DevSecOps , Events , Finance & Banking

Endor Labs Raises $70M to Push From Code to Pipeline Defense

A 2023 RSA Innovation Sandbox Contest Finalist Has Its First Major Funding Round
Endor Labs Raises $70M to Push From Code to Pipeline Defense
Varun Badhwar, co-founder and CEO, Endor Labs (Image: Endor Labs)

A finalist in RSA Conference's prestigious Innovation Sandbox contest completed its first major funding round to extend its capabilities from code security to pipeline security.

See Also: eBook I Tool Consolidation

Silicon Valley-based Endor Labs received $70 million to move beyond protecting open-source software and get into locking down the CI/CD pipeline, validated secrets and configuration repositories, said co-founder and CEO Varun Badhwar. The Series A round was led by Lightspeed Venture Partners and Coatue, and Badhwar said Endor should be able to achieve profitability without any additional funding.

"Most companies have not focused their attention on controls and securing the CI/CD pipeline," Badhwar told Information Security Media Group. "Code security and pipeline security are natural extensions."

Endor Labs was founded in 2021 and emerged from stealth in October under the leadership of Badhwar and Dimitri Stiliadis, who previously scaled Palo Alto Networks' Prisma Cloud business to $300 million in annual recurring revenue in just three years. Badhwar previously started and led RedLock, and Stiliadis started and led Aporeto, which were purchased by Palo Alto Networks in fall 2018 and December 2019.

Protecting the Pipeline

Badhwar said pipeline security has become more understood in recent years as the U.S. government is pushing the software bill of materials, making it a budget greenfield for most organizations. The current generation of pipeline security tools creates a lot of noise for organizations since they can't ascertain whether an exposed secret has actually been validated or is a dummy or test secret, Badhwar said.

Organizations today often depend on 10 or 20 different tools to get visibility into their development pipeline, which Badhwar said is very inefficient. Badhwar said Endor Labs can now safeguard the entire software supply chain from the code that developers write to the code that developers bring in through open-source libraries - as well as the code as it is moving through the development pipeline.

"Code security and pipeline security are natural extensions."
– Varun Badhwar, co-founder and CEO, Endor Labs

Several large companies have in recent years said their source code repositories were compromised, leading to exposed secrets and keys accessible in S3 buckets. Endor Labs has also invested in controlling access in code repositories since developers frequently come and go while third-party consultants and external contributors need access to the repositories for a limited period of time, Badhwar said.

Expanding Beyond North America

From a geographic standpoint, Endor Labs wants to expand from being focused exclusively on North America to generating at least 25% of its revenue from outside the region a year from now. Endor Labs competes most frequently against software composition analysis tool makers such as Snyk and Synopsys, and it excels at giving developers time back to write software by cutting most erroneous vulnerability noise (see: Sonatype, Snyk, Synopsys Top SW Comp Analysis Forrester Wave).

From a metrics standpoint, Badhwar said, Endor Labs will track customer count, net revenue retention and sales efficiency to ensure the company is scaling in a disciplined and financially sound fashion. The company serves organizations in verticals ranging from banking to e-commerce and retail with anywhere between 100 and tens of thousands of engineers and lots of software being written internally.

"We're currently engaged in various stages of implementation and evaluation with several of the largest banks in the country," Badhwar said. "We are very excited about the value we bring by giving developers time back to actually write software."

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.