Source Defense raises $10 million for website supply chain solution

Source Defense, a startup that is promising a remedy for breaches caused by flawed third-party web applications, announced Wednesday that it raised $10 million in Series A funding.

The Israeli company says that it provides a first-of-its-kind solution for preventing website supply chain attacks. The company’s product sits on a customer’s website and automatically monitors access and permissions of third-party apps that operate on it.

The use of third-party code for web apps on websites has been a salient risk as of late. Several companies, including Newegg, British Airways and Ticketmaster UK, have fallen victim to card skimming schemes at the hands of the threat group Magecart in recent months. The group exploits vulnerable or compromised JavaScript code that companies place on their websites, intending to use it for things like chat clients and payment tools.

Source Defense says that its solution is simple to implement — ironically, by having customers copy and paste Source Defense’s own JavaScript into page headers. The rest, the company says, is automatic. The product fends off attacks while the host website does its thing.

“The promise of Source Defense is not only the prevention of a universal, persistent vulnerability but that we free up organizations to focus on what really matters when it comes to their websites: delivering a superior user experience,” said Source Defense CEO and co-founder Hadar Blutrich, in a statement. “We’re extremely excited to bring our innovative product to market, and honored to have a global team of world-class cybersecurity investors onboard.”

The company says the infusion will go toward boosting its market strategy. The round was led by AllegisCyber and Jerusalem Venture Partners, with participation from Global Brain and Connecticut Innovations.

“The growing complexity of these commerce platforms and the extensive use of third-party software makes them particularly vulnerable to attack and compromise,” said Pete Bodine, managing director of AllegisCyber. “The reason we invested in Source Defense is because they move the needle in a meaningful way to lock down these sites and ensure they operate without compromise.”

Along with the investment, Source Defense announced the opening of its new U.S. headquarters in Stamford, Connecticut and a research and development hub in Rosh HaAyin, Israel.