The News: Endor Labs raised $70 million in an oversubscribed Series A funding round that included backing from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, and Section 32, as well as more than 30 CEOs, CISOs, and CTOs. The vendor will invest the funding in research and development to further its Code and Pipeline Governance Platform, as well as in expanding its go-to-market reach in the channel and in EMEA. Additional information is available on the Endor Labs blog.
Endor Labs Secures $70 Million Series A Funding
Analyst Take: The market dynamics surrounding CI/CD and open-source pipeline security are rapidly evolving as businesses prioritize efficient and secure software development practices. Continuous Integration and Continuous Deployment (CI/CD) methodologies have gained immense popularity due to their ability to accelerate the development process and improve software delivery. However, with the increasing reliance on open-source components in pipelines, there is a growing need for robust security solutions to address potential vulnerabilities and ensure the integrity of the entire software supply chain. As a result, the demand for comprehensive and automated security tools in the CI/CD space continues to rise, presenting significant opportunities for innovative security providers.
Fresh from its launch 10 months ago, Endor Labs has secured $70 million in a Series A funding round. The investment capital will be applied in two key areas. The first is furthering research and development (R&D) initiatives to advancing development of the company’s Code and Pipeline Governance Platform, which was designed to streamline DevSecOps processes as they pertain to open-source software development. The second is facilitating go-to-market initiatives focused on expanding the company’s reach in the channel and in EMEA.
As The Futurum Group learned in conversation with Endor CEO Varun Badhwar, who was previously at Palo Alto Networks and built its cloud-native security business from scratch to over $300 million annual recurring revenue (ARR) in 3 years, with the vendor’s Code and Pipeline Governance Platform, Endor Labs aims to enable DevSecOps teams to meet security and compliance requirements, including creating a software bill of materials (SBOM) and addressing critical vulnerabilities, without impacting their productivity. Effectively, the objective is to bake security in as a default component of the CI/CD pipeline and to allow security policies to be enforced consistently, without hampering developer productivity.
Today’s developers use a host of open-source components and libraries as they script applications; in fact, according to Endor Labs, 90% of code in modern applications is open source. While speeding development operations by avoiding the need for developers to create everything from scratch, the tradeoff inherent in this approach is the creation of a plethora of dependencies that developers themselves might not even be privy to. As a result, as vulnerabilities arise, IT Operations and security teams might not be aware that an application is impacted, or they might end up spending extensive time prioritizing addressing a vulnerability that does not materially impact source code. According to Endor, only approximately 12% of open-source code that is brought in by developers ends up finding its way into source code. In other words, prioritizing risk mitigation initiatives has become practically impossible. With the criticality of agile development to business success, and the ongoing onslaught of cyber-attacks that capitalize on software vulnerabilities, this is a significant issue that Endor’s product tackles.
Among Endor’s differentiators are its focus on “dependency life cycle management,” that is, cataloging and tracking applications’ various dependencies, and applying a metrics-based risk score that can be used to prioritize and apply security policies. The concept is that comprehensively inventorying potential paths to vulnerabilities allows them to be prioritized and subsequently addressed.
Though only 2 years since its founding and 10 months since its launch, Endor is one of four finalists in Black Hat USA’s 2023 startup competition, occurring on August 9. The company has attracted a spate of large customers, including Five9, as well as an R&D staff, one-third of which is educated at the doctoral level. Fueled with the investment funding, Endor is well-poised to continue innovating around the pressing issue of managing application security vulnerabilities in a DevSecOps environment.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
What Is Comprehensive Cyber-Resiliency? — Infrastructure Matters, Episode 4
Searching for That Good Restore Point
Cybersecurity is Everyone’s Job
Author Information
With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately a decade of experience providing research and advisory services and creating thought leadership content, with a focus on IT infrastructure and data management and protection. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Prior to joining The Futurum Group, Krista led the data center practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.
Krista holds a Bachelor of Arts in English Journalism with a minor in Business Administration from the University of New Hampshire.
Regarded as a luminary at the intersection of technology and business transformation, Steven Dickens is the Vice President and Practice Leader for Hybrid Cloud, Infrastructure, and Operations at The Futurum Group. With a distinguished track record as a Forbes contributor and a ranking among the Top 10 Analysts by ARInsights, Steven's unique vantage point enables him to chart the nexus between emergent technologies and disruptive innovation, offering unparalleled insights for global enterprises.
Steven's expertise spans a broad spectrum of technologies that drive modern enterprises. Notable among these are open source, hybrid cloud, mission-critical infrastructure, cryptocurrencies, blockchain, and FinTech innovation. His work is foundational in aligning the strategic imperatives of C-suite executives with the practical needs of end users and technology practitioners, serving as a catalyst for optimizing the return on technology investments.
Over the years, Steven has been an integral part of industry behemoths including Broadcom, Hewlett Packard Enterprise (HPE), and IBM. His exceptional ability to pioneer multi-hundred-million-dollar products and to lead global sales teams with revenues in the same echelon has consistently demonstrated his capability for high-impact leadership.
Steven serves as a thought leader in various technology consortiums. He was a founding board member and former Chairperson of the Open Mainframe Project, under the aegis of the Linux Foundation. His role as a Board Advisor continues to shape the advocacy for open source implementations of mainframe technologies.