The movement of software into the cloud has enabled developers to release new features at a staggering pace. But, all this change has created a fundamental security problem: How do you secure software that’s no longer monolithic and instead consists of hundreds of microservices that are updated multiple times daily?
This is a challenge that organizations continue to struggle with – just look at the attacks sustained by Equifax and Yahoo, or pick any of the of hundreds of publicly reported data breaches involving California citizens’ personal information here. Unfortunately, the problem is getting worse. Not only does Verizon’s 2018 Data Breach Investigations Report list web application attacks as the leading source of breaches in 2018, but according to another recent report, the number of web application attacks, particularly vulnerabilities related to injection (such as SQL, command, object, etc.), increased by 23 percent last year (with more than half of those vulnerabilities providing a public exploit available to hackers).
Recognizing this growing issue, investors are betting big on solutions that can help developers better secure code, and offer customized security for every version of every application in the DevOps cycle. In fact, application-specific cloud security startup ShiftLeft today announced that it has raised a $20 million Series B funding round led by Thomvest Ventures.
“The unprecedented growth of software and data within the enterprise over the last decade makes protecting applications and data extremely critical. The team at ShiftLeft is ameliorating a serious pain point for application developers and CISOs by automating code security in a way that’s never been done before,” said Umesh Padval, venture partner at Thomvest Ventures. “The company’s industry-leading solution has set a new standard for how development teams integrate security seamlessly into the CI/CD process and for automated code analysis. The net result is that applications are far more secure during the development to production processes. Who wouldn’t want to invest in that?”
This new ShiftLeft round also includes new investor SineWave Ventures, along with participation from existing investors Bain Capital Ventures and Mayfield, bringing the total company investment to $30 million. As the speed of software development continues to outpace traditional application security approaches, ShiftLeft plans to use its new funding to drive broader adoption of its code-informed runtime protection solution.
“We couldn’t be more pleased with the level of support and interest we’ve received from our investors. This funding will help us expand our product portfolio and language coverage to hasten the widespread adoption of automated and customized application security for every software release,” said Manish Gupta, CEO and co-founder of ShiftLeft. “The fact that there was so much competition to get into this round is indicative of how much pent up demand there is in the market for new approaches to application security.”
Founded in 2016, ShiftLeft has created a great deal of buzz in the market with its unique ability to identify and prioritize code vulnerabilities, root out false-positives and enable developers and application security teams with the level of analytics needed to secure the enterprise. Just recently, the company was named a finalist in RSA’s Innovation Sandbox (the winner will be announced during the conference in early March). Unlike traditional application security approaches that are focused on external threats and rely on manual efforts to triage inaccurate alerts, ShiftLeft is the first to use code analysis to deeply understand application vulnerabilities, and create a virtual security perimeter to detect and protect every application version against malicious or unauthorized activity targeted at those vulnerabilities.
As the company works toward its aggressive growth goals, ShiftLeft has also assembled a new advisory board of prominent security and development experts, including Bob Flores (former CTO of the Central Intelligence Agency), Craig Rosen (CISO of AppDynamics), Yonatan Ryabinski (chief enterprise architect at Vanguard), Shahar Ben Hador (CIO of Exabeam), Aaron McKeown (head of security engineering and architecture at Xero), and Manish Arya (CTO of Tavant).
“Finding creative ways to limit exposure to security risks and threats was a major focus throughout my career,” said Flores. “Today, the speed of software development demands an intelligent platform like ShiftLeft that can truly automate code security with software assurance and persistnt runtime monitoring. I’m thrilled to be an advisor to Manish and his team, and am excited to watch the company’s inventive approach to application security change the way software is developed and managed.”
ShiftLeft has also expanded its executive team with several key hires, including Jim Sortino as the new vice president of worldwide sales. He previously held executive roles at Trend Micro and Dome9 Security (acquired by Checkpoint).
