Signal Sciences Debuts Web Protection Platform


Security startup Signal Sciences was founded in 2014 and publicly launched its first platform in 2015. The core promise behind the company from its inception was to take lessons learned by the company founders in the field and build a security platform that defends against real-world threats.

Signal Sciences is now moving forward with a $15 million Series B round of funding led by CRV. Total funding to date for Signal Sciences now stands at $26.5 million, which includes a $2 million seed and a $9.7 million Series A round.

"Our background is not as vendors trying to enter a new space and see what's hot, our background is as practitioners that have been in the trenches," Zane Lackey, co-founder and Chief Security Officer at Signal Sciences, told eSecurityPlanet.

In Lackey's own case he worked at at Etsy from May 2011 to March 2015 in different security-related capacities. Lackey said that Signal Sciences' platform is built to be able to cover any application architecture or cloud provider.

Signal Sciences also offers the promise of broad threat protection and isn't positioned as a point provider. Lackey said that enterprise CISOs are worried about the full spectrum of threat that their applications face. Attacks can range from common threats like SQL injection, DDoS and account takeovers, to more esoteric risks like business logic attacks.

The new Web Protection Platform (WPP) is an evolution Signal Sciences offering to enable the full spectrum of cyber-security web application protection. Lackey emphasized that WPP is much more than a Web Application Firewall (WAF). WAF technologies are used to defend application against attacks at the network level.

"We have the ability to plug into the DevOps tool chain enable DevOps teams," Lackey said.

As such WPP can plug into Slack for communication, Jira for bug tracking, PagerDuty for alerting and Datadog for infrastructure monitoring. On the actual web platform side, WPP can plug into the Apache, NGINX or IIS web servers as well directly into applications directly.

For integration as part of a web server, Lackey said that all that is needed is a one-line configuration change to get up and running. Metadata is then transmitted to the Signal Sciences cloud backend for analysis on any potential threats.

"We provide really hard guarantees on performance and reliability so you're not introducing latency or a new single point of failure," Lackey said.

Lackey said that WPP also has a high-degree of visibility into applications, reducing any potential for false positive. According to Lackey, over 90 percent of Signal Sciences customers deploy the platform in full blocking mode against attacks.

"There is no learning mode our customers have to put WPP in first before it is usable," Lackey said.

Sean Michael Kerner is a senior editor at eSecurityPlanet and Follow him on Twitter @TechJournalist.