ShiftLeft Raises $20 Million Series B Funding to Accelerate Adoption of Automated Application Security

Thomvest leads round with participation from SineWave, Bain Capital
Ventures and Mayfield;
new advisory board includes prominent
members of security and development community

Inc., an innovator in application-specific cloud security, today
announced it has raised $20 million in Series B funding. This latest
round, led by Thomvest Ventures and joined by new investor SineWave
Ventures as well as existing investors Bain Capital Ventures and
Mayfield, comes less than 18 months after the company announced its
first round of $9.3 million, bringing the total raised to nearly $30
million. The company is also announcing the addition of Jim Sortino, who
previously held executive roles at Trend Micro and Dome9 Security
(acquired by Checkpoint), as vice president of worldwide sales.

The company is using these funds to drive broader adoption of its
code-informed runtime protection by expanding the breadth of its product
portfolio, application coverage and global sales and marketing

Software is rapidly becoming the driver of innovation. From internal
enterprise applications to connected systems and devices in markets such
as automotive, HVAC and electronics, many industries now compete on the
advantages and benefits their software delivers. Every facet of modern
life has been impacted by software and the data collected has expanded
massively. Traditional application security approaches simply cannot

“We are excited to lead ShiftLeft’s Series B financing. The company has
an impressive team, led by CEO, Manish Gupta. ShiftLeft provides
intelligent automation of code security, which addresses a major pain
point for the CISOs of modern enterprises: to protect applications and
data,” said Umesh Padval, venture partner at Thomvest Ventures.
“ShiftLeft’s unique architecture provides a prioritized list of
vulnerabilities with the least number of false positives and detailed
vulnerability information, which helps developers remediate rapidly. A
high-performance runtime solution that can protect applications in
production empowers security teams to embrace automation as the solution
which integrates seamlessly into the CI/CD [continuous
integration/continuous delivery] workflow of an organization.”

From containers and microservices to cloud and open source, a vast array
of forces are rapidly changing and accelerating application development
and deployment. This investment underscores both the importance of
ensuring security despite this complex landscape, and ShiftLeft’s unique
ability to empower application security teams to protect the enterprise.
Unlike traditional application security approaches, which are focused on
external threats and rely on manual efforts to triage inaccurate alerts,
ShiftLeft is the first to use code analysis to deeply understand
application vulnerabilities, and create a virtual security perimeter to
detect and protect every application version against malicious or
unauthorized activity targeted at those vulnerabilities.

“Security has always been paramount, but traditional code analysis tools
didn’t integrate into our CI/CD pipeline, created too many false
positives and were just too slow,” said Harjot Gill, general manager of
Nutanix Epoch. “The accuracy and speed of ShiftLeft enables Nutanix
Epoch to automatically secure every release without slowing down new
feature development.”

According to Patricia Muoio, partner at SineWave and former chief of the
NSA’s Trusted System Group, “We were particularly impressed by
ShiftLeft’s combination of software assurance with runtime monitoring.
This unique ability to not only automate code security, but also deliver
the analytics that helps DevOps organizations understand, confirm and
prioritize vulnerability patching enables enterprises to get ahead of
threats and truly changes the game in cyber security.”

As part of its growth initiative, ShiftLeft has also created an advisory
board of prominent security and development thought leaders, including:

  • Bob Flores, former CTO of the Central Intelligence Agency
  • Craig Rosen, CISO of AppDynamics
  • Shahar Ben Hador, CIO of Exabeam
  • Aaron McKeown, head of security engineering and architecture at Xero
  • Manish Arya, founder and CTO of Tavant
  • Yonatan Ryabinski, chief enterprise architect at Vanguard

ShiftLeft Quotes

“Our founding vision is that application security needs to be a seamless
part of the development process, not an afterthought,” said Manish
Gupta, CEO and co-founder of ShiftLeft. “The problem has long been
inaccurate tools and a heavily manual process, leaving security and
development teams frustrated and applications vulnerable. ShiftLeft
completely upends this paradigm, delivering automated and customized
protection for every software release, and the analytics dev teams need
to improve on the overall security posture.”

“I’ve seen organizations struggle through a reactive, threat-focused
security posture, resulting in overworked security teams and frequent
breaches,” said Enrique Salem, partner at Bain Capital Ventures and
former CEO of Symantec. “Yet ShiftLeft gets at the root problem –
vulnerable software – by automating the process of accurately and
rapidly analyzing and plugging vulnerabilities in the applications
themselves. It’s exciting to be an investor in a company that is
meaningfully helping security teams by reducing the overall attack
surface and providing direct root-cause insight for developers.”

“Every modern company has become a software company, making application
security vital,” said Ursheet Parikh, partner at Mayfield. “So it’s no
surprise security is daily news: as the volume and pace of new
applications has skyrocketed, the number of vulnerabilities has
exploded. The ability to customize security for each version of every
application is what drew us to ShiftLeft, and why we think the company
promises to have a remarkable impact on the overall market.”

About ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built
for the modern software development life cycle. It combines next-generation
static code analysis
(to quickly and accurately identify
vulnerabilities) with application instrumentation (to protect the
application) in an automated workflow. This combination of
runtime-informed code analysis and code- informed runtime protection
delivers the most accurate, automated, and comprehensive application
security solution. To learn how ShiftLeft keeps application security in
sync with the rapid pace of DevOps, see


Mullikin Communications
Rich Mullikin, 925-354-7444

error: Content is protected !!