Checkmarx, one of the first cybersecurity companies to focus on detecting code vulnerabilities, got $84 million in funding on Thursday – it was not acquired, as was reported in the Israeli press last week
Last week, Israel’s Hebrew press broke the story that Checkmarx, a company that specializes in software application security, had been acquired by Insight Venture Partners for $100 million. The story was based on rumors, and when contacted, the company had no comment.
Checkmarx officially announced the real deal in a press release on Thursday and the story is quite different. The Tel Aviv-based company said it had received an $84 million investment from New York-based venture capital and private equity firm, Insight Venture Partners.
The $84 million is going toward buying a stake in the company from existing shareholders, but the company declined to say how much.
“Essentially it’s a massive investment in the company,” Emmanuel Benzaquen, Checkmarx’s CEO, told Geektime in an interview.
“Some early investors are going to take some liquidity. Most of the money will go into growing the company.”
An offer he couldn’t refuse
In the past, Insight Venture Partners has invested in Twitter, Alibaba, Indiegogo, Delivery Hero and Hootsuite. It has a capital base of approximately $7.6 billion and one of the best track records of any venture capital firm worldwide.
“Insight has been looking at us for a while. They usually invest in companies that are in hypergrowth mode, very sexy, so to speak. So cybersecurity is extremely hot right now. They came in with a very aggressive proposal and we had to accept,” Benzaquen said laughing,
Founded in 2006 by Israeli cybersecurity expert Maty Siman, Checkmarx provides solutions for application security testing and application layer attack prevention.
Scanning code before it becomes a product
“Today not a day goes by without hearing about Sony being hacked or PayPal, Target or North Koreans,” Benzaquen explained.
“The number of software applications are growing exponentially and there are no solutions to check the applications before they get released. So what we do is scan and we look for vulnerabilities or back doors that hackers can exploit, whether they were left intentionally or unintentionally by developers.”
Benzaquen says that from the time they were founded ten years ago, the company’s claim to fame is that “we scan code, from the first line of code all the way to production. Our specialty is to come very early on in the design cycle because we can scan non-compiling code and we are almost language agnostic. That makes us very user friendly at the early stages.”
At present the company says it has over 700 customers, including Salesforce.com, SAP and the U.S. Army. Benzaquen told Geektime that five of the world’s ten largest software companies use Checkmarx as well as the defense establishments of five different countries.
Benzaquen says that Insight Venture Partners’ track record tells you everything you need to know about the trajectory of Checkmarx.
“If you look at their portfolio in enterprise software they invested in BMC, Quest and Airwatch. In Israel, they invested in Mediamind and Wix.
“The leak last week suggested the company didn’t have a chance to do better, as if the company would disappear. It’s the opposite. I want to emphasize that Checkmarx will remain an independent player with a huge amount of money in its pocket.”
From Boogie Ya’alon to Stuxnet
Checkmarx got a lot of press back in 2007 when the Israel Defense Forces Chief of General Staff Moshe (Boogie) Ya’alon joined its advisory board.
“There was a big press buzz that Shimon Peres was becoming president and the ex-army head was going into hi-tech.”
Benzaquen said this was a calculated move for him as CEO.
“I actually approached him at a conference and I said, Mr. Ya’alon I need you to look at the cyberthreat as a threat. The company was two people at the time. He joined us.”
Today, remarked Benzaquen, the company has 150 employees and is doubling every year. It has revenue in the tens of millions and is profitable.
“Back then it was hard to get attention for the cyber threat. My claim has been all along that cyber threats are as important as the physical threat. For instance, there was Stuxnet a few years ago.”
Are you going to reveal to us now that you were behind Stuxnet?
“No, I’m not. I am not going to endanger my life,” Benzaquen replied laughing.
“But these are literally the kinds of things we work on finding. So if the Iranians theoretically were our customers — obviously they’re not and they’re not going to be — we could have helped them protect their application.”
Benzaquen said that Checkmarx sells to 55-60 countries with the exception of countries on an Israeli government blacklist.
“You can probably guess who they are. We aren’t selling to North Korea or Iran, etc. There are laws that prevent that.”
However, he explained, people inside these countries have approached Checkmarx “hundreds of times,” often going through partners or otherwise trying to disguise their identity.
“But we’re a security company. We know pretty well who our end users are.”
Benzaquen said that Checkmarx will use the funds to expand geographically and expand their product line.
Featured Image Credit: Checkmarx / YouTube