Baking security into app development -Why we invested in Hdiv Security

 We are excited to announce our recent investment in Hdiv, a cybersecurity startup from San Sebastián, Spain.

The company provides a suite of application security products that protect and detect threats to web applications and APIs. We are delighted to welcome CEO Roberto Velasco and the rest of the Hdiv team to the Adara stable and look forward to the journey ahead.

Web application security: a painful status quo

The number of web applications has grown rapidly in recent years, due to a combination of advances in mobile phone penetration, computing power and cloud infrastructure. At the same time, a shortage of cybersecurity professionals has given rise to developers relying on third-party solutions as they seek to secure web applications and APIs.

As the number of applications increases, so do the threats from cybercriminals to both users and businesses. In its Application Security Statistics Report, Whitehat estimated that 30% of total breaches reported in 2017 related to web applications, the highest percentage ever.

Many developers view security as an afterthought to the design and build phase.

Moreover, once a web application has been launched, it is protected via a set of firewalls, which are external to the application, looking inwards and monitoring activity. Firewalls are a double-edged sword. On the one hand, they block malicious traffic from entering into the application, but on the other, they block non-malicious traffic too, generating false alerts to the security team and more importantly blocking non-malicious users. These false alerts are time consuming to investigate and a major pain point of any dev team looking to release product at speed.

Hdiv: an innovative approach to detecting and protecting from attacks

Hdiv provides a contrarian approach to the status quo, offering a suite of developer tools that can be integrated into the application at the design and build phase, monitoring it from the inside out, and alerting developers to potential vulnerabilities as they are building the product.

1. Hdiv’s product portfolio helps software developers and architects secure web applications by enabling DevSecOps methodologies that include protection (RASP) as well as detection (IAST) capabilities.
2. Hdiv not only unifies these two capabilities into one solution but also runs on all leading developer platforms including REST APIs and is 100% software, cloud-ready, and deployed within web applications.
3. Hdiv’s toolkit will make their life easier (by reducing manual penetration testing time) whilst increasing the security of their product.

At Adara, we find developer tools particularly compelling as developers are product owners and decision makers with tight schedules, making them responsible for and frustrated by product delays. In a recent Developer Survey, it was estimated that a developer spends on average 17 hours/week fixing on maintenance and bad code, resulting in $300bn of lost productivity per annum. These are two significant drivers of value for developers. We believe Hdiv can embed itself within enterprises’ software stacks for the long term.

With virtually zero marketing spend, the community version of Hdiv’s flagship RASP product has been downloaded 500 times a month on average, and is trusted by a community of over 10,000 developers. Moreover, a significant percentage of these downloads are from Fortune500 companies, including four out of the top ten US Banks.

Lucky Number 13

As an aside, Hdiv becomes Adara’s 13th and last investment from our second fund, being a seed stage investment in the burgeoning area of Cybersecurity. It is interesting to note that Adara’s 13th investment from our first fund was AlienVault—a seed stage investment in the burgeoning area of cybersecurity.

AlienVault was recently sold to AT&T as the largest Tech exit by a Spanish born company in history.

No pressure, Hdiv.