application security

Auto Added by WPeMatico

TrueFort snares $30M Series B to expand zero trust application security solution

As companies try to navigate an ever-changing security landscape, it can be challenging to protect everything. Security startup TrueFort has built a zero trust solution focusing on protecting enterprise applications. Today, the company announced a $30 million Series B.

Shasta Ventures led today’s round with participation from new firms Canaan and Ericsson Ventures along with existing investors Evolution Equity Partners, Lytical Ventures and Emerald Development Managers. Under the terms of the agreement Nitin Chopra, managing director at Shasta Ventures, will be joining the company board. Today’s investment brings the total raised to almost $48 million.

CEO and co-founder Sameer Malhotra says that TrueFort protects customers by analyzing at each application and figuring out what normal behavior looks like. Once it understands that, it will flag anything that falls outside of the norm. The company achieves this by gathering data from partners like CrowdStrike and from multiple points within the application and infrastructure.

“Once we get this telemetry, whether it’s networks, endpoints, servers or third-party partners, we then help the customer build a picture of what those applications are doing and what’s normal behavior. We then help them baseline that, and monitor that in real time with response and real-time controls to continue those applications through their normal life cycle,” he said.

Zero trust is a concept where as a matter of policy you assume that you cannot trust any individual or device until the entity proves it belongs on your systems. Malhotra says that customers are becoming more comfortable with the concept and in 2020 the company saw massive 650% YoY revenue growth, with it up 120% YoY this year so far.

“We are seeing the demand, especially as zero trust is becoming a more familiar vernacular amongst the security community […]. Again, it’s having the visibility and understanding, and then being able to then reduce it to the limited number of acceptable relationships or executions,” he said. And he believes that it all comes down to understanding your applications and how they operate.

TrueFort co-founders Nazario Parsacala and Sameer Malhotra

TrueFort co-founders Nazario Parsacala and Sameer Malhotra. Image Credits: TrueFort

The company currently has 60 employees, with hopes of reaching 85 or 90 by the end of the year. Malhotra says that as they build the employee base, they are driving to make it diverse at every level.

“We look at diversity across our whole management team, all the way from the board down to our different levels. We are quite aggressive in hiring diverse candidates, whether they’re women or LGBTQ or people of color. And we have focused programs where we work with different universities […] to bring on new employees from a diverse talent pool. We also work with different recruiters from that perspective, and our focus is always to look at a different palette and to make sure that we’re as diverse an organization as we can,” he said.

The company was founded in 2015 by Malhotra and his partner Nazario Parsacala, both of whom spent more than 20 years working at big financial services companies — Goldman Sachs and JP Morgan. They worked for a couple of years building the program, launching the first beta in 2017 before bringing the first generally available product to market the following year.

Currently customers can install the solution on prem or in the cloud of their choice, but the company has a SaaS solution in the works as well, that will be ready in the next couple of months.

Powered by WPeMatico

StackHawk, the Denver-based bug-detecting service, hires developer of open-source project Zed Attack Proxy

StackHawk, the Denver-based software startup offering service to detect and fix security bugs, is doubling down on its support for the popular open-source OWASP Zed Attack Proxy web app security scanner by bringing on board its founder, Simon Bennetts.

At StackHawk, Bennetts will continue to focus on the development of the open-source project, which the company said is among the world’s most frequently used security scanning tools.

StackHawk already uses the open-source project for its underlying scanning technology and has built a business by layering on security test automation, integrations with development tools and functionality for new development paradigms. 

“Since founding ZAP, the vision has always been to deliver application security to developers,” Bennetts said, in a statement. “While the project has been widely adopted by security teams and pen testers, I’m excited to work with a team dedicated to delivering our original vision of AppSec for devs and that also believes in growing the open source community.” 

StackHawk founders Joni Klippert, Scott Gerlach and Ryan Severns and Bennetts found common cause in their belief that bug-editing tools are too often built for external enterprise security teams instead of the developers who are closest to the apps they’re building.

“Simon’s work on the ZAP project has both changed the security and open-source worlds for the better. It became clear that we were highly aligned in our mission to bring application security into the hands of developers,” said Klippert, the chief executive and founder of StackHawk, in a statement. “Simon joining the StackHawk team provides an exciting opportunity to invest more in the ZAP open source project, while also building capabilities that make it easy for enterprise development teams to streamline AppSec into their CI/CD pipelines.” 

In the eleven years since Bennetts first began working on ZAP, the OWASP Foundation-incorporated security scanner has become popular among the developer community for its dynamic application security testing.

After the hire, StackHawk said that nothing much will change. Bennetts will continue to work on the open-source project while the company will continue to build functionality around the scanner.

The Denver-based company has raised nearly $5 million in financing from investors including Flybridge, Costanoa Ventures, Matchstick Ventures and Foundry Group .

Powered by WPeMatico

Signal Sciences secures $35 million investment to protect web apps

Signal Sciences, an LA-based firm that helps customers secure their web applications, announced a $35 million Series C investment today.

Lead Edge Capital led the round (which seems appropriate, given its name). CRV, Index Ventures, Harrison Metal and OATV also participated. Today’s investment brings the total raised to around $62 million, according to the company.

The company helps protect web applications like online banking, shopping carts, email or any application you access online. It acts as a protection layer or firewall around the application, Andrew Peterson, CEO and company co-founder told TechCrunch.

“We protect people’s websites or mobile sites. We have software that actually fits in line between the internet and traffic coming into those web applications and all of the data that are behind it,” Petersen explained. It sounds simple enough, but given the onslaught of breaches we have seen across the internet, it’s obviously a difficult problem to solve.

Signal Sciences looks at behavior and tries to determine if it’s malicious. “We combine attack information with behavior about what that attacker is doing.” He says this gives customers a real understanding of the behavior of the attacker and what they’re trying to do against their site, instead of trying to randomly trying to determine if each suspicious activity is an attack or not.

Petersen won’t identify a specific number of customers. He feels it’s a misleading metric because some of his large enterprise customers have multiple business units running almost as independent entities and it doesn’t necessarily reflect the size of the business. He will say that Signal Sciences is protecting more than 10,000 applications involving 1 trillion requests every month from companies like Adobe, Under Armour and WeWork.

The company is up to 150 employees, a number Petersen says has been doubling every year. That trend is expected to continue with this new influx of money. The company wants to get the word out to more customers and help people understand there is a way to attack this problem.

“We started this company to build an innovative technology. We want to continue to drive the bar up for what customers should be expecting from their web protection in the future,” Petersen said.

Powered by WPeMatico