Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

2/12/2019
10:10 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

ShiftLeft Raises $20 Million Series B Funding to Accelerate Adoption of Automated Application Security

Thomvest leads round with participation from Sinewave, Bain Capital Ventures and Mayfield; new advisory board includes prominent members of security and development community

SANTA CLARA, Calif., Feb 12, 2019 – ShiftLeft™ Inc., an innovator in application-specific cloud security, today announced it has raised $20 million in Series B funding. This latest round, led by Thomvest Ventures and joined by new investor SineWave Ventures as well as existing investors Bain Capital Ventures and Mayfield, comes less than 18 months after the company announced its first round of $9.3 million, bringing the total raised to nearly $30 million. The company is also announcing the addition of Jim Sortino, who previously held executive roles at Trend Micro and Dome9 Security (acquired by Checkpoint), as vice president of worldwide sales.

The company is using these funds to drive broader adoption of its code-informed runtime protection by expanding the breadth of its product portfolio, application coverage and global sales and marketing initiatives.

Software is rapidly becoming the driver of innovation. From internal enterprise applications to connected systems and devices in markets such as automotive, HVAC and electronics, many industries now compete on the advantages and benefits their software delivers. Every facet of modern life has been impacted by software and the data collected has expanded massively. Traditional application security approaches simply cannot scale.

“We are excited to lead ShiftLeft’s Series B financing. The company has an impressive team, led by CEO, Manish Gupta. ShiftLeft provides intelligent automation of code security, which addresses a major pain point for the CISOs of modern enterprises: to protect applications and data,” said Umesh Padval, venture partner at Thomvest Ventures. “ShiftLeft’s unique architecture provides a prioritized list of vulnerabilities with the least number of false positives and detailed vulnerability information, which helps developers remediate rapidly. A high-performance runtime solution that can protect applications in production empowers security teams to embrace automation as the solution which integrates seamlessly into the CI/CD [continuous integration/continuous delivery] workflow of an organization.”

From containers and microservices to cloud and open source, a vast array of forces are rapidly changing and accelerating application development and deployment. This investment underscores both the importance of ensuring security despite this complex landscape, and ShiftLeft’s unique ability to empower application security teams to protect the enterprise. Unlike traditional application security approaches, which are focused on external threats and rely on manual efforts to triage inaccurate alerts, ShiftLeft is the first to use code analysis to deeply understand application vulnerabilities, and create a virtual security perimeter to detect and protect every application version against malicious or unauthorized activity targeted at those vulnerabilities.  

"Security has always been paramount, but traditional code analysis tools didn’t integrate into our CI/CD pipeline, created too many false positives and were just too slow,” said Harjot Gill, general manager of Nutanix Epoch. “The accuracy and speed of ShiftLeft enables Nutanix Epoch to automatically secure every release without slowing down new feature development.”

According to Patricia Muoio, partner at SineWave and former chief of the NSA’s Trusted System Group, “We were particularly impressed by ShiftLeft’s combination of software assurance with runtime monitoring. This unique ability to not only automate code security, but also deliver the analytics that helps DevOps organizations understand, confirm and prioritize vulnerability patching enables enterprises to get ahead of threats and truly changes the game in cyber security.”

As part of its growth initiative, ShiftLeft has also created an advisory board of prominent security and development thought leaders, including:

  • Bob Flores, former CTO of the Central Intelligence Agency
  • Craig Rosen, CISO of AppDynamics
  • Shahar Ben Hador, CIO of Exabeam
  • Aaron McKeown, head of security engineering and architecture at Xero
  • Manish Arya, founder and CTO of Tavant
  • Yonatan Ryabinski, chief enterprise architect at Vanguard

 

ShiftLeft Quotes

 

“Our founding vision is that application security needs to be a seamless part of the development process, not an afterthought,” said Manish Gupta, CEO and co-founder of ShiftLeft. “The problem has long been inaccurate tools and a heavily manual process, leaving security and development teams frustrated and applications vulnerable. ShiftLeft completely upends this paradigm, delivering automated and customized protection for every software release, and the analytics dev teams need to improve on the overall security posture.”

 

“I’ve seen organizations struggle through a reactive, threat-focused security posture, resulting in overworked security teams and frequent breaches,”said Enrique Salem, partner at Bain Capital Ventures and former CEO of Symantec. “Yet ShiftLeft gets at the root problem – vulnerable software – by automating the process of accurately and rapidly analyzing and plugging vulnerabilities in the applications themselves. It’s exciting to be an investor in a company that is meaningfully helping security teams by reducing the overall attack surface and providing direct root-cause insight for developers.”

 

“Every modern company has become a software company, making application security vital,” said Ursheet Parikh, partner at Mayfield. “So it’s no surprise security is daily news: as the volume and pace of new applications has skyrocketed, the number of vulnerabilities has exploded. The ability to customize security for each version of every application is what drew us to ShiftLeft, and why we think the company promises to have a remarkable impact on the overall market.”

 

About ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle. It combines next-generation static code analysis (to quickly and accurately identify vulnerabilities) with application instrumentation (to protect the application) in an automated workflow. This combination of runtime-informed code analysis and code- informed runtime protection delivers the most accurate, automated, and comprehensive application security solution. To learn how ShiftLeft keeps application security in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.

 

 

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.