Cyber startup Traceable is entering a strategic partnership with a collection of Silicon Valley venture capitalists, the latest sign that application security continues front of mind for both businesses and security investors.
Traceable, which sells an end-to-end security monitoring platform for cloud-native apps, came out of stealth last year with $20 million in Series A funding. Their platform operates as both a web application firewall and run time application self-protection, using machine learning to monitor their customers’ APIs and applications, identify baseline user and application behaviors and over time, learn how to best to detect and block malicious activity.
The new partnership with Silicon Valley CISO Investments will include an additional $250,000, but perhaps more importantly, support and guidance from the more than 55 practicing chief information security officers that make up SVCI. That collection of talent will advise on operations, product road maps, pricing and marketing initiatives as the startup looks to further scale its business.
“As cloud-native architecture adoption soars, protecting modern distributed apps from increasingly sophisticated security attacks has become an immediate challenge,” said Traceable CEO and co-founder Jyoti Bansal. “The SVCI CISO’s expertise and deep understanding of customer pain points is invaluable as we work to ensure all businesses have the tools at their disposal to properly protect their applications.”
Traceable and other companies are moving to meet an increased demand for application security tools as industries grapple with a myriad of long-term and short-term trends that are pushing more systems and applications into the cloud. The global app security market is expected to grow to $13.2 billion by 2025, with North American and Asian businesses expected to lead the charge, according to a forecast from Research and Markets last year.
At the same time, applications remain the most popular external attack method for malicious hacking groups. Jeffrey Martin, assistant vice president for products at WhiteSource, which offers security, compliance and reporting services for open source repositories, told SC Media that as network and operating systems security has improved, criminal and state-backed hackers have increasingly turned to targeting the application layer and the software supply chain.
As a result, companies are taking more of an interest in application security and how third-party vendors and cloud providers plan to protect their systems, often asking security questions up-front prior to purchasing new tools.
“Even average consumers now have an expectation of a certain level of privacy and security. Since software providers cannot afford to slow down development cycles to meet those expectations, they turn to automated tooling to provide the same value much faster,” said Martin.
Sandy Carielli, an analyst at technology research firm Forrester who writes an annual report on application security trends, told SC Media that “there certainly has been movement to the cloud” in the application market over the past few years that has brought new security concerns to the forefront.
“There is this overall trend of building applications, leveraging APIs and finding new ways to engage with your customers,” said Carielli. “You quickly get hit with this reality check that you need to protect these applications and there are a lot of ways they can be broken.”
Widespread lockdowns last year have also accelerated longer-term trends. With businesses unable to physically access their on-premise hardware and IT assets, many turned to cloud-based applications last year. The end result has been an increased emphasis on baking security further into the software development process and a booming market for security tools that can help protect apps in production.
“What really got my attention was talking to a lot of app security vendors and hearing the same story over and over again: ‘March  was slow and then we had record quarters,’” said Carielli.