Source Defense Secures $27 Million in Growth Funding to Accelerate Prevention of Web Client-Side Cyber Risks

Springtide Ventures joins existing investors, including JVP and AllegisCyber, as the leader in web application client-side protection increases client deployments by 240% year-over-year, and solidifies dominance in third-party risk mitigation with nearly 24 billion compliance policy violations thwarted in that same timeframe


ROSH HA’AYIN, Israel and NEW HAVEN, Conn., April 26, 2022 – Source Defense, a pioneer in web application client-side protection, today announced that it has secured $27 million in Series B funding. The round is led by new investor Springtide Ventures with all existing investors also participating, including Jerusalem Venture Partners (JVP), AllegisCyber Capital, Global Brain, Connecticut Innovations, Inc., NightDragon, LLC, and Capital One Ventures. In addition to the investment, Karel Tusek, CTO of Springtide Ventures, will join the Source Defense Board of Directors. The new funds will be applied toward the company’s accelerated growth plans, including investments in Sales, Marketing, Alliances, and Research and Development. To support this growth, the company appointed cybersecurity startup veteran, Stephen Ward, as CMO late in 2021.

The company addresses a major concern related to third-party supply chain risk which has led to material adverse impact on thousands of companies over the past few years. One of the largest and least quantified business vulnerabilities lies in website use of client-side JavaScript. Client-side code, delivered in real-time by third-party (as well as fourth- and nth-party) supply chain partners, helps drive and enhance the website user experience, increase engagement, and drive analytic insights. Typical web properties rely on dozens of these supply chain partners. At the same time, this script represents unmanaged and unprotected shadow code, effectively the soft belly for adversaries on any large website. This fertile and extremely profitable threat and attack surface has already resulted in hundreds of high-profile attacks and led to more than 400 client-side attack incidents (e.g., credential harvesting, formjacking, and Magecart attacks) per month in the past two years, making breach headlines at major brands including Macy’s, Ticketmaster, British Airways, Segway, and many others. It has precipitated industry research firm Gartner to define a new category in web application client-side protection that it expects to require mass market adoption in the next two years.

“Organizations spend a lot of time and effort to make sure their websites are well designed, coded, and performing before going live, yet so many of them know so little about what actually happens on their website once it leaves the server-side and reaches the visitor’s browser (client-side), even though it is one of their most important assets both financially and brand-wise,” said Dan Dinnar, CEO of Source Defense. “Source Defense not only identified this as a major and growing issue very early on but partnered with some of the world’s largest and most trusted brands to put a real-time halt to any attempts at digital skimming, formjacking, clickjacking, ad injection, PII theft, and content defacement. We’ve done this in a way that none thought possible – with an easy to test solution, rapid deployment, and with virtually no additional security management burden. The urgency for addressing these attacks only grows – as evidenced by recent Gartner predictions that web application client-side protection will be a ubiquitously deployed part of security tech in the next few years.”

Source Defense recognized this emerging issue, established a dominant market position, and continues to grow rapidly as the category leader. The company has posted more than 250% growth in the past two years and will increase staff by 70% by the end of 2022. The company currently protects nearly a billion monthly site visits and defends transactions for some of the world’s largest businesses, preventing approximately 6 billion quarterly violations of security and compliance policies from occurring in the process.

“While many vulnerabilities that are exploited are deep within an organizational infrastructure, a company’s website is like hitting an exposed nerve – or in this case a massive bundle of exposed nerves,” said Tušek. “For an investor, you don’t just want to invest in innovations that make security better, you want to find innovations that have a positive, material impact on business. Source Defense has solved a massive problem, and not only can protect businesses from millions in losses and fines but cut off a major revenue stream for criminals.”
“Client-side web supply chain attacks are the most prevalent and stealthiest in the market. Online brands cannot control such attacks, as the malicious code does not go through their servers and is constantly changing. This results in severe risk of fraud, information theft, compliance violations, defacement, and more,” said Yoav Tzruya, General Partner of JVP. “Source Defense is the only company that offers a true prevention-first approach to solving the problem. With more than 100 leading brands protected, Source Defense allows organizations to secure transactions and user information, while achieving compliance, and allowing marketing and developers the ability to continue and be agile and competitive, dramatically reducing this cybersecurity risk.”

For any website that facilitates transactions, deals with private or sensitive data, or provides valuable services or information, Source Defense’s first-of-its-kind platform provides security and compliance, and in many cases, site performance gains, to maximize business opportunity while minimizing risk. The platform offers a fully automated prevention-first approach, offering complete access control and a permission-based approach to first-party code, as well as JavaScript-based third-party tools. Source Defense protects leading organizations across multiple verticals, including financial services, healthcare, hospitality, and retail, offering cybersecurity prevention capability, compliance (e.g., PCI, HIPAA, GDPR), as well as better flexibility for marketing teams and developers.