No matter what you do, no matter how careful you are, you will never be 100 percent safe from hackers, malware and cybercrime.
“When we talk to customers, we talk about reducing risk — not eliminating risk — because the job is never done,” said Adam Goodman, vice president of product at web application security platform Invicti Security. “There’s a constant need to not only look forward and find new ways to protect our customers, but also go back and look at the existing vulnerabilities they have and how they can be fixed.”
Invicti’s customers could be forgiven for thinking otherwise. A paragon of peace of mind, the global leader in web application security has spent the past 15 years helping world-renowned companies embrace security as a key feature in everything they create.
Powered by Proof-Based Scanning that automatically confirms 94 percent of direct-impact vulnerabilities with a market-leading confirmation accuracy of 99.98 percent, the Austin-headquartered organization brings a level of assurance to its customers as cyberthreats targeting both industry and government firms continue to proliferate.
And with severe web vulnerabilities like Log4 Shell and the SolarWinds hack on the rise, it’s never been more necessary for organizations to invest in security technology like Invicti.
Perhaps that’s why, in October 2021, Invicti announced that it had raised a whopping $625 million in an investment round led by global growth equity investor Summit Partners. The fresh funding will be used toward expanding internationally, with plans to increase its 350-person team to 500 employees by the end of 2022.
“Application security is no longer a nice-to-have — it’s a must-have,” Director of Product Management Hüseyin Tüfekçilerli said. “These critical components aren’t going anywhere anytime soon, and neither are attackers. But then again, neither is Invicti. We’ll be here to guide our customers toward improved security posture every step of the way.”
Built In met with Goodman, Tüfekçilerli and Chief Product Officer Sonali Shah to learn how Invicti helps its customers innovate as quickly as they want — without sacrificing security.
ABOUT INVICTI SECURITY
What separates Invicti from other companies in the web app security industry?
Chief Product Officer Sonali Shah: Going back in time, Invicti is the formation of two companies, Acunetix and Netsparker, and both were pioneers in web application security as well as market leaders in dynamic application security testing. One of the things about security that makes it so hard is that there are a gazillion ways that an attacker can steal data. And over time, you see those methods evolve, which means that we have to evolve the products. With 15 years of dedicated focus on DAST, we have the accuracy, speed, coverage and automation our customers require to secure their entire web application attack surface.
Your job is especially noteworthy because it enables others to do their jobs safely. What impact from your work are you especially proud of?
Shah: Traditionally, we’ve seen development teams on one side and security teams on the other. With a technology that meets the needs of development and security teams, we are breaking down the barriers that prevent developers, product teams and security teams from working together, which minimizes risk and avoids delays in releasing new features. In this hypercompetitive market, a delay of a few weeks can result in your competitor being first to market with a new feature.
HOW MUCH DOES A DATA BREACH COST IN 2022?
Technology-based security solutions like Invicti, however, can help reduce the cost of data breaches. Breaches at organizations with fully deployed security artificial intelligence and automation cost $3 million less than breaches at organizations without security AI and automation deployed, the report said.
Do the stakes feel high — like there are real consequences to the work you do?
Shah: The importance of what we’re protecting grows by the day. And it’s not companies that use web applications to communicate with customers, partners and employees; the whole infrastructure of a country can depend on web applications, which means that the stakes have risen from a hacker perspective. If you look at what’s been happening in Russia and Ukraine, the cyberattacks from Russia on Ukraine started well before the physical attacks. It’s very rewarding to be part of an organization that’s helping other companies, enterprises and governments globally secure their websites so that they’re not under that threat.
“The importance of what we’re protecting grows by the day. ... The whole infrastructure of a country can depend on web applications.”
Vice President of Product Adam Goodman: When you see yourself as one of the front lines of defense for stopping these things, it rallies everyone around that cause internally. There’s very much an awareness that we make the world a safer place — and without us doing it, the world would be less safe.
The nature of security means your work is never done. What’s it like to work for a company with an established pedigree that, by definition, has to keep innovating?
Director of Product Management Hüseyin Tüfekçilerli: Being a part of the AppSec community is inherently tied to innovation. If you’re not staying innovative and continuously improving your products and scanning technology to include the latest threats, you’re going to fall behind the curve — and so are your customers. Our customers come first, which means when we’re designing new products or new features, we always need to think about whether those upgrades will deliver the right kind of value to help our customers balance security with innovation.
INVICTI BY THE NUMBERS
- 3,600+ customers
- Used in 115+ countries
- 800,000+ web apps secured
- 300,000+ unique severe vulnerabilities found
- Employees in 8 countries
- 15 languages spoken
Invicti is a global company, with employees from around the world. How does having such a diverse team of perspectives make you better at your job?
Tüfekçilerli: When you have a global team and that team is held up by good communication with an effort around inclusion, it’s easier to keep employees engaged and strive for innovation. At Invicti, that shines in how open leadership is to honest conversations and in how much value we place in each other. We know the skills and diverse perspectives we bring to the table, and because Invicti provides an environment that feels safe and open, change and growth are real here. Plus, having a diverse workforce and a global team is a great sign that your company is functioning well and has successful products. When everything under the hood works smoothly, so can your employees.
Goodman: Our conversations are never groupthink. Instead, we have lots of different opinions from lots of different walks of life, bringing in various viewpoints into how we make decisions. It’s through having all those different viewpoints — and often opposing viewpoints — that we are empowered to make the best decisions here. It’s extraordinarily gratifying to be in that type of environment. If everyone came from one place and had one way of thinking, we would all make the same decision, but we wouldn’t really have confidence that we’re making the right decision.
“It’s through having all those different viewpoints — and often opposing viewpoints — that we are empowered to make the best decisions here.”
You recently received a significant investment from Summit Partners. How will this new financing support Invicti’s continued growth and product development initiatives?
Shah: We’re in a really good financial position, and we’ve already invested quite a bit in the business. But what got Invicti to this point is not necessarily going to take us to the next point. To get to that next big inflection point, we need to evolve the way the company operates. A lot of companies, even if they have great technology, fail to evolve as a business is going from a startup to a more mature business. They might be really fast-growing for a while, but then they just hit a wall because they haven’t scaled their processes.
We have that opportunity to do it right. We already have the best technology, but often the best technology is not what wins. It’s also the business around it. With this investment, we are investing in sales, marketing, customer success, and product innovation. Even though there’s a lot of uncertainty in the world today, I think we’re in a much better place than most tech companies to weather whatever comes ahead.
What does the investment symbolize to you?
Goodman: In many ways, it’s recognition. Invicti was world renowned before the investment, but to have such a well-recognized firm confirm that proof point, that’s super exciting.
Shah: It tells us that our investors believe what we believe, which is that we have a tremendous opportunity in front of us. Even with all the success we’ve had, we’re just getting started. There’s so much more we can do to help our customers reduce their cybersecurity risk. And they believe that, too.