More than half of all cyber-attacks now target the application layer
BURLINGTON, MA — February 24, 2014 — Veracode, the application security company, today announced that it grew its revenue by 50 percent in 2013. The company’s cloud-based platform now safeguards web, mobile and third-party applications for more than 500 organizations worldwide, including 3 of the top 4 banks in the Fortune 100 and more than 25 of the world’s top 100 brands.
During 2013, Veracode added many of the world’s largest enterprises to its installed base, including one of the world’s largest credit card issuers; a major energy exploration and production company; a leading manufacturer of networking technology; a well-known online fashion retailer; and a leading provider of residential mortgage credit.
The company was also recognized by Gartner as a Magic Quadrant Leader, while its technology was among the vendor solutions recommended by FS-ISAC — an industry group of leading financial services firms including Goldman Sachs, JP Morgan Chase, GE Capital and Aetna — as one of three critical controls for reducing risk from third-party software.
Helping Enterprises Innovate Faster — Without Sacrificing Security
Mobile and cloud computing applications are dramatically changing the way enterprises deliver business innovation to customers and partners. At the same time, now that organizations have effectively locked down their networks and end-points with next-generation technologies, cyber-criminals are increasingly targeting the application layer as the path of least resistance. As a result, more than half of all successful breaches are attributed to application-layer vulnerabilities — yet less than 10 percent of organizations test all their business-critical applications to ensure they're secure.
“Traditional, on-premises approaches to application security are complex and require specialized skills, which slows innovation,” said Bob Brennan, Veracode CEO. “Veracode’s powerful cloud-based platform, deep security expertise and programmatic, best practices approach provide a simpler and more scalable way for organizations to systematically reduce their global application-layer risk. We expect our strong growth to extend into 2014 as we continue partnering with the world’s largest enterprises to help them innovate while reducing risk.”
Delivering Web and Mobile Innovation
During 2013, Veracode leveraged its SaaS platform to continuously deliver new capabilities for addressing evolving threats, including:
A new, massively parallel, cloud-based service that significantly reduces enterprise-wide risk — in days or weeks — by discovering and analyzing thousands of web applications simultaneously to identify vulnerabilities to common attack threats such as SQL injection.
Integration with leading web application firewalls (WAFs) such as Imperva SecureSphere, enabling enterprises to rapidly mitigate application-layer threats by incorporating security intelligence from Veracode’s cloud-based platform into their WAF rules.
A mobile app reputation service along with new behavioral analysis technology for identifying risky behaviors in mobile apps, such as enabling access to sensitive data and exfiltrating data to suspicious geo-locations.
Partnering with industry-leading Mobile Device Management (MDM) vendors — including VMware AirWatch, IBM Fiberlink and MobileIron — to deliver application-layer security intelligence for enforcing corporate BYOD policies.
Reducing Third-Party Software Risk
During 2013, the industry became more aware of the risk introduced by third-party software that is commonly used by all enterprises, including commercial and SaaS applications, outsourced and open source code, and third-party libraries and components. This new awareness resulted in the issuance of:
New recommended controls from industry groups such as the Financial Services Information Sharing and Analysis Center (FS-ISAC).
New compliance requirements from regulators such as the Office of Comptroller of Currency
New standards from industry bodies such as the PCI Security Council, Open Web Application Security Project (OWASP) and the National Institute of Standards and Technology (NIST).
Veracode is uniquely positioned to address third-party software risk via its cloud-based platform and binary static analysis technology, which has already been used by hundreds of third-party vendors. Through its outsourced program management service — called Vendor Application Security Testing (VAST) — Veracode helps enterprises implement enterprise-wide governance programs for reducing third-party software risk. The company also works directly with vendors to ensure they comply with their customers’ corporate security policies.
Veracode received numerous awards from industry influencers in 2013 including being:
Positioned as a Leader in Gartner’s "Magic Quadrant for Application Security Testing" (July 2013), based on an assessment of the company’s ability to execute and its completeness of vision.
Named one of the 20 Most Promising Companies in America by Forbes Magazine.
Selected as a Red Herring Top 100 North America Tech Startup.
Named a winner for the VAST Program in the Financial World Innovation Awards.
Listed on Deloitte’s Fast 500.
 Gartner, Inc. 2013 “Magic Quadrant for Application Security Testing" by Neil MacDonald Joseph Feiman. July 2, 2013
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.