enterprisesecuritymag

Source Defense Raises Series B Funding To Enable Organizations To Transact And Gain User Information Securely

Enterprise Security Magazine | Saturday, May 07, 2022

Source Defense Raises $27 Million in Growth Capital to Accelerate Cyber Risk Prevention Against Web Clients

Fremont, CA: “Client-side web supply chain attacks are the most prevalent and stealthiest in the market. Online brands cannot control such attacks, as the malicious code does not go through their servers and is constantly changing. This results in severe risk of fraud, information theft, compliance violations, defacement, and more,” states Yoav Tzruya, General Partner of JVP. “Source Defense is the only company that offers a true prevention-first approach to solving the problem. With more than 100 leading brands protected, Source Defense allows organizations to secure transactions and user information, while achieving compliance, and allowing marketing and developers the ability to continue and be agile and competitive, dramatically reducing this cybersecurity risk.” Source Defense, a pioneer in client-side protection for web applications, has raised $27 million in Series B funding. Springtide Ventures leads the round, which also includes current investors Jerusalem Venture Partners (JVP), AllegisCyber Capital, Global Brain, Connecticut Innovations, Inc., NightDragon, LLC, and Capital One Ventures. Along with the investment, Karel Tusek, CTO of Springtide Ventures, will join the Board of Directors of Source Defense. The additional capital will be used to accelerate the company's growth plans, which include investments in Sales, Marketing, Alliances, and Research and Development. To help with its expansion, the company hired Stephen Ward, a cybersecurity startup veteran, as CMO in late 2021.

The startup tackles a significant worry about third-party supply chain risk, which has had a serious unfavorable effect on thousands of businesses in recent years. One of the most significant and least quantified business vulnerabilities is the use of client-side JavaScript on websites. Client-side code sent in real-time by third-party (as well as fourth- and nth-party) supply chain partners assists in driving and improving the website user experience, increasing engagement, and generating analytic insights. Numerous supply chain partners are reliant on typical online properties. Simultaneously, this script symbolizes unmanaged and unprotected shadow code, which is literally the soft belly of any major website for enemies. This fertile and extremely profitable threat and attack surface has already resulted in hundreds of high-profile attacks and over 400 client-side attack incidents (e.g., credential harvesting, formjacking, and Magecart attacks) per month over the last two years, resulting in breach headlines at major brands such as Macy's, Ticketmaster, British Airways, and Segway. It has prompted Gartner, a market research group, to create a new category of web application client-side protection that it anticipates would require widespread implementation over the next two years.

"Organizations spend a lot of time and effort to make sure their websites are well designed, coded, and performing before going live, yet so many of them know so little about what actually happens on their website once it leaves the server-side and reaches the visitor's browser (client-side), even though it is one of their most important assets both financially and brand-wise," comments Dan Dinnar, CEO of Source Defense. Source Defense not only identified this as a major and growing issue very early on but partnered with some of the world's largest and most trusted brands to put a real-time halt to any attempts at digital skimming, formjacking, clickjacking, ad injection, PII theft, and content defacement. We've done this in a way that none thought possible " with an easy to test solution, rapid deployment, and with virtually no additional security management burden. The urgency for addressing these attacks only grows, " as evidenced by recent Gartner predictions that web application client-side protection will be a ubiquitously deployed part of security tech in the next few years."