Sqreen, a cybersecurity startup that helps developers monitor and protect their web apps from vulnerabilities and attacks, has raised $14 million in a series A round of funding led by Greylock Partners, with participation from Y Combinator, Alven Capital, and Point Nine.
Founded in 2015, Sqreen offers an Application Security Management (ASM) platform with a technology known as Runtime Application Self-Protection Security (RASP), which it uses to embed “microagents” into applications to identify and fight threats. It gives companies such as ZipRecruiter, Le Monde, and BlaBlaCar real-time insights into suspicious activities and proactively blocks attempts to infiltrate their software.
This protection includes all the most common attacks, including SQL injections, broken authentication, and cross-site scripting (XSS), with the Sqreen dashboard notifying security personnel of any attack it has automatically thwarted.
Sqreen’s core pitch centers around ease of deployment, with no manual code modifications required in the target application. It also doesn’t redirect inbound traffic, and companies do not need to install other software on their systems.
Sqreen also allows developers to create their own custom rules to protect against specific types of exploits, such as business logic attacks. In this case, a company stipulates that the same login credentials cannot be used on machines at separate IP addresses within a two-hour period — if such an attempt is made, the second IP address is blocked for a set period of time and a notification is sent to security personnel. It’s kind of like IFTTT for cybersecurity.
Security personnel can view a timeline of suspicious activity and garner data to identify attackers before things get out of hand.
The story so far
Sqreen was cofounded out of France by CEO Pierre Betouin and CTO Jean-Baptiste Aviat, who previously served as security engineers at Apple. The company is now headquartered in San Francisco, though three-quarters of its 40-person workforce remain in Paris.
Prior to now, Sqreen had raised around $3 million, and with another $18 million in the bank it plans to double its engineering team in the French capital and expand its go-to-market department in San Francisco, with a focus on sales and marketing.
“Security is a must-have for SaaS and internet companies and organizations of any size that ship software for their business,” Betouin said. “Security needs to enable developers and the rest of the company. It can’t be a silo that blocks or slows down releases anymore. We bring true collaboration between the developers and security teams.”
With high-profile hacks, data breaches, and security glitches hitting the headlines on a near-weekly basis, cybersecurity startups have continued to attract significant sums of cash across all verticals. Globally, Gartner predicts that cybersecurity spending will hit $124 billion in 2019, with application security representing around $3 billion of that. Apps are the internet entry point for billions of people globally, both in the enterprise and consumer spheres, which is why companies are spending big — they don’t want to be the next name dragged through the data-breach ditches.
Other app security companies to have raised big lately include Los Altos-based Contrast Security, which raised $65 million earlier this year, and Santa Clara’s ShiftLeft, which closed a $20 million round.
Sqreen actually considers legacy Web Application Firewall (WAF) providers like Cloudflare WAF, F5, AWS WAF, and Imperva to be its main competitors — though perhaps their technology hasn’t evolved as quickly as it could have.
“The state of the art for application security is outdated and complex, with approaches that don’t work in production, slow down app development, and are expensive to use and maintain,” added Greylock partner Sarah Guo. “Just as application performance has become key to every digital business, and APM is embedded in every app that matters, application security will too.”