In 2006, I was brought into Apple to build their first offensive security team. We provided constant security feedback to hundreds of developers. Despite working with one of the finest engineering organizations in the world, my team and I discovered hundreds of attacks, from iPhone jailbreaks to attacks against Apple digital rights management (DRM) FairPlay to protocols & web services exploitations. With a team in the single digits, we were outnumbered 1000:1 by our developers. Vulnerabilities kept coming and we couldn’t scale to keep up.
The fact of the matter is, application security is broken. Security and developers are too far apart. Security culture has been a black box for decades, hidden behind briefcases and
Technologically, app sec solutions are simply outdated. They were invented in the 90’s and haven’t changed much since, despite everything else moving at such a rapid pace. Topology, complexity, encryption, and more has evolved, and legacy security solutions like WAFs and security scanners, as fundamental technological concepts, can’t keep up. They can’t scale and they are nearly impossible to properly maintain. There needs to be a change, an evolution in application security.
Security within companies today is where operations was 15 years ago. Ops used to be the bottleneck to software development and deployment. However, with the introduction of agile methodologies, the tactical responsibilities of ops began to shift to the appdev teams. Tools to support this change were developed, and this evolution spawned the SDLC we know today. Nowadays, ops and dev teams are much closer together, and the bottleneck has disappeared. We have agility, scalability, and a new way of working. Without this change, we’d have much slower cycles, and CI/CD wouldn’t be close to possible.
Security has yet to make the leap that ops has within organizations. For small and mid-size teams, security is either not present, or is bottlenecked by a one or two person team. For large companies, their security teams are flooded by noise and alert fatigue. And there aren’t enough security professionals to improve the situation by just increasing headcount.
In order to get out of its rut, security needs to go the way of operations. The silos between security teams and developer teams need to be broken down, the responsibility for security needs to be infused across the organization, and we need new tools to support this. That’s why we’re building Sqreen.
To move security along that journey, we at Sqreen are launching the first Application Security Management (ASM) solution, which leverages microagents embedded in web applications to identify and automatically protect against threats in real time. It’s a single platform for security and developer teams to scale their security without impacting velocity.
In the past several years, we’ve blocked tens of thousands of critical attacks, and our RASP module has become the most widely deployed RASP solution in the world. However, this is just the beginning. To further support our drive to democratize security, we’re proud to announce that we’ve raised a $14 million Series A round, led by Greylock Partners, which brings our total funding to $18 million. Sarah Guo will be joining our board, adding her amazing experience in security & infrastructure solutions to our team.
A key ethos we learned at Apple was to refuse the status quo and to always look to the future. With this funding round and the launch of our ASM solution, we’re doing exactly that. The future of security is visibility and transparency, delivered in a way that doesn’t slow down dev cycles. The future of security brings security teams and developers together with clean and usable products. The future of security will be realized when there’s a security dashboard on every engineering team’s floor, and we won’t rest until that becomes a reality.
We’re so thankful to our 500+ customers who have helped us get to this point. Huge thanks as well to the Sqreen team. There’s a lot more to do in building our ASM solution, and I can’t imagine a better team to do it all with.
If democratizing security and bringing transparency to a historically opaque industry resonates with you, give Sqreen a try or reach out to us directly. We’d be happy to connect with you! And if you’re interested in working with us, check out our jobs board. On to the next leap!