Summit Partners acquires majority stake in app security company Invicti Security for $625M

Join gaming leaders online at GamesBeat Summit Next this upcoming November 9-10. Learn more about what comes next. 

Invicti Security, an Austin, Texas-based company offering web app cybersecurity and data management services, today announced that it signed an agreement for a $625 million majority investment led by Summit Partners with participation from Turn/River Capital. Invicti says that the new funding will support its continued growth and product development efforts as it looks to expand its international customer base.

“We are absolutely thrilled to welcome Summit for this next chapter in our company’s growth,” Invicti founder and CEO Ferruh Mavituna said in a statement. “We’re confident that Summit’s extensive security experience will help accelerate our product innovation, expand our reach, and address the urgent problem of web application security faced by organizations around the world.”

App security is becoming a critical problem as businesses increasingly move online during the pandemic. The number of app vulnerabilities in 2019 exceeded 13,300, according to Flexera. Highlighting the fragility of the supply chain, WhiteHat Security estimates that 33% of app security vulnerabilities stem from embeddable open-source and third-party components.

Organizations that haven’t adopted the best security practices are more likely to publish exploitable apps, predictably. The WhiteHat Security report found that remediation rates have fallen thanks to “an increased awareness and focus on app security, which naturally expands the scope of apps to be tested.”

Invicti’s long history

Founded in 2005 on the island of Malta, Invicti (originally Acunetix) provides software designed to scan an organization’s web footprint for issues and facilitate problem-solving through developer workflows. The company’s solutions automatically conduct and verify thousands of website, API, and web app security audits for customers including small- and medium-sized businesses (SMBs) in addition to large organizations like NASA, Ford, Coca-Cola, Verizon, Lenovo, Allstate, Cisco, and General Mills.

Invicti offers two products in its web app security portfolio: Acunetix (a nod to the company’s original brand) and Netsparker. Netsparker verifies which vulnerabilities are real and not false positives. As for, Acunetix, it’s a macro recording technology that lets customers scan multi-level forms and even password-protected areas of a website.

“Invicti … addresses a critical need among enterprises and public sector organizations: to secure hundreds, or even thousands, of web applications. Invicti has been a global leader in web application security for more than 15 years, providing dynamic and interactive application security products to help organizations in every industry make the best use of their security resources, and engage developers to improve their overall security posture,” COO and president Mark Ralls told VentureBeat via email.

Progressing forward in an increasingly digital world

In the last 12 months, Invicti — which has 350 employees — claims that it’s added 700 new customers, is cash flow-positive with an over 900% gross margin profile, and is on track to grow its annual recurring revenue by more than 60% in 2021. The company currently serves more than 3,300 customers in 115 countries and has scanned upwards of 800,000 websites to date.

“As we look to the future of cybersecurity, our machine learning team at Invicti is focused on the powerful ways it can both bring deeper context to security testing results to improve efficiency and prioritize remediation efforts while also discovering new activities, behaviors, and meta-trends that provide insight into the evolving threat landscape. By leveraging automation and accuracy, Invicti helps save security and development teams critical time often wasted attempting to tame false-positive vulnerability alerts,” Ralls continued. “The pandemic — which accelerated the massive shift to workforce virtualization and the breakneck migration to cloud — has only increased the need for organizations to secure their web applications. We’re seeing this in the shape of both existing and net-new customer growth. Invicti [has] added customers and employees every month since the onset of the pandemic.”

The web app security market is expected to be worth $22.12 billion by 2026, according to Reports and Data. Among others, Invicti competes with Rapid7, Qualys, and Veracode as well as app management and security startup AppOmni, code-scanning platform BluBracket, and code vulnerability engine Spectral. But as evidenced by Invicti’s late-stage infusion — not to mention Proofpoint’s $12.3 billion acquisition by Thoma Bravo, Auth0’s $6.4 billion acquisition by Okta, and McAfee’s $4 billion acquisition by STG — there’s plenty of capital to go around in cybersecurity. Less than six months into 2021, cybersecurity startups had raised $9.9 billion globally, Pitchbook reported — 96% of the total raised in 2020.

The Invicti transaction, additional details of which were not disclosed, is expected to close during Q4 2021 subject to standard closing conditions.

Originally appeared on: TheSpuzz