The growth in popularity of mobile apps hasn’t kept pace with app security improvements — quite the opposite. It’s estimated that roughly 63% of so-called grayware apps leak phones’ mobile numbers and that 62% of the top VPN apps request dangerous or unusual permissions. Researchers at Symantec found in a recent study that the number of new mobile malware variants increased by 54% in 2017 over 2016’s numbers. Perhaps worse still, Gartner forecasts that only 10% of DevOps initiative will have achieved the level of automation required to be considered fully secure by 2019, up only 5% from 2017.
Forever fighting the tide of malicious apps is an exhausting task, but companies like security– and privacy-testing solutions provider NowSecure are raising capital to develop load-lightening tools. To this end, NowSecure today revealed that it has raised $15 million in series B funding led by ForgePoint Capital, bringing its total raised to over $27 million following a $12.5 million series B in December 2014. CEO Alan Snyder said that the funding will accelerate NowSecure’s product development and help to scale its business operations.
“Every business is becoming mobile first; yet millions of people are using apps on a daily basis that have major security and privacy issues. NowSecure is addressing this fundamental, global-scale problem that puts businesses and consumers at direct risk,” said Snyder. “We’re thrilled to be working with ForgePoint Capital to grow our business and empower mobile app developers to deliver secure mobile apps faster. ForgePoint has the right mix of veteran leadership, industry relationships, and successful track record across their security portfolio to support NowSecure.”
NowSecure offers a range of solutions built on open source platforms (principally Frida, Radare, and Capstone) that run on-premises or in the cloud, plus expert professional penetration testing and managed services. The company’s automated mobile app security testing suite — which stands alone or integrates with existing dev pipelines, and which can execute up to “hundreds” of tests in minutes — performs static, dynamic, and behavioral analyses, and auto-generates reporting and remediation guidelines. As for NowSecure’s penetration testing, it’s able to suss out vulnerabilities in data at rest, data in motion, web services, and backends by conducting tests on real iOS and Android devices with platform-compatible binaries.
NowSecure offers a robust API that enables devs to kick off security tests automatically post-build and populate results into ticket-tracking systems. Moreover, they can map test findings to a vulnerability scoring system that takes into account common regulatory compliance mandates, including OWASP, NIAP, FFIEC, PCI DSS, HIPAA, GDPR, CWE, and more. And through NowSecure’s cloud dashboards, teams gain access to a database of safe and unsafe public Android and iOS apps.
NowSecure is doing something right, it seems. The company’s customers include recognizable brands like Capital One, Carfax, Citi, Concur, Emerson, The Home Depot, Humana, Kaiser Permanente, Kellogg’s, Motorola Mobility, Shell, and Synchrony.
“From digital transformation projects to pure mobile businesses driving multi-billion dollar global economies, the stakes have never been higher for mobile security and privacy,” said ForgePoint Capital cofounder and managing director J. Alberto Yépez, who has joined NowSecure’s board of directors. “NowSecure has the right mix of talented team, unmatched technology, and proven track record serving world-class customers. We are excited to invest in NowSecure to help them grow the business, serving a global enterprise market expected to grow to nearly $1 billion by 2023.”
NowSecure’s current investors include Baird Capital, JumpCapital, and Math Venture Partners. In addition to its Bellevue, Washington headquarters, the company has offices in Chicago and Vienna, Virginia.