ArmorCodea cybersecurity platform that collects vulnerability data from connected applications and software infrastructure, consolidating the data into a single location and standardizing it for analysis, has raised $40 million in a Series B round led by HighlandX with participation from NGP Capital, Ballistic Ventures, Sierra Ventures and Cervin.
Bringing ArmorCode’s total raised to $65 million, the proceeds will go toward bolstering the startup’s go-to-market efforts and expanding its products and engineering teams, co-founder and CEO Nikhil Gupta told TechCrunch in an email interview. They will also be used to support the addition of new AI and software supply chain capabilities and to grow ArmorCode’s partnerships in new geographies, specifically Europe, Gupta continued.
“I co-founded ArmorCode to address a critical security challenge: pervasive risks as a result of releasing software more often and to more places than ever before without addressing security vulnerabilities,” said Gupta. “Security teams are struggling to keep up [with] the most critical risks across the organization. ArmorCode was built to solve this.”
Prior to launching ArmorCode, Gupta was the CEO and co-founder of Avid Secure, which was acquired by Sophos in 2019. Gupta also co-launched The Purple Book Community, a community of security leaders who share concerns, practices and case studies of security software challenges.
Gupta says he started ArmorCode after noticing an increase in software exploit attacks — and a corresponding increase in demand for defense solutions.
He’s not the only one. According According to a 2022 report from HackerOne, ethical hackers were able to discover over 65,000 vulnerabilities in 2022 alone, a 21% increase compared to 2021. It’s no surprise that spending on cyber security is on the rise. between 2017 and 2024, there will be double-digit growth in global spending on information security, Statista predict.
ArmorCode aims to cover vulnerabilities in an enterprise’s software and infrastructure, including containers (i.e., isolated environments in which software runs) and public and private clouds, through “role-specific” dashboards. In addition to threat intelligence tools that score risk and provide recommendations to mitigate attacks, these dashboards provide training targeted at security teams and individual members of those teams.
“With hundreds of different scanning tools across applications, infrastructure, cloud and more, organizations want to use the best tools for each area, but end up inundated with findings that are difficult to consolidate…. at scale,” Gupta said. “Many vendors are trying to solve this problem at small and medium scale or by locking companies into specific scanners alongside their posture management solution, but only ArmorCode brings a vendor-neutral, platform-based solution at enterprise scale.”
Is ArmorCode really the only “enterprise-scale” platform of its kind? This is debatable. Sometime competitors include ProjectDiscover, which develops tools to help security teams detect and remediate security threats. Socket offers a scanning tool to detect security vulnerabilities in open source. Elsewhere, there’s Legit Security, which provides a platform for detecting application vulnerabilities from code.
Still, ArmorCode has managed to carve out a niche for itself—at least according to Gupta. He says the company’s client base has grown 400% in the past year to include “dozens” of large enterprises in industries such as media and entertainment, hospitality, healthcare, consulting and finance.
“As we have found the right product market and are on a growth ramp, we have decided to accept new funding to accelerate our growth in Europe and into new product areas,” Gupta said, adding that ArmorCode plans to expand its workforce of approximately 110 employees by 20% by the end of 2023. “We started ArmorCode in the middle of the pandemic because we understood that the
The need for software security would be more acute than ever as a result of accelerating digital transformation.”
