Hackers attack personal computers every 39 seconds. That’s according to a Clark School study at the University of Maryland, which found that malicious campaigns against networks and accounts affect one in three Americans annually. Corporations have it nearly as bad: 64 percent faced web-based breaches recently. And the damage adds up. Juniper Research reports that cybercrime will cost businesses a total of over $2 trillion in 2019.
Contrast Security hopes to reverse this trend. The cybersecurity startup today announced that it has raised $65 million in an oversubscribed series D financing round led by Warburg Pincus, with participation from Battery Ventures, General Catalyst, M12 (Microsoft’s venture fund), AXA Venture Partners, and Acero Capital. That’s more than double the venture capital it raised in its series C ($30 million) two years ago and quadruple its September 2016 series B ($16 million). The new round brings Contrast’s total raised to $122 million.
The cash infusion will fuel international expansion and “significant growth” in the customer support team, said CEO Alan Naumann, who founded Los Altos-based Contrast in 2014 with Arshan Dabirsiaghi. The business saw annual recurring revenue, net upsell, and the number of $1 million or greater transactions climb 500 percent, over 135 percent, and more than 120 percent year-over-year, respectively, in the fiscal year 2018.
“[M]any companies still are trying to rely on 15-year-old legacy security tools for their modern software stacks. This approach leaves them with restricted software development capabilities or living with substantial enterprise risk of a data breach,” Naumann explained. “With strong support from enterprise customers, key industry analysts validating our visionary approach, and extraordinary backing from top-tier investors, we anticipate becoming the essential foundation for modern software security with accurate and continuous software protection.”
Contrast Security employs what it calls “binary instrumentation” — agents embedded within app servers, runtime and user libraries, controllers, and data layers across web browsers, mobile clients, containers, frameworks, and more — that proactively and continuously detect and mitigate vulnerabilities. This approach, Contrast claims, obviates the need for regular scans, network configuration changes, and audits, all while enabling protection in cloud environments like Azure and Amazon Web Services and of apps built with Java, .NET, Node.js, Ruby, and Python.
Contrast’s platform consists of two eponymous product pillars: Contrast Assess and Contrast Protect. The former — which natively integrates with a range of ticketing systems and CI/CD tools — monitors code and reports from inside apps and third-party libraries. Contrast Protect, meanwhile, performs attack detection (logged in detail) and responds with a seven-step approach that includes virtual patching.
Contrast says that last year alone it helped uncover over 1,900,000 vulnerabilities and protect against over 52,000,000 confirmed attacks across “billions” of transactions.
“Alan and the team at Contrast Security have built a formidable platform with a next-generation approach to application security,” Warburg Pincus’ Brian Chang said. “Our market research shows that companies around the globe are investing in digital transformation and software development initiatives. High-speed DevOps software and rapid cloud adoption create an enormous security risk if legacy tools are used. These mega-trends create a uniquely large opportunity for Contrast Security.”
Contrast counts Nielsen, Liberty Mutual Insurance, and Beeline among its customers and says it brought on 520 new companies in recent months. In addition to its enterprise-tier products, Contrast offers a free solution — Community Edition — designed to help small teams building Java apps protect against common security exploits.