ArmorCode looks to disrupt application security with launch of modular intelligent application security platform

The channel is a key part of ArmorCode’s strategy. Out of the gate they are already working with SI partners, and plan to add VAR partners going forward.

Palo Alto-based startup ArmorCode has come out of stealth, launching a developer-friendly platform that they believe will revolutionize the application security space. They also announced their $3 million seed funding round, led by Sierra Ventures with participation from Tau Ventures and Z5 Capital and individual investors with IT leadership backgrounds.

ArmorCode’s CEO and co-founder is Nikhil Gupta, a former VMware and Cisco executive who founded Avid Secure, an AI-powered enterprise cloud security posture management company acquired by Sophos in early 2019. Gupta and Anant Misra, ArmorCode’s CTO, then founded ArmorCode in July 2020.

“We believe that application security is ripe for disruption,” Gupta told ChannelBuzz. “I started in this business 25 years ago as a software developer in a time of waterfall methodology and monolithic architecture and not much use of open source. Now you have agile methodology, microservices-based architecture, and 70-80% is open source. “In those old days, application security used ten or more types of AppSec tools, which are still being used now, and which have become old and dated, providing lots of false positives and relatively little insight into what is happening, or even what apps are there.

“If you ask security leaders how many applications they have got, the problem is right there – almost all don’t know,” Gupta said.

Worse still, the way in which these application security tools have been integrated has become a crazy quilt where things are connected in a hodgepodge way.

Nikhil Gupta, ArmorCode’s CEO and co-founder

“The first generation of DevSecOps connected all the tools together, and as a result created an ugly picture that was very convoluted,” Gupta said. “What we do is provide frictionless DevSecOps automation. We normalize Al at the outset, and dedupe it. Then we do correlation, then on top of that do the business context. All of this is done through automated SLAs. The ugly picture then becomes a clean picture.”

Gupta emphasized the importance of ArmorCode using a platform strategy, where customers can choose from the modular offerings available.

“Most startups start with a product, but we have taken a very unique platform approach,” he said. “Customers understand you need to have an integrated solution.”

As they emerge from stealth, ArmorCode has three modules:  Application Security Posture Management; DevSecOps and Workflow Automation; and Continuous Compliance and Governance. The plan is to expand this, however.

“We have all three on Day One, but we want to add many more modules,” Gupta stated. “Before their IPO, Crowdstrike had five modules and now they have 19. Our platform is very scalable and naturally modular, so customers can pick and choose what they buy.”

Gupta also stressed the ease with which the platform integrates with third party solutions.

“We have over 60 integrations on day one, and can add a new one in a couple of days,” he said.

Unusually for a company just coming out of stealth, ArmorCode not only has a channel component within their Go-to-Market plan, but is working with channel partners today.

“The channel is a big piece of our Go-to-Market,” Gupta said. “Our medium to large enterprise customers will go through partners. We just landed a Fortune 500 customer through our direct sales, but we will fulfill it through a partner.”

Today, they are working with larger SI partners, but they are also talking with smaller VARs, and those VARs are a part of the Go-to-Market plan as well.

“We are engaged with four large consulting partners, who unfortunately cannot yet be named, but they are very big partners,” Gupta said. “We are also going to be engaging with smaller VARs, but we haven’t gone there yet. We are building a strategy for that. It’s an excellent channel product because it is very flexible, and customers can see time to value in less than 15 minutes.

“We are working with one of the largest SIs in India, who has 100 Fortune 500 customers,” Gupta added. “They want to take us to all of their customers. With all these big SI partners, they can go back to their existing customers with a new conversation, and that gets us a foot in the door.”

Strategic technology partners will also be an important part of the strategy.

“We have been talking with Technology Partners, who are also excited about this,” Gupta said. “We do not have any signed as of today, but we are in the process of signing some. SI and VAR partners will also be able to build practices around these integrations and workflows.”