ShiftLeft secures $20 million for code analysis software that accurately identify and automatically patches vulnerabilities
ShiftLeft, a cybersecurity startup that helps businesses increase the speed at which security issues can be identified and automatically triaged, has raised $20 million in Series B funding to drive broader adoption of its code-informed runtime protection by expanding the breadth of its product portfolio, application coverage and global sales and marketing initiatives. This round was led by Thomvest Ventures, with participation by new investor SineWave Ventures as well as existing investors Bain Capital Ventures and Mayfield. The announcement comes less than 18 months after the company announced its first round of $9.3 million, bringing the total raised to nearly $30 million. In conjunction with the funding, the company also announced the addition of Jim Sortino, who previously held executive roles at Trend Micro and Dome9 Security (acquired by Checkpoint), as vice president of worldwide sales.
Founded in 2016 by Chetan Conikee, Manish Gupta, and Vlad A Ionescu, ShiftLeft delivers a new model for protecting cloud or data center hosted software by understanding the Security DNA of each new version of any application or micro-service and limiting its attack surface at runtime. The company keeps a real-time eye on early stage software development threats
Software is rapidly becoming the driver of innovation. From internal enterprise applications to connected systems and devices in markets such as automotive, HVAC and electronics, many industries now compete on the advantages and benefits their software delivers. Every facet of modern life has been impacted by software and the data collected has expanded massively. Traditional application security approaches simply cannot scale.
“We are excited to lead ShiftLeft’s Series B financing. The company has an impressive team, led by CEO, Manish Gupta. ShiftLeft provides intelligent automation of code security, which addresses a major pain point for the CISOs of modern enterprises: to protect applications and data,” said Umesh Padval, venture partner at Thomvest Ventures. “ShiftLeft’s unique architecture provides a prioritized list of vulnerabilities with the least number of false positives and detailed vulnerability information, which helps developers remediate rapidly. A high-performance runtime solution that can protect applications in production empowers security teams to embrace automation as the solution which integrates seamlessly into the CI/CD [continuous integration/continuous delivery] workflow of an organization.”
From containers and microservices to cloud and open source, a vast array of forces are rapidly changing and accelerating application development and deployment. This investment underscores both the importance of ensuring security despite this complex landscape, and ShiftLeft’s unique ability to empower application security teams to protect the enterprise. Unlike traditional application security approaches, which are focused on external threats and rely on manual efforts to triage inaccurate alerts, ShiftLeft is the first to use code analysis to deeply understand application vulnerabilities, and create a virtual security perimeter to detect and protect every application version against malicious or unauthorized activity targeted at those vulnerabilities.
“Security has always been paramount, but traditional code analysis tools didn’t integrate into our CI/CD pipeline, created too many false positives and were just too slow,” said Harjot Gill, general manager of Nutanix Epoch. “The accuracy and speed of ShiftLeft enables Nutanix Epoch to automatically secure every release without slowing down new feature development.”
According to Patricia Muoio, partner at SineWave and former chief of the NSA’s Trusted System Group, “We were particularly impressed by ShiftLeft’s combination of software assurance with runtime monitoring. This unique ability to not only automate code security, but also deliver the analytics that helps DevOps organizations understand, confirm and prioritize vulnerability patching enables enterprises to get ahead of threats and truly changes the game in cyber security.”