Endor Labs, the creator of the Code and Pipeline Governance Platform, has secured $70 million in Series A funding in an oversubscribed round. The financing was led by Lightspeed Venture Partners (LSVP), with participation from Coatue, Dell Technologies Capital, Section 32, and over 30 industry-leading CEOs, CISOs, and CTOs. Additionally, Arif Janmohamed of Lightspeed, Sri Viswanath of Coatue, and Deepak Jeevankumar of Dell Technologies Capital will join the Endor Labs board.
This latest funding round, which includes $22 million converted to equity from the previous round, comes just 10 months after the company’s launch. It will enable Endor Labs to develop effective application security programs that do not hinder developer productivity.
Currently, developers spend more than half of their time investigating security alerts, integrating and managing security tools in continuous integration and continuous delivery (CI/CD) pipelines, and negotiating with security teams. To address these challenges, Endor Labs focuses on open source software (OSS) governance, aiming to assist teams in selecting and maintaining secure OSS while minimizing vulnerability noise. By pinpointing reachable and exploitable risks, Endor Labs cuts through the noise and identifies risks that actually impact operations. With the new funding, the company plans to expand into other areas of code and pipeline security, as well as other geographical regions like EMEA, while remaining committed to its mission of achieving application security without impeding development cycles.
According to a recent Gartner report titled “2023 Cool Vendors in Platform Engineering for Scaling Application Security Practices,” platform teams struggle to meet application security needs without hindering the developer experience. The report indicates that a fragmented DevSecOps toolchain makes it challenging to enforce consistent security policies and ship software that is “secure by default.” It further predicts that by 2026, 70% of platform teams will integrate application security tools as part of internal developer platforms to scale DevSecOps practices, up from 20% in 2023.
Varun Badhwar, Founder and CEO of Endor Labs, acknowledges that application security is currently broken, as engineering teams are overwhelmed with deploying numerous AppSec tools in the CI/CD pipeline. This approach creates significant work for developers, slows down feature delivery, and increases friction between engineering and security teams. Badhwar envisions a consolidated DevSecOps toolchain that simplifies deployments and prioritizes the handful of risks that truly matter. He thanks the investors for their endorsement and pledges to continue innovating in this critical arena.
The market is undergoing a shift, as security professionals increasingly view their engineering counterparts as internal customers and seek platform approaches that reduce the burden of implementing various security controls. Endor Labs has been at the forefront of this transformation since its launch, and the recent funding, along with ongoing customer adoption, further validates the company’s approach.
Despite operating for less than a year, Endor Labs has already received industry recognition. It was named a Gartner Cool Vendor and was the first company to be selected as a finalist in both RSA Conference’s Innovation Sandbox and Black Hat’s Startup Spotlight Competition.
Greg Pettengill, Principal Security Engineer at Five9, an Endor Labs customer, highlights the company’s standout feature: reachability analysis. He contrasts traditional Software Composition Analysis (SCA) tools, which inundate developers with false positives, with Endor Labs’ ability to surface risks that truly matter. This capability frees up AppSec and engineering teams to deliver value to customers.
Endor Labs was founded in 2021 by Varun Badhwar and Dimitri Stiliadis, who have extensive experience in the industry. They previously founded RedLock and Aporeto, respectively, and played crucial roles in scaling Prisma Cloud by Palo Alto Networks to a $300 million ARR business in just three years. Their firsthand experience managing large developer teams allowed them to recognize the challenges of balancing engineering productivity with software supply chain security.
Arif Janmohamed from Lightspeed commends Endor Labs’ vision and its potential to address a significant, unmet need in the application security realm. He believes the company is well-positioned to build an enduring business in a fast-growing market. Sri Viswanath, a general partner at Coatue and former CTO of Atlassian, emphasizes the critical importance of considering developers’ productivity and workstreams when aiming to achieve application security. He is thrilled to join the Endor Labs board and witness the breakthroughs in this overlooked space.
The $70 million Series A funding will undoubtedly propel Endor Labs towards realizing its vision of revolutionizing application security and facilitating the seamless integration of security practices into the development process. With the support of its investors, the company will continue to innovate and solidify its position as a leader in the field.