Sqreen, a cybersecurity start-up founded by Apple security veterans, has attracted $14 million in a Series A funding round that will support the rollout of its first-of-a-kind platform to protect web applications from attacks.
With the launch of its Application Security Management platform, Sqreen aims to help developers and security teams gain enterprise-grade protection for their apps. The system features a hybrid software as a service architecture that deploys microagents into web applications to identify suspicious activity and fight off threats in real time.
It is easy to set up with no need for software code alterations and can be running in about five minutes. Security modules include Runtime App Self-Protection, in-app Web Application Firewall and Account takeovers.
The investment was led by Silicon Valley venture capital group Greylock Partners, with participation from Y Combinator, Alven Capital and Point Nine. Sarah Guo, a partner at Greylock Partners, will join Sqreen’s board.
Guo says: “Sqreen deploys in minutes without code modification or traffic redirection – embedding a sandboxed microagent into every application service. These fail-safe, performant agents use dynamic instrumentation to collect security-relevant data and communicate safely with a cloud back-end that does the heavy data lifting. Sqreen microagents are capable of virtual patching, fixing vulnerabilities without developer involvement, and deploying other prepackaged advanced protection modules.”
In a blog post, Sqreen CEO Pierre Betouin explains that security within organizations is at the stage in which operations found itself 15 years ago, when operations was a choke point to software development and deployment.
“For small and mid-size teams,” he writes, “security is either not present or is bottlenecked by a one- or two-person team. For large companies, their security teams are flooded by noise and alert fatigue. And there aren’t enough security professionals to improve the situation by just increasing headcount.”
The company was founded in 2015 in France by Betouin and chief technology officer Jean-Baptiste Aviat, who both previously worked in Apple’s offensive security team. Although most of Sqreen’s staff are based in Paris, the company is now headquartered in San Francisco and has gathered more than 500 customers, including BlaBlaCar, the French newspaper Le Monde, Skyscanner and Y Combinator.
Sqreen’s platform protects against the most common types of attack, such as SQL injections, broken authentication and cross-site scripting, and security team members are alerted via the platform’s dashboard of any potential attacks that have been fought off.
Insights offered by the platform include:
- Instant notifications of critical security incidents.
- Real-time visibility on the system dashboard, showing attacks targeting apps.
- Anomalies such as unusual volumes of data going out, slow endpoints or uncommon errors.
- Ability to drill down into user and IP activity to identify malicious attackers or compromised accounts.
“Our website and applications are under constant attack from hackers and bots,” says Sacha Morard, chief technology officer at Le Monde Group. “Sqreen allowed us to secure our apps with staggering efficiency and was incredibly fast to set up.”
“Sqreen is open constantly in my browser,” says Nicolas Valcárcel, a security analyst at another customer, Rainforest QA. “I check it every day and keep up with email alerts. As a one-person security team, the value for me is really peace of mind, I know Sqreen will alert me when anything happens, so I can focus on the other security items on my plate.”
Forrester, the technology research company, predicts that over the next five years the spending on application security will increase at a compound annual rate of 16.4% to reach more than $7 billion by 2023, while Gartner sees the spending to reach $3 billion by the end of 2019 alone.
With $18 million raised to date, the company is planning to double its engineering team in France and expand sales and marketing capacity in San Francisco.
“The future of security is visibility and transparency, delivered in a way that doesn’t slow down dev cycles,” writes Betoin. “The future of security brings security teams and developers together with clean and usable products. The future of security will be realized when there’s a security dashboard on every engineering team’s floor, and we won’t rest until that becomes a reality.”
Date: April 10, 2019
Source: IT Toolbox