Prevoty, a Los Angeles cyber security startup, announced on Dec. 6 that it had secured a $13 million investment from Trident Capital Cybersecurity in a Series B round of funding.
Prevoty's autonomous application protection system enables applications to essentially defend themselves against cyber attacks rather than solely relying on network security and web application firewalls (WAFs) to keep attackers at bay. The company's solution can block threats like cross-site scripting (XSS), cross-site request forgery (CSRF), SQL injection and more.
In fact, its runtime security and application monitoring technology not only delivers real-time visibility into the security posture of an application to DevOps and SecOps teams, but it can also be used to enhance the effectiveness of a WAF, enabling it to anticipate attacks.
This approach has attracted the attention of some big-name clients.
"Prevoty is widely deployed at some of the largest enterprises in the world protecting millions of online transactions for its customers every day. Among its customers are companies like Aaron's and FreddieMac," said Sharon Vardi, CMO of Prevoty.
The fresh infusion of cash will enable the company to grow their customer base. "The new funds will go toward addressing the rapidly growing demand for the company's solutions, further innovations of the company's products and ensuring that our customers are successful," added Mr. Vardi.
Application security is a growing concern among enterprises running complex web applications, many of them of the consumer-facing variety.
Last year, a Ponemon Institute conducted on behalf of IBM found that 35 percent of organizations lack major security testing methods to detect vulnerability. Sixty-seven percent have zero visibility into the state of their application security overall. Sixty-nine percent can't even account for all the applications and databases that are processing vital data in their enterprises.
And not all applications are created equal.
A WhiteHat Security study found that the health care, retail and education industries fared poorly in terms of web application security, with apps that are always vulnerable 57 percent of the time. Somewhat ironically, IT-related apps fared even worse, remaining always vulnerable 60 percent of the time.
And the bad news doesn't stop there. Mirroring the technology skills gap affecting the IT industry at large, application security skills are scarce at many organizations.
A recent ESG and ISSA survey discovered that nearly a third (31 percent) of security professionals said they are facing an application security skills shortage.