Source Defense, a pioneer in web application client-side protection, announces today that it has secured $27 million in Series B funding. The round is led by Springtide Ventures. Also participating are Jerusalem Venture Partners (JVP), AllegisCyber Capital, Global Brain, Connecticut Innovations Inc., NightDragon LLC, and Capital One Ventures.
In addition to the investment, Karel Tusek, CTO of Springtide Ventures, will join the Source Defense Board of Directors.
The new funds will be applied toward the company’s accelerated growth plans, including investments in sales, marketing, alliances, and research and development. To support this growth, the company appointed cybersecurity startup veteran, Stephen Ward, as CMO late in 2021.
The company addresses a major concern related to third-party supply chain risk that has led to material adverse impacts on thousands of companies over the past few years. One of the largest and least quantified business vulnerabilities lies in website use of client-side JavaScript. Client-side code, delivered in real-time by third-party (as well as fourth- and nth-party) supply chain partners, helps drive and enhance the website user experience, increase engagement, and drive analytic insights.
Typical web properties rely on dozens of these supply chain partners. At the same time, this script represents unmanaged and unprotected shadow code, effectively the soft belly for adversaries on any large website.
This fertile and extremely profitable threat and attack surface has resulted in hundreds of high-profile attacks and led to more than 400 client-side attack incidents (e.g., credential harvesting, formjacking, and Magecart attacks) per month in the past two years, making breach headlines at major brands including Macy’s, Ticketmaster, British Airways, Segway, and many others.
It has precipitated industry research firm Gartner to define a new category in web application client-side protection that it expects to require mass-market adoption in the next two years.
For any website that facilitates transactions, deals with private or sensitive data, or provides valuable services or information, Source Defense’s platform provides security and compliance, and in many cases, site performance gains, to maximize business opportunity while minimizing risk. The platform offers an automated prevention-first approach, offering complete access control and a permission-based approach to first-party code, as well as JavaScript-based third-party tools.
Source Defense protects leading organizations across multiple verticals, including financial services, healthcare, hospitality, and retail, offering cybersecurity prevention capability, compliance (e.g., PCI, HIPAA, GDPR), as well as better flexibility for marketing teams and developers.