Security Firm Invicti Gets $625M To Drive Product Development

‘This is a competitive marketplace. In order to win, we need to keep delivering better and better functionality and automation for our customers,’ Invicti President and COO Mark Ralls tells CRN.

Invicti Security has received a $625 million investment from private equity firm Summit Partners to support continued growth and product development initiatives.

The Austin, Texas-based application security testing vendor plans to bring more automation to its products by using artificial intelligence and machine learning as well as make it easier for MSSPs to leverage Invicti’s technology, according to President and COO Mark Ralls. The technology investment will be specifically focused on automating tasks that require human involvement today, Ralls told CRN.

“This is a competitive marketplace,” Ralls said. “In order to win, we need to keep delivering better and better functionality and automation for our customers.”

[Related: Black Hat Is Back: Scenes From The Show]

Invicti already does a lot of automation around validating vulnerabilities, and with the money from Summit wants to get into automating business logic as well as prioritizing what to remediate. AI & ML can ensure prioritization decisions factor in the sensitivity of a page where a vulnerability is present rather than just the severity of the flaw itself so that issues which expose PII are addressed right away.

“The good guys are understaffed and under resourced,” Ralls said.

The $625 million investment will also open the door to potential acquisitions that extend Invicti’s capabilities beyond its historic strength in dynamic application security testing (DAST) as well as its recent push into interactive application security testing (IAST) to get into other application security technologies that would be appealing to enterprise customers, according to Ralls.

From a channel perspective, Ralls said Invicti rolled out its first MSSP-specific licensing model earlier this year that provides high levels of functionality while making it easier for partners to handle month-to-month fluctuations in demand. Invicti works with less than 50 MSSPs today but doubled its MSSP partner base in the third quarter of 2021 and expects to do so again this quarter, according to Ralls.

Approximately half of Invicti’s sales go through the channel today, and the company expects its partner-led business to grow faster than its direct business going forward, according to Ralls. Invicti has transacted with roughly 800 channel partners over the past year, and in the United States works with partners such as GuidePoint Security, Insight Enterprises, Optiv, SHI International and TD Synnex.

“The channel is critically important to us, and we’re really excited about what the future will bring as we move forward with our partnership with Summit,” Ralls aid.

The company has added 700 new customers in the last 12 months and is on track to grow annual recurring revenue by more than 60 percent in 2021. Invicti was formed in 2018 through the combination of SMB-focused automated web application security scanner Acunetix and enterprise web application security vendor Netsparker.

“As we looked at the opportunities that were present in the application security market, we wanted to find another investor who could make a significant investment and help us get to the next level,” Ralls said.

Acunetix and Netsparker were established in 2005 and 2009, respectively, and the combined Invicti organization today employs 322 people, up 59 percent from 203 employees a year earlier, according to LinkedIn. Invicti has grown its headcount most aggressively in its engineering and IT departments, which have seen staffing increases over the past year of 130 percent and 71 percent, respectively.

“Software development cycles have shortened dramatically over the last decade, opening new vulnerabilities every time a web application is released or updated,” Summit Partners COO Scott Collins said in a statement. “Invicti is working to meet this challenge head on with elegant and seamless solutions designed to bring scale, automation, speed and accuracy to help organizations secure their web attack surface.”

Summit will join forces with private equity firm Turn/River Capital, which first invested in Invicti in 2017 and will remain a significant shareholder going forward. Turn/River Capital announced a $40 million Series A investment in Netsparker in April 2018.

“We are proud to have support Invicti and its team since 2017 through a tremendous growth journey amid soaring enterprise demand for full application security coverage,” Turn/River Capital Partner Joanne Yuan said in a statement. “We are excited to reinvest in this partnership alongside Summit, reaffirm our conviction in the opportunity ahead and help to further accelerate the company’s growth.”

Invicti’s software is designed to enable organizations to scan their entire web footprint for vulnerabilities and facilitate remediation through integration into developer workflows. The company said its technology is accurate, scalable to the entire web attack surface, and capable of leveraging automation to significantly reduce the need for manual work by security and development teams.

The company in August 2020 updated its partner program with a revamped partner portal, deeper global channel support, and an expansion of its scope beyond Acunetix to also include Netsparker. Invicti said its new automated web portal enables distributors and resellers to quickly and easily register and track deals, create custom-branded marketing materials, and access various training materials.

Invicti’s channel has been led since February 2021 by John Andrews, who previously spent a year as privileged access management vendor Centrify’s global channel chief and 18 months leading international channels for security analytics and automation vendor Rapid7.