ArmorCode raises $40M to consolidate security data in one place | TechCrunch

ArmorCode, a cybersecurity platform that gathers vulnerability data from connected apps and software infrastructure, consolidating the data into a single location and standardizing it for analysis, has raised $40 million in a Series B round led by HighlandX with participation from NGP Capital, Ballistic Ventures, Sierra Ventures and Cervin.

Bringing ArmorCode’s total raised to $65 million, the proceeds will be put toward bolstering the startup’s go-to-market efforts and expanding its product and engineering teams, co-founder and CEO Nikhil Gupta told TechCrunch in an email interview. They’ll also be used to support the addition of new AI and software supply chain capabilities and grow ArmorCode’s partnerships in new geographies, specifically Europe, Gupta continued.

“I co-founded ArmorCode to address a critical security challenge: pervasive risks as a result of software being released more often and in more places than ever before without addressing the security vulnerabilities,” Gupta said. “Security teams are struggling to keep pace [with] the most critical risks across the entire organization. ArmorCode was built to solve this.”

Prior to launching ArmorCode, Gupta was the CEO and co-founder of Avid Secure, which was acquired by Sophos in 2019. Gupta also co-launched The Purple Book Community, a community of security leaders who share concerns, practices and case studies involving challenges around securing software.

Gupta says he started ArmorCode after observing the uptick in software exploit attacks — and the corresponding growth in the demand for defensive solutions.

He’s not the only one. According to a 2022 report from HackerOne, ethical hackers were able to discover over 65,000 vulnerabilities in 2022 alone, up 21% versus 2021. Unsurprisingly, spending on cybersecurity is increasing; between 2017 and 2024, there will be double-digit growth in global spending on information security, Statista predicts.

ArmorCode aims to surface vulnerabilities in an enterprise’s software and infrastructure, including containers (i.e. isolated environments in which software runs) and public and private clouds, through “role-specific” dashboards. In addition to threat intelligence tools that score risk and provide suggestions for mitigating attacks, these dashboards provide training targeted at security teams and individual members of those teams.

“With hundreds of different scanning tools across applications, infrastructure, cloud and more, organizations want to use the best-of-breed tools for each area, but end up being flooded with findings that are difficult to consolidate …. at scale,” Gupta said. “Lots of vendors are attempting to solve this problem at small- and medium-sized scale or by locking companies into specific scanners alongside their posture management solution, but only ArmorCode is bringing a vendor-neutral, platform-based solution at enterprise scale.”

Is ArmorCode really the only “enterprise-scale” platform of its kind? That’s debatable. Sometime rivals include ProjectDiscover, which is developing tools to help security teams detect and remediate security threats. Socket offers a scanning tool to detect security vulnerabilities in open source code. Elsewhere, there’s Legit Security, which provides a platform to identify app vulnerabilities from code.

ArmorCode has managed to carve out a niche for itself, though — at least according to Gupta. He says that the company’s annual recurring revenue has grown 400% in the past year across “dozens” of large enterprises in industries including media and entertainment, hospitality, healthcare, consulting and financial.

“As we’ve found product-market fit and are hitting a growth ramp, we decided to accept new funding to accelerate our growth into Europe and in new product areas,” Gupta said, adding that ArmorCode plans to expand its workforce of around 110 employees by 20% by the end of 2023. “We started ArmorCode in the middle of the pandemic because we understood that the need for software security was going to be more prominent than ever as a result of the acceleration of digital transformation.”