The News: Endor Labs raised $70 million in an oversubscribed Series A funding round that included backing from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, and Section 32, as well as more than 30 CEOs, CISOs, and CTOs. The vendor will invest the funding in research and development to further its Code and Pipeline Governance Platform, as well as in expanding its go-to-market reach in the channel and in EMEA. Additional information is available on the Endor Labs blog.
Endor Labs Secures $70 Million Series A Funding
Analyst Take: The market dynamics surrounding CI/CD and open-source pipeline security are rapidly evolving as businesses prioritize efficient and secure software development practices. Continuous Integration and Continuous Deployment (CI/CD) methodologies have gained immense popularity due to their ability to accelerate the development process and improve software delivery. However, with the increasing reliance on open-source components in pipelines, there is a growing need for robust security solutions to address potential vulnerabilities and ensure the integrity of the entire software supply chain. As a result, the demand for comprehensive and automated security tools in the CI/CD space continues to rise, presenting significant opportunities for innovative security providers.
Fresh from its launch 10 months ago, Endor Labs has secured $70 million in a Series A funding round. The investment capital will be applied in two key areas. The first is furthering research and development (R&D) initiatives to advancing development of the company’s Code and Pipeline Governance Platform, which was designed to streamline DevSecOps processes as they pertain to open-source software development. The second is facilitating go-to-market initiatives focused on expanding the company’s reach in the channel and in EMEA.
As The Futurum Group learned in conversation with Endor CEO Varun Badhwar, who was previously at Palo Alto Networks and built its cloud-native security business from scratch to over $300 million annual recurring revenue (ARR) in 3 years, with the vendor’s Code and Pipeline Governance Platform, Endor Labs aims to enable DevSecOps teams to meet security and compliance requirements, including creating a software bill of materials (SBOM) and addressing critical vulnerabilities, without impacting their productivity. Effectively, the objective is to bake security in as a default component of the CI/CD pipeline and to allow security policies to be enforced consistently, without hampering developer productivity.
Today’s developers use a host of open-source components and libraries as they script applications; in fact, according to Endor Labs, 90% of code in modern applications is open source. While speeding development operations by avoiding the need for developers to create everything from scratch, the tradeoff inherent in this approach is the creation of a plethora of dependencies that developers themselves might not even be privy to. As a result, as vulnerabilities arise, IT Operations and security teams might not be aware that an application is impacted, or they might end up spending extensive time prioritizing addressing a vulnerability that does not materially impact source code. According to Endor, only approximately 12% of open-source code that is brought in by developers ends up finding its way into source code. In other words, prioritizing risk mitigation initiatives has become practically impossible. With the criticality of agile development to business success, and the ongoing onslaught of cyber-attacks that capitalize on software vulnerabilities, this is a significant issue that Endor’s product tackles.
Among Endor’s differentiators are its focus on “dependency life cycle management,” that is, cataloging and tracking applications’ various dependencies, and applying a metrics-based risk score that can be used to prioritize and apply security policies. The concept is that comprehensively inventorying potential paths to vulnerabilities allows them to be prioritized and subsequently addressed.
Though only 2 years since its founding and 10 months since its launch, Endor is one of four finalists in Black Hat USA’s 2023 startup competition, occurring on August 9. The company has attracted a spate of large customers, including Five9, as well as an R&D staff, one-third of which is educated at the doctoral level. Fueled with the investment funding, Endor is well-poised to continue innovating around the pressing issue of managing application security vulnerabilities in a DevSecOps environment.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
What Is Comprehensive Cyber-Resiliency? — Infrastructure Matters, Episode 4
Searching for That Good Restore Point
Cybersecurity is Everyone’s Job
Author Information
Krista Case is Research Director, Cybersecurity & Resilience at The Futurum Group. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.
Steven engages with the world’s largest technology brands to explore new operating models and how they drive innovation and competitive edge.
