Modernizing Authentication — What It Takes to Transform Secure Access
Contrast Security announced on Oct. 19 that it had raised $30 million in a Series C round of financing led by Battery Ventures, with additional backing from venture capital (VC) firms Acero Capital and General Catalyst. To date, the company has raised $54 million.
Los Altos, Calif.-based Contrast Security specializes in technology that enables enterprises to develop and deploy "self-protecting" software. Rather than wait for attackers to seek out and exploit flaws in software, much of which is moving into a cloud-delivered direction, the company's products, Contrast Assess and Contrast Protect, imbues security directly into the software development process, according to Jeff Williams, CTO and co-founder at Contrast Security.
"Contrast doesn’t treat the symptoms like a scanner, sandbox, or firewall. Instead, Contrast infuses both security testing and protection directly into the application, like an immune system for applications that inoculates against vulnerabilities and attacks," explained Williams. "Simply add Contrast to your application environment, and it starts working immediately without any code or process changes, and without needing security experts."
To maximize the effectiveness of the platform, Contrast takes a two-pronged approach.
"Contrast Assess focuses on vulnerabilities, and instantly alerts development teams so they can fix code without disrupting software development. Contrast Protect identifies and blocks attacks, rendering them ineffective," said Williams. "Together, Contrast Assess and Protect provide organizations with a comprehensive self-protecting software solution that works in data center, cloud, and container [environments], throughout an application's development and deployment."
The company's approach combines DevOps and security without affecting performance, Williams added. In terms of threats and attacks, Contrast's technology protects against the Open Web Application Security Project (OWASP) top 10 vulnerabilities and much more.
"Contrast invented a way to combine multiple different analysis techniques in a single component that measures vulnerabilities and attacks directly from the running application. This provides an almost unfair information advantage that allows Contrast to protect against a broader range of security problems than other tools and to do it more accurately," Williams added.
A truncated list of the security risks blocked by Contrast includes Command Injection, Cross-Site Scripting (XSS), Hard-coded Password, Insecure Encryption Algorithms, Java Reflection Injection, NoSQL Injection, SQL Injection, Weak Random Number Generation among many more. "Contrast also includes a powerful rule language that allow definition of both positive (behavior pattern is required) and negative (behavior pattern is disallowed) security rules," Williams concluded.