level behavioral analysis.
Vendor Information
Oligo Cloud Application Detection & Response (CADR) Overview
Oligo Security is a runtime application security company founded in January 2022 by three childhood friends and former Israeli Defense Forces elite cyber unit officers, CEO Nadav Czerninski, CTO Gal Elbaz, and CPO Avshalom Hilu, serving graduates from Unit 8200, Unit 81, and Matzov (Center of Encryption and Information Security) with headquarters in Tel Aviv and offices in New York and Palo Alto. The company emerged from stealth in February 2023 with $28 million in initial funding and has raised $78-86 million total including a $50 million Series B in January 2025 led by Greenfield Partners with participation from Lightspeed Venture Partners, Ballistic Ventures, and TLV Partners, serving Fortune 500 customers across financial services, healthcare, and technology sectors.
The Oligo Cloud Application Detection and Response (CADR) platform uses patent-pending eBPF technology to monitor live application behavior at the library level, profiling the legitimate behavior of each library to create a knowledge base and detecting deviations in real-time to identify zero-day exploits, malicious packages, and shadow vulnerabilities without relying on traditional signature-based detection methods. The platform provides unprecedented visibility across the entire software supply chain including third-party commercial software and open-source components, automatically correlating events and behaviors to surgically block attacks at the first exploit attempt while maintaining application performance and stability, reducing the threat exposure window from days to minutes and enabling security teams to focus on truly exploitable vulnerabilities rather than theoretical risks.
Oligo has been recognized on the Fortune Cyber 60 list for two consecutive years (2025, 2026), named a 2025 SINET16 Innovator Award winner selected by over 100 CISOs and risk executives, honored as SC Media Best Supply Chain Security Solution 2024, and recognized as both a Cloud Security Innovator and CADR leader in Latio's 2025 Cloud Security Market Report. The company has also released the Application Attack Matrix as an open-source framework on GitHub to categorize tactics, techniques, and procedures for application-layer attacks, complementing MITRE ATT&CK with application-specific threat intelligence, and was named after the oligodendrocyte from computational neuroscience representing the critical protection layer that wraps each neuron.
Key Capabilities
Standardized capabilities mapped to this product's security niche
Triggers automated response actions (session revocation, account suspension, OAuth grant removal), in SaaS platforms in response to confirmed detections via platform APIs.
Detects misuse of OAuth access tokens granted to connected applications, including tokens being used outside expected scope, geographic anomalies, and post-compromise app persistence.
Monitors user, admin, and OAuth app activity within SaaS platforms (M365, Google Workspace, Salesforce, GitHub), for anomalies and policy violations using API-based log ingestion.
Runs entirely within the customer's infrastructure with no data egress to the vendor's cloud. Addresses data residency and sovereignty requirements that a regional SaaS endpoint cannot satisfy.
Instruments workload behavior at the kernel level via eBPF without a traditional user-space agent. Provides syscall-level visibility into process execution, network connections, and file access in running containers and VMs.
Populates exercise technique selection from current threat intelligence about adversaries relevant to the organization, focusing exercise scope on realistic threats rather than theoretical coverage.
Scans container base images and dependencies for packages with known malicious behavior or compromise (typosquatting, backdoored releases) beyond CVE matching on legitimate code.
Monitors running pod and container behavior against policy, detecting unexpected process execution, network connections, and privilege escalation at runtime rather than at image scan time.
Delivers scan results inside developer IDEs and pipeline stages so developers receive findings before code merges, reducing the cost and cycle time of remediation.
Operate in monitor-only mode (log and alert), or active blocking mode (terminate request upon detection). Most deployments begin in monitor mode to establish a false positive baseline before enabling blocking.
List of languages and runtime environments the RASP agent can instrument: Java, .NET, Python, Node.js, PHP, Ruby, Go. Breadth of language coverage determines applicability to the application portfolio.
Per-request CPU and latency overhead introduced by the RASP agent. High overhead prevents adoption in latency-sensitive applications, benchmark data is a primary evaluation criterion.
Exports RASP telemetry (attack events, blocked requests, suspicious invocations), in OpenTelemetry format for ingestion by SIEM and APM platforms.
Detects injection and XML external entity attacks at the application layer by inspecting queries and XML parsing operations at runtime, catching attacks that bypass WAF rules.
Detects exploitation of unknown vulnerabilities by analyzing runtime behavior rather than matching known attack signatures, protecting against vulnerabilities before CVE publication.
Integrations
Compatible tools and platforms
Solution Details
Deployment Options
Where and how this solution can be deployed
Support Channels
Available support and communication options
Pricing Model
How this solution is priced
How to buy
This profile hasn’t been claimed yet. Contact the vendor directly for pricing and purchasing options.
Is this your company?
Claim Your Profile