- Developer-centric cybersecurity startup GitGuardian announced it raised $12 million in Series A funding led by Balderton Capital
GitGuardian — a developer-centric cybersecurity startup specializing in finding company “secrets” in online code — announced that it raised $12 million in Series A funding led by Balderton Capital. Fly Ventures, GitHub co-founder Scott Chacon, and Docker founder Solomon Hykes also joined this round.
And GitGuardian was built to uncover sensitive company information hiding in online repositories. And GitGuardian’s real-time monitoring platform helps enterprise teams manage data leaks to prevent breaches that could cause millions of dollars in potential damages.
The scale of this problem represents a major challenge for companies today. For example, a SANS Institute survey this year found half of company data breaches were the result of account or credential hacking, higher than any other attack method among firms using cloud-based services.
Enterprise software developers rely on the integration of multiple internal and third-party services to offer essential features to clients. And to integrate such services, developers handle incredibly sensitive secrets like login details, API keys, and private cryptographic keys used to protect confidential systems and data such as payment systems, servers, and intellectual property.
To build and refine the code needed to make such integrations work, more than 40 million developers and almost 3 million businesses and organizations worldwide use GitHub. And the collaborative nature of this platform is what makes GitHub such a useful and revolutionary development tool, but it can also lead to “secret leakage” in which developers unwittingly expose sensitive company credentials to the public via their code repositories.
“Through our detection and alerting services, GitGuardian has already supported global government organizations, more than 100 Fortune 500 companies and 400,000 individual developers to date,” said GitGuardian co-founder and CEO Jérémy Thomas. “Currently, every company with software development activities is concerned about secrets spreading within the organization, and in the worst case, to the public space. As a company with so much sensitive information at hand, we have built a culture of unconditional secrecy at our core.”
GitGuardian’s systems are able to detect thousands of credential leaks per day. And while some breaches are relatively low impact, many are of a highly critical nature and may put companies at significant risk. This potentially giving hackers access to entire systems and classified databases. And in recent years, breaches have led to billions of dollars wiped off company valuations and millions being paid in settlement costs and fines.
GitGuardian originally built its launch platform with public GitHub in mind. But GitGuardian is built to be able to monitor and notify on secrets that are inappropriately disseminated in internal systems such as private code repositories or messaging systems. Internal systems are often treated with complete trust leading to secrets being freely shared on messaging platforms for instance. And this makes these systems high-value targets for hackers: once compromised, secrets found there can be leveraged to make larger and more damaging attacks on other systems.
“The modern software development process is remarkable in its ability to allow large, distributed teams to deliver complex systems quickly. However, the very connectivity and openness this depends on has left many companies unwittingly exposed,” added Balderton Capital partner Suranga Chandratillake. “Rather than encumber technology organizations with limiting compliance procedures, GitGuardian allows the modern enterprise to develop code quickly and how it wants to, but with automated visibility and protection over how data, credentials and other sensitive information is used, moved and shared. We are delighted to be joining Jeremy and Eric on their mission to build a platform that allows more people to build more code faster and more safely.”
With this round of funding, GitGuardian plans to expand its customer base, predominantly in the US. And around 75% of its clients are currently based in the US with the remainder being based in Europe. And the funding will continue to drive this expansion. Plus GitGuardian also developed a monitoring platform for private sites.
“Securing your systems starts with securing your software development process. GitGuardian understands this, and they have built a pragmatic solution to an acute security problem. Their credentials monitoring system is a must-have for any serious organization,” explained Docker founder and GitGuardian investor Solomon Hykes.
GitGuardian’s technology works by connecting developers registered on GitHub with their companies and scanning the content of over 2.5 million commits (or code revisions) per day in search for signs of company secrets. This equates to about 1 billion commits a year, covering more than 300 different types of secrets from keys to database connection strings, SSL certificates, usernames, and passwords.