Endor Labs, creator of the Code and Pipeline Governance Platform, today announced $70 million in oversubscribed Series A financing from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, Section 32, and over 30 industry-leading CEOs, CISOs, and CTOs. Arif Janmohamed of Lightspeed, Sri Viswanath of Coatue and former CTO of Atlassian; and Deepak Jeevankumar of Dell Technologies Capital will be joining the Endor Labs Board. The new round of funding, which includes $22M converted to equity from the previous round and comes only 10 months after the company's launch, will help Endor Labs create effective application security programs that don’t impose a productivity tax on developers.
Today, developers waste more than half their time investigating endless security alerts, integrating and maintaining security tools in continuous integration and continuous delivery (CI/CD) pipelines, and negotiating priorities and exceptions with security teams.
With over 90% of code in modern applications coming from open source software (OSS) repositories, the Endor Labs team chose to build its foundation on OSS governance, focusing on helping teams select and maintain high-quality and secure OSS from the onset, and cutting 80% of the vulnerability noise by pinpointing reachable and exploitable risks that would truly affect operations. The latest milestone in funding will help Endor Labs build on its current momentum by expanding into other areas of code and pipeline security, and other geographics, such as EMEA. Through all of its current and future initiatives, the core mission will remain the same: To achieve application security without wasting development cycles by surfacing risks that actually matter across the software development lifecycle.
According to the recent 2023 Gartner® Cool Vendors™ in Platform Engineering for Scaling Application Security Practices report1, "Platform teams find it difficult to meet application security needs without hampering the developer experience." The report also states that "A fragmented DevSecOps toolchain makes it difficult to enforce consistent security policies and ship software that is 'secure by default.' And that 'By 2026, 70% of platform teams will integrate application security tools as part of internal developer platforms to scale DevSecOps practices, up from 20% in 2023.'"
"Application security is fundamentally broken today — engineering teams are constantly being asked to deploy dozens of AppSec tools in the CI/CD pipeline, which creates significant work for developers, slows down feature delivery, and increases friction between the engineering and security teams," said Varun Badhwar, Founder and CEO of Endor Labs. "The path forward lies in consolidating the DevSecOps toolchain, simplifying tool deployments, and prioritizing the handful of risks that actually matter. This is the future we envision, and our team is working closely with our customers and partners to reach that goal. We thank our investors for their recent endorsement, and we pledge to continue innovating in this critical arena."
The market is changing: Most security professionals now see their engineering counterparts as internal customers and are seeking platform approaches that reduce the cognitive load of implementing disparate security controls, and that help them focus on the issues that matter most. Endor Labs has been at the forefront of this transformation since its launch, and the new funding–along with the ongoing customer adoption–further validates this approach.
Although it's been around for less than a year, Endor Labs has already received numerous industry accolades and acknowledgements: It was recognized as a Gartner® Cool Vendor™, and was the first company to be selected as a finalist in both RSA Conference's Innovation Sandbox and Black Hat's Startup Spotlight Competition.
"The investment Endor Labs has made in reachability analysis makes them truly stand out," says Greg Pettengill, Principal Security Engineer at Five9, an Endor Labs customer. "Traditional Software Composition Analysis (SCA) tools drown developers in false positives, while Endor Labs surfaces risks that actually matter, freeing up AppSec and engineering teams to focus on providing value to our customers."
Endor Labs was founded in 2021 by Varun Badhwar and Dimitri Stiliadis, who previously founded RedLock and Aporeto respectively, and scaled Prisma Cloud by Palo Alto Networks from inception to a $300 million ARR business in only three years. While managing a team of 400-plus developers, Badhwar and Stiliadis recognized the pain involved in balancing engineering productivity with software supply chain security.
"We love to partner early with outstanding entrepreneurs who have clarity of vision, and support them through every stage of the company's journey," said Arif Janmohamed, Partner at Lightspeed. "Varun and team are not only addressing a massive, unmet need in the application security world, but are laying the foundation for an enduring company in a fast-growing market. Lightspeed is proud to have invested in Endor Labs' Seed financing, and to lead their Series A round."
"In order to achieve application security, every company needs to be thinking about their developer team's productivity and workstream," explains Sri Viswanath, general partner at Coatue and former CTO of Atlassian. "The Endor Labs team is building a mission critical solution that will not only improve security levels but also vastly improve developers' ability to build and ship their products. I am thrilled to be joining the Endor Labs Board as they make several breakthroughs in this long ignored space."