Endor Labs Raises $70M
August 2023 by Marc Jacob
Endor Labs announced $70M in oversubscribed Series A financing from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, Section 32, and over 30 industry-leading CEOs, CISOs, and CTOs. Arif Janmohamed of Lightspeed, Sri Viswanath of Coatue and former CTO of Atlassian; and Deepak Jeevankumar of Dell Technologies Capital will be joining the Endor Labs Board. The new round of funding, which includes $22M converted to equity from the previous round and comes only 10 months after the company’s launch, will help Endor Labs create effective application security programs that don’t impose a productivity tax on developers.
Today, developers waste more than half their time investigating endless security alerts, integrating and maintaining security tools in continuous integration and continuous delivery (CI/CD) pipelines, and negotiating priorities and exceptions with security teams.
With over 90% of code in modern applications coming from open source software (OSS) repositories, the Endor Labs team chose to build its foundation on OSS governance, focusing on helping teams select and maintain high-quality and secure OSS from the onset, and cutting 80% of the vulnerability noise by pinpointing reachable and exploitable risks that would truly affect operations. The latest milestone in funding will help Endor Labs build on its current momentum by expanding into other areas of code and pipeline security, and other geographics, such as EMEA. Through all of its current and future initiatives, the core mission will remain the same: To achieve application security without wasting development cycles by surfacing risks that actually matter across the software development lifecycle.
According to the recent 2023 Gartner® Cool Vendors™ in Platform Engineering for Scaling Application Security Practices report1, “Platform teams find it difficult to meet application security needs without hampering the developer experience.” The report also states that “A fragmented DevSecOps toolchain makes it difficult to enforce consistent security policies and ship software that is “secure by default.” And that “By 2026, 70% of platform teams will integrate application security tools as part of internal developer platforms to scale DevSecOps practices, up from 20% in 2023.”
“Application security is fundamentally broken today – engineering teams are constantly being asked to deploy dozens of AppSec tools in the CI/CD pipeline, which creates significant work for developers, slows down feature delivery, and increases friction between the engineering and security teams,” said Varun Badhwar, Founder and CEO of Endor Labs. “The path forward lies in consolidating the DevSecOps toolchain, simplifying tool deployments, and prioritizing the handful of risks that actually matter. This is the future we envision, and our team is working closely with our customers and partners to reach that goal. We thank our investors for their recent endorsement, and we pledge to continue innovating in this critical arena.”
The market is changing: Most security professionals now see their engineering counterparts as internal customers and are seeking platform approaches that reduce the cognitive load of implementing disparate security controls, and that help them focus on the issues that matter most. Endor Labs has been at the forefront of this transformation since its launch, and the new funding–along with the ongoing customer adoption–further validates this approach.
Although it’s been around for less than a year, Endor Labs has already received numerous industry accolades and acknowledgements: It was recognized as a Gartner® Cool Vendor™, and was the first company to be selected as a finalist in both RSA Conference’s Innovation Sandbox and Black Hat’s Startup Spotlight Competition.
“The investment Endor Labs has made in reachability analysis makes them truly stand out,” says Greg Pettengill, Principal Security Engineer at Five9, an Endor Labs customer. “Traditional Software Composition Analysis (SCA) tools drown developers in false positives, while Endor Labs surfaces risks that actually matter, freeing up AppSec and engineering teams to focus on providing value to our customers.”
Endor Labs was founded in 2021 by Varun Badhwar and Dimitri Stiliadis, who previously founded RedLock and Aporeto respectively, and scaled Prisma Cloud by Palo Alto Networks from inception to a $300M ARR business in only three years. While managing a team of 400-plus developers, Badhwar and Stiliadis recognized the pain involved in balancing engineering productivity with software supply chain security.
1 Gartner Cool Vendors in Platform Engineering for Scaling Application Security Practices, By Manjunath Bhat, Aaron Lord, Nitish Tyagi, Published 6 July 2023. GARTNER and COOL VENDORS are registered trademark and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.