Virgil Security Raises $4M for Application Security

The security vendor aims to embed security as part of an application by way of an integrated software development kit.

application security

Virgil Security announced on Oct. 12 that it has raised $4 million in a Series A round of funding. The new funding, which was led by KEC Ventures and included the participation of Bloomberg Beta, Blu Venture Investors, Charge Ventures, NextGen Venture Partners, Sparkland Capital and Working Lab Capital, will be used to help the company grow its sales, marketing and go-to-market efforts.

Virgil Security got its start in August 2014 and was part of the Mach 37 cyber accelerator program that helps startups build a business.

"What we do is we turn every software developer into an applied cryptologist," Dmitry Dain, CTO and founder of Virgil Security, told eWEEK. "Most developers simply don't know how to protect their applications, so we created a set of SDKs and APIs in the cloud that allows any software developer to protect applications."

What Virgil Security does not provide is Transport Layer Security (TLS) for data in motion. Dain said the company provides end-to-end application layer encryption.

"Our system doesn't care what transport a developer uses," Dain said. "A developer can choose to use TLS or they can use insecure transport; it doesn't matter as everything is encrypted at the application layer."

Virgil Security provides encryption for data at rest that is deployed in the cloud, he said. A common attack vector for hackers today is to intercept non-TLS transported data in a man-in-the-middle attack that can then replace data or potentially inject malicious code into an application. According to Dain, Virgil Security users are still protected thanks to the use of the Elliptic Curve Integrated Encryption Scheme (ECIES) algorithm, which includes data verification.

"Many IoT devices do not use secure transport," he said. "So we enable developers not to worry about which particular data transport method is being used as we encrypt at the application layer."

The way Virgil Security works is a software library is compiled into an application. Software development kits (SDKs) are provided for high-level programming languages, including Python, Java, C, .NET and Go. To enable a DevOps workflow, Virgil Security integrates with the open-source Jenkins continuous development/continuous integration (CI/CD) platform.

The core software libraries for Virgil Security are available as open-source downloads on GitHub. On top of the core libraries is the Virgil Key Service, which provides a cloud-based crypto key management service that has commercial support options available.

"The libraries are open-source, and users can just take the GitHub code and never actually need to talk to us at all," Michael W. Wellman, CEO and co-founder of Virgil Security, told eWEEK.

Virgil Security is looking at moving beyond just data encryption and data verification to providing a full suite of security APIs. Additionally, Dain said there will be more work done on making it easier for developers to easily build secured applications.

"We don't consider ourselves to be a pure cyber-security company; we're more of a developer tools company," Dain said. "We're not preventing malware; we're purely doing application security."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.