We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Today, web application protection provider Source Defense announced that it has raised $27 million as part of a series B funding round led by Springtide Ventures, which will be used to accelerate the organization’s growth through investments in sales, marketing, alliances, and research and development.

The company’s product is designed to extend website security to the client side, to protect enterprise websites from digital skimming, formjacking and magecart attacks, which cost organizations thousands.  

For enterprises, Source Defense’s main utility lies in its ability to protect against automated attacks and client-side threats that target their websites, with data-breach monitoring to help detect website skimming, formjacking and supply chain attacks early.  

Offering client-side web protection 

The announcement comes as organizations are growing ever more concerned about managing the software supply chain. Yet one area that commonly gets overlooked sits within one of the most publicly exposed assets enterprises have: their websites. 


Transform 2022

Join us at the leading event on applied AI for enterprise business and technology decision makers in-person July 19 and virtually from July 20-28.

Register Here

“One of the largest and least quantified business vulnerabilities lies in website use of client-side JavaScript. Client-side code, delivered in real time by third-party (as well as fourth- and nth-party) supply chain partners, helps drive and enhance the website user experience, increase engagement and drive analytic insights. Typical web properties rely on dozens of these supply chain partners,” said Source Defense CMO, Stephen Ward. 

“At the same time, this script represents unmanaged and unprotected shadow code, effectively the soft belly for adversaries on any large website,” Ward continued. 

This fertile and extremely profitable threat and attack surface has already resulted in hundreds of high-profile attacks and led to more than 400 client-side attack incidents (e.g., credential harvesting, formjacking, and Magecart attacks) per month in the past two years, making breach headlines at major brands including Macy’s, Ticketmaster, British Airways, Segway and many others,“ Ward said.

Source Defense’s product is designed to offer web application client-side protection to enterprise websites against the client-side threats that other products overlook. 

Attack-surface management 

Source Defense sits loosely within the attack surface management market, which researchers valued at $13.8 billion in 2021 and anticipate will reach a value of $18.7 billion by 2026. 

It’s competing against a range of other providers including Palo Alto Networks with Cortex Expanse, an attack-surface management platform that generates a continuous inventory of internet connected assets so that users can discover vulnerabilities and mitigate them. Palo Alto Networks recently announced revenue of $4.3 billion in 2021. 

Another competitor is CrowdStrike with Falcon, an endpoint protection solution with threat intelligence, endpoint detect and response, threat hunting, and an IT asset discovery tool. CrowdStrike recently announced it had raised $431 million in revenue

As a provider, Source Defense is differentiating itself from other attack-surface management providers by focusing on the challenge of security client-side threats and website-driven attacks, which are commonly overlooked in enterprise security strategies. 

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.