Virtualization Technology News and Information
VMblog's Expert Interviews: Sqreen Talks New Security Approach - Application Security Management


Sqreen is a new breed of security company with a developer and ops friendly approach to protecting web applications from day one without the need for expert security teams to install, configure and deploy a solution.  The company just closed a $14 million series A financing round with Greylock Partners.  They call their new security approach: Applications Security Management (ASM).

VMblog recently spoke to its CEO, Pierre Betouin, to learn more.

VMblog:  First of all, what is your security background?

Pierre Betouin:  In 2006 I was brought into Apple to build the first offensive security team there. Despite working with one of the finest engineering organizations in the world, my small team could hack into most Apple products, software and services. We uncovered thousands of vulnerabilities. Remember, this is a company noted for its strong security and privacy. They create products that they know will be the target of nation states. Even in that environment where security was so important, we could see something was badly broken in development / security and it started with the application itself. When my co-founder and I left Apple in 2015, we wanted to focus on a solution that developers could embrace and that could protect applications at the speed of new software development cycles.

VMblog:  Explain if you will, what exactly is Application Security Management?

Betouin:  It's a modern approach to monitor and protect web applications and workloads in protection. An ASM system aggregates relevant security data gathered from agents monitoring the heart of the applications to identify potential threats in real-time. Micro-agents embed active protection modules, such as RASP, in-app WAF, or ATO protection, that can be turned on anytime without engineering or ops intervention required. It's all automated. We basically decentralize app security from the network level to the application level. ASM adapts to the application stack in real-time.

VMblog:  Is this an enterprise product?  Who can use it?

Betouin:  We see two main buyers today although we are getting increasing interest at the Global 2000 enterprise level now. The first customer profile is typically the CTO or head of engineering at a startup who is responsible for the entire security lifecycle, but they are not security specialists. These people are leaders of companies born digital so they understand the modern way or working and need a tool to improve security monitoring and protection out of the box from day one. The other customer profile is someone who runs a security team at a mid-size to larger company. They need to protect company data and systems. They tend to work for newer companies, like a Pinterest, that were founded in the last 15 years. They need security protection and monitoring at scale, deal with compliance and regulatory reporting, and have limited security resources. And robust security can't be a blocker to shipping code fast.

VMblog:  What's wrong with current application security solutions?

Betouin:  At the infrastructure level, security solutions today are pretty good. AWS, GCP and Azure are buttoned down well. At the application level it's a different story. Traditional approaches that shield systems at the HTTP layer or before production, like WAFs and source code analysis, slow down development and don't protect complex infrastructures of today's best companies. Application protection simply hasn't kept up with the fast pace of change in the modern development world of CI/CD where velocity can make or break a company.


Pierre Betouin is CEO at Sqreen. Previously, Pierre spent 9 years at Apple, where he led the team in charge of security assessments for Internet Services department, hacking products and designing protections. Previously, Pierre was evaluating aircraft systems robustness for defense companies and was performing security research on various technologies. Pierre holds 23 US patents.

Published Tuesday, April 02, 2019 8:01 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2019>