Sqreen, a company that provides every developer a simple way to bring security to their application, just announced a $2.3M seed round led by Alven Capital and including investments from Point Nine, Kima Ventures and 50 Partners -as well as known business angles such as Marc Verstaen, EVP product development at Docker, Thibaud Elziere, former CEO at Fotolia, Francis Nappez, co-founder of Blablacar, Philippe Plichon, head of southern Europe at Dropbox, and Justin Ziegler, co-founder of PriceMinister.
“Security is overlooked by early-stage companies growing fast, but it quickly becomes a high priority once they are more mature. Few developers are enthusiastic about the extra workload and rigour involved in securing applications, so a tool like Sqreen is a real boon for the industry. We are bullish on all solutions saving time for developers and Sqreen is definitely one of them”, commented Rodolphe Menegaux from Alven.
Sqreen was founded in July 2015 by product and security experts and is currently headquartered in Paris, France. The company might have found the solution to bring a security logic into every connected application. “Security is traditionally shunned by developers as they often equate secure practices with constraints limiting their freedom to code”, explains Pierre Betouin, CEO and Co-Founder of Sqreen, who prove itself during 7 years as an Engineering Manager of Apple’s security department known as the Redteam. “Conventional approaches to security haven’t done much to make applications stronger and the complexity intimidates most developers. We have been attacking products for years and have experienced firsthand the disconnect between diagnosis and remediation. Our goal is to put security back into products and let the developers embrace this role again. It is pretty obvious that products should now be embedding their own security logic to protect themselves.”
Asked about the idea behind Sqreen, Betouin said: “I met Jean-Baptiste Aviat -CTO and Co-Founder of Sqreen, at Apple’s Redteam, we hacked products together during more than 5 years. The classic method was to look for breaches and report our findings to the product teams. The problem with such a process was its lack of real-time relevancy. A software product is constantly changing and our diagnoses weren’t necessarily up-to-date, making the applications more vulnerable. Today with Sqreen, we offer the perfect approach to security in continuous integration.”
Sqreen is a fully automated solution for developers that protects applications within 30 seconds without modifying the source code or requiring special skills. Once deployed, the protection provides real-time defenses that continuously adapt and improve from millions of attacks sourced from the community. Sqreen brings a protection layer to developers in the simplest form, mixing software instrumentation, run-time logic generation, and machine learning in order to continuously enhance the platform. Working as an “Application Protection as a Service”, the solution doesn’t require maintenance. Security and product development are disciplines that don’t intersect, developers think that security engineers don’t bring anything to the product, and vice-versa. Sqreen function as a simple bridge between product and security, a vital element that is still obscure for developers today.
With Sqreen, applications are automatically instrumented in order to diagnose security vulnerabilities and to bring additional protection and remediation logic. Sqreen currently supports thousands of security threats, including SQL injection, cross-site scripting, cryptographic weaknesses, etc. “We believe that developers should focus on features. Identifying vulnerabilities is tough and bringing solutions requires expertise. Sqreen makes Application Security open to all. Large companies, small ones, startups, or individual developers, all should have access to the strongest protection against vulnerabilities. Even without specific expertise in the field”, explains Betouin. “It works like a vaccine which generates antibodies, and every time a breach is found in the application, new antibodies are generated.”
This seed round will allow the company to grow its R&D team to 20 people by the end of the year, in order to keep developing a product that demands a continuous evolution; but also to evangelize the product which requires a technical marketing approach.