Security Operations,
Security Operations Center (SOC)
Series A Funding Aims to Give Security Teams Visibility Into Complex SecOps Stacks
In a noteworthy development in the cybersecurity landscape, startup company Fig Security, led by a former Google security architect, secured a significant $30 million in Series A funding aimed at enhancing observability across the complex security operations infrastructure. This funding round, spearheaded by Ten Eleven Ventures, positions Fig Security to help Security Operations Center (SOC) engineers visualize data flow across various systems, including Security Information and Event Management (SIEM) systems, data pipelines, and automation platforms.
Gal Shafir, co-founder and CEO of Fig Security, emphasized the critical need for SOC teams to have a clearer understanding of the intricate connections within their SecOps stacks. In his remarks, he pointed out that many organizations today lack confidence in the efficacy and resilience of their security operations infrastructure, which has only become more complex with the incorporation of numerous technologies.
Founded in 2025, Fig Security has thus far raised a total of $38 million, following an earlier $8 million seed funding round led by Team8. Shafir’s leadership has been pivotal to the company’s direction; prior to founding Fig, he spent nearly four years as the director of global sales engineering at Siemplify, a company that was acquired by Google in January 2022 for approximately $500 million. He also held the position of head of global security architects for Google SecOps until April 2025.
Challenges in SecOps Compared to DevOps
The modern security ecosystem is characterized by a multitude of vendors, data streams, analytics systems, and automation tools, each contributing to heightened operational complexity. Given that each tool may interact differently with data, security teams often find it challenging to maintain an accurate view of their detection pipelines.
Shafir articulated that Fig Security exists to equip organizations and engineering teams with the visibility and control they need over their fragmented and sometimes precarious security infrastructure. The company’s platform aims to create comprehensive maps of the entire infrastructure to analyze the various components of the SecOps stack. This mapping builds an intricate graph that elucidates how data flows between different systems, allowing for the detection of “silent failures” that could lead to missed security threats.
Shafir stated, “Our goal was never to be integrated into the infrastructure; instead, we aim to provide an overarching view that allows engineers to see their entire setup for the first time.” He reflected on the transformative impact this visibility has on clients, enabling them to identify issues and silent failures that hinder their capacity to detect and respond to cyber threats effectively.
Drawing Parallels with DevOps
In the realm of DevOps, teams benefit from observability platforms, continuous integration and deployment (CI/CD) pipelines, automated testing frameworks, and infrastructure-as-code tools, all of which empower engineers to implement changes with confidence. However, this level of transformation has yet to be replicated in security operations, where SOC teams often rely on manual processes for managing detection rules and changes in data pipelines.
Shafir compared the operational paradigms by stating, “We analyze the working of security infrastructure in the same way DevOps engineers manage their complex environments. We refer to it as ‘DevOps for SecOps’. Our ambition is to be the consolidated platform where SOC engineers can effectively manage their intricate infrastructures, ensuring operational resilience and allowing for confident production deployments.”
Enhancing Detection Rules with Knowledge Graphs
Changes to security infrastructure can pose risks, especially when they impact existing detection rules. For instance, altering a data pipeline may inadvertently remove a crucial data field, potentially leading to the failure of a detection rule. Fig Security proposes to tackle these challenges through its knowledge graph, which is designed to simulate the effects of proposed changes to the entire system prior to deployment, eliminating potential issues before they arise.
Following the establishment of Fig’s knowledge graph, the platform could even assist security teams in crafting detection rules autonomously. By examining their infrastructure, it can generate logic tailored to specific data formats and pipelines, streamlining the implementation of threat detections—an innovation that could significantly reduce the current workload associated with adapting detection rules to fit unique data environments.
As Shafir expressed, “Beyond identifying problems and root causes, Fig provides actionable steps to address these issues.” He underscored the inherent risks and laborious nature of making changes to security systems, pointing out that many organizations invest heavily in preventing attacks. However, achieving true cyber resilience necessitates robust operational resilience as well, a principle Fig Security is actively focusing on in its mission.