Springtide Ventures joins existing investors, including JVP and AllegisCyber, as the leader in web application client-side protection increases client deployments by 240% year-over-year, and solidifies dominance in third-party risk mitigation with nearly 24 billion compliance policy violations thwarted in that same timeframe

ROSH HA’AYIN, Israel and NEW HAVEN, Conn., April 26, 2022 – Source Defense, a pioneer in web application client-side protection, today announced that it has secured $27 million in Series B funding. The round is led by new investor Springtide Ventures with all existing investors also participating, including Jerusalem Venture Partners (JVP), AllegisCyber Capital, Global Brain, Connecticut Innovations, Inc., NightDragon, LLC, and Capital One Ventures. In addition to the investment, Karel Tusek, CTO of Springtide Ventures, will join the Source Defense Board of Directors. The new funds will be applied toward the company’s accelerated growth plans, including investments in Sales, Marketing, Alliances, and Research and Development. To support this growth, the company appointed cybersecurity startup veteran, Stephen Ward, as CMO late in 2021. 

The company addresses a major concern related to third-party supply chain risk which has led to material adverse impact on thousands of companies over the past few years. One of the largest and least quantified business vulnerabilities lies in website use of client-side JavaScript. Client-side code, delivered in real-time by third-party (as well as fourth- and nth-party) supply chain partners, helps drive and enhance the website user experience, increase engagement, and drive analytic insights. Typical web properties rely on dozens of these supply chain partners. At the same time, this script represents unmanaged and unprotected shadow code, effectively the soft belly for adversaries on any large website. This fertile and extremely profitable threat and attack surface has already resulted in hundreds of high-profile attacks and led to more than 400 client-side attack incidents (e.g., credential harvesting, formjacking, and Magecart attacks) per month in the past two years, making breach headlines at major brands including Macy’s, Ticketmaster, British Airways, Segway, and many others. It has precipitated industry research firm Gartner to define a new category in web application client-side protection that it expects to require mass market adoption in the next two years. 

“Organizations spend a lot of time and effort to make sure their websites are well designed, coded, and performing before going live, yet so many of them know so little about what actually happens on their website once it leaves the server-side and reaches the visitor’s browser (client-side), even though it is one of their most important assets both financially and brand-wise,” said Dan Dinnar, CEO of Source Defense. “Source Defense not only identified this as a major and growing issue very early on but partnered with some of the world’s largest and most trusted brands to put a real-time halt to any attempts at digital skimming, formjacking, clickjacking, ad injection, PII theft, and content defacement. We’ve done this in a way that none thought possible – with an easy to test solution, rapid deployment, and with virtually no additional security management burden. The urgency for addressing these attacks only grows – as evidenced by recent Gartner predictions that web application client-side protection will be a ubiquitously deployed part of security tech in the next few years.”

Source Defense recognized this emerging issue, established a dominant market position, and continues to grow rapidly as the category leader. The company has posted more than 250% growth in the past two years and will increase staff by 70% by the end of 2022. The company currently protects nearly a billion monthly site visits and defends transactions for some of the world’s largest businesses, preventing approximately 6 billion quarterly violations of security and compliance policies from occurring in the process.

“While many vulnerabilities that are exploited are deep within an organizational infrastructure, a company’s website is like hitting an exposed nerve – or in this case a massive bundle of exposed nerves,” said Tusek. “For an investor, you don’t just want to invest in innovations that make security better, you want to find innovations that have a positive, material impact on business. Source Defense has solved a massive problem, and not only can protect businesses from millions in losses and fines but cut off a major revenue stream for criminals.” 

“Client-side web supply chain attacks are the most prevalent and stealthiest in the market. Online brands cannot control such attacks, as the malicious code does not go through their servers and is constantly changing. This results in severe risk of fraud, information theft, compliance violations, defacement, and more,” said Yoav Tzruya, General Partner of JVP. “Source Defense is the only company that offers a true prevention-first approach to solving the problem. With more than 100 leading brands protected, Source Defense allows organizations to secure transactions and user information, while achieving compliance, and allowing marketing and developers the ability to continue and be agile and competitive, dramatically reducing this cybersecurity risk.”

For any website that facilitates transactions, deals with private or sensitive data, or provides valuable services or information, Source Defense’s first-of-its-kind platform provides security and compliance, and in many cases, site performance gains, to maximize business opportunity while minimizing risk. The platform offers a fully automated prevention-first approach, offering complete access control and a permission-based approach to first-party code, as well as JavaScript-based third-party tools. Source Defense protects leading organizations across multiple verticals, including financial services, healthcare, hospitality, and retail, offering cybersecurity prevention capability, compliance (e.g., PCI, HIPAA, GDPR), as well as better flexibility for marketing teams and developers.

About Source Defense

Source Defense is a security and compliance platform for any website that collects sensitive data or is transaction-oriented. It addresses a ubiquitous gap in the management of third-party digital supply chain risk with a zero-trust model that extends security beyond the network to the client-side. As the market leader in web application client-side protection, Source Defense provides real-time threat detection, protection, and prevention of vulnerabilities originating in JavaScript. The patented Source Defense Platform offers the most comprehensive and complete solution to address threats and risks originating from the increased use of JavaScript, third-party vendors, and open-source code in websites today.

The Source Defense solution is deployed by leading Fortune 500 enterprises in the Financial Services, Retail, e-commerce, and Healthcare markets. Headquartered in Israel with branches across the U.S. and a strong community of global valuable partnerships, Source Defense is the most innovative, reliable, and trusted partner in the fight against client-side attacks. For more information, please visit www.sourcedefense.com.

About Springtide Ventures

Springtide Ventures, a member of the KKCG Group, which is owned by Mr. Karel Komárek – one of the most prominent Czech entrepreneurs – focuses on supporting startups with global ambitions, especially B2B/SaaS companies in the areas of Cloud Infrastructure, Cybersecurity, ML/AI, and Blockchain. Since 2016, Springtide has been increasingly active in Israel, having completed over ten investments. Springtide benefits from exclusive access to KKCG’s capital, know-how, and worldwide business network. Due to its multi-stage approach, Springtide is ready to support successful projects by taking part in successive investment rounds, from Seed through Series A and B up to Series C, well beyond the initial investment range.

All product and company names herein may be trademarks of their respective owners.

PCI DSS 4.0 makes client-side security a priority.

Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.