Highlights:
- The company said its technology fills security gaps caused by the widespread use of web-based software-as-a-service applications.
- Seraphic enhances security service edge deployments with zero-trust access for identity-verified connections on any device.
Recently, a developer of browser security software, Seraphic Algorithms Ltd., secured USD 29 million in early-stage funding, with GreatPoint Ventures LLC leading the round.
CrowdStrike Inc.’s Falcon Fund, along with existing investors Planven Investments SA, Cota Capital Management LLC, and Storm Ventures LLC, also took part in the funding round. Seraphic Security announced that it will utilize the Series A investment to enhance product development and expand its presence in North America and the Europe/Middle East/Africa region.
Seraphic integrates an abstraction layer between executing code and a browser’s JavaScript engine, providing protection against zero-day and unpatched n-day browser exploits. This approach helps defend against common threats, including phishing attacks, overly permissive or malicious extensions, and data exfiltration.
The company stated that its technology tackles security vulnerabilities arising from the widespread adoption of software-as-a-service applications, which are primarily accessed via web browsers. Since browsers run external code and interact with untrusted sources, they pose a significant security risk.
Seraphic stated that it overcomes the shortcomings of traditional browser security methods, including local and remote browser isolation as well as extensions. While isolation can impact user experience and fails to fully safeguard user identities, extensions offer limited visibility due to browser API restrictions.
Seraphic employs a JavaScript-based browser agent that seamlessly integrates with existing browsers and utilizes Moving Target Defense—a strategy that continuously alters system components, increasing the difficulty and cost for attackers attempting to exploit vulnerabilities.
According to the company, the software layer operates independently of threat intelligence feeds, providing strong defense against zero-day threats and HTML smuggling attacks. It ensures real-time detection and protection without affecting the user experience, dynamically identifying risky login pages and rendering them in read-only mode. Additionally, the software encrypts session cookies to prevent theft and mitigates credential-stuffing attacks by monitoring password reuse.
Administrators have fine-grained control over user actions, including block printing and screen captures, implementing dynamic data masking to conceal sensitive information, and applying browser session watermarking for traceability in the event of data leaks.
Seraphic stated that it enhances existing security service edge deployments by incorporating integrated zero-trust network access principles, enabling identity-verified access from both managed and unmanaged devices.
“With the rise of SaaS applications and a hybrid workforce, browsers have become a critical attack surface for today’s adversaries. Seraphic Security’s unique yet simple approach solves a critical gap in enterprise browser security, which is why we invested in this innovative technology and team,” Michael Sentonas, President of CrowdStrike, said in a statement.