Rosh-Ha’ayin, Israel, April 26, 2022 – Source Defense, a pioneer in web application client-side protection today announced that it has secured $27 million in round B funding. The round is led by new investor Springtide Ventures with all existing investors also participating, including Jerusalem Venture Partners (JVP), Allegis Cyber Innovation, Global Brain, Connecticut Innovations, Inc., NightDragon, LLC, and Capital One Ventures. In addition to the investment, Karel Tusek, CTO of Springtide will join the Source Defense Board of Directors. The new funds will be applied toward the company's accelerated growth plans, including investments in Sales, Marketing, Alliances, and Research and Development. To support this growth, the company appointed cybersecurity startup veteran, Stephen Ward, as CMO late in 2021.
The company addresses a major concern related to 3rd party supply chain risk which has led to material adverse impact on thousands of companies over the past few years. One of the largest and least quantified business vulnerabilities lies in website use of client-side JavaScript.
Client-side code, delivered in real-time by 3rd party (as well as 4th and nth party) supply chain partners, help drive and enhance the website user experience, increase engagement, and drive analytic insights. Typical web properties rely on dozens of these supply chain partners. At the same time, this Script represents unmanaged and unprotected shadow code, effectively the soft-belly for adversaries on any large web site. This fertile and extremely profitable threat and attack surface has already resulted in hundreds of high-profile attacks and led to more than 400 client-side attack incidents (e.g., credential harvesting, formjacking and Magecart attacks) per month in the past two years, making breach headlines at major brands including Macy’s, Ticketmaster, British Airways, Segway and many others. It has precipitated industry research firm Gartner to define a new category in web application client-side protection that it expects to require mass market adoption in the next two years.
“Organizations spend a lot of time and effort to make sure their websites are well designed, coded and performing before going live, yet so many of them know so little about what actually happens on their website once it leaves the server-side and reaches the visitor’s browser (client-side), even though it is one of their most important assets both financially and brand wise” said Dan Dinnar, Source Defense CEO. “Source Defense not only identified this as a major and growing issue very early on but partnered with some of the world’s largest and most trusted brands to put a real-time halt to any attempts at digital skimming, formjacking, clickjacking, ad injection, PII theft, and content defacement. We’ve done this in a way that none thought possible – with an easy to test solution, rapid deployment and with virtually no additional security management burden. The urgency for addressing these attacks only grows - as evidenced by recent Gartner predictions that web application client-side protection will be a ubiquitously deployed part of security tech in the next few years.”
Source Defense recognized this emerging issue, established a dominant market position, and continues to rise rapidly as the category leader. The company has posted in excess of 250% percent growth in the past two years and will increase staff by 70% by the end of 2022. The company currently protects nearly a billion monthly site visits, and defends transactions for some of the world’s largest businesses, preventing approximately 6 billion quarterly violations of security and compliance policies from occurring in the process.
“While many vulnerabilities that are exploited are deep within an organizational infrastructure, a company’s website is like hitting an exposed nerve – or in this case a massive bundle of exposed nerves,” said Karel Tušek of Springtide Ventures. “For an investor, you don’t just want to invest in innovations that make security better, you want to find innovations that have a positive, material impact on business. Source Defense has solved a massive problem, and not only can protect businesses from millions in losses and fines but cut off a major revenue stream for criminals.”
“Client-side web supply chain attacks are the most prevalent and stealthiest in the market. Online brands cannot control such attacks, as the malicious code does not go through their servers and is constantly changing. This results in severe risk of fraud, information theft, compliance violations, defacement and more,” said Yoav Tzruya, General Partner of JVP. “Source Defense is the only company that offers a true prevention-first approach to solving the problem. With more than 100 leading brands protected, Source Defense allows organizations to secure transactions and user information, while achieving compliance, and allowing marketing and developers the ability to continue and be agile and competitive, reducing dramatically this cyber security risk.”
For any website that facilitates transactions, deals with private or sensitive data, provides valuable services or information, Source Defense’s first-of-its-kind platform provides security and compliance, and in many cases, site performance gains, to maximize business opportunity while minimizing risk. The platform offers a fully automated prevention-first approach, offering complete access control and a permission-based approach to 1st party code, as well as JavaScript-based 3rd party tools. Source Defense protects leading organizations across multiple verticals, including financial services, healthcare, hospitality, and retail, offering cyber security prevention capability, compliance (e.g., PCI, HIPAA, GDPR), as well as better flexibility for marketing teams and developers.