Building With Endor Labs—Application Security For All

The team at Endor Labs

It was just 10 months ago that we at Lightspeed announced Endor Labs’ $25M Seed financing round. Since then, Endor Labs has continued to execute, added a strong customer base, won a slew of industry recognition awards, and gained a critical spot in the toolkits of leading-edge DevSecOps engineers.

That’s why we’re excited to lead Endor Labs’ Series A financing. Between their seed and their Series A financing, Endor Labs is announcing a total of $70M raised, with participation from Coatue, Dell Technologies Capital, Section 32, and over 30 industry-leading CEOs, CISOs and CTOs.

Endor Labs solves a critical problem that is only growing in scope – helping developers secure their applications. As we wrote back in October, “Historically, the thinking has gone that if bad guys can’t get into a network or access a company’s storage, then the data is safe. So while a ton of money is spent on securing devices, endpoints, servers, or the network, not a lot of money has been spent on securing applications.

“Over the last couple of years, the industry got several critical wakeup calls (Log4Shell, SolarWinds) when they woke up to some very sophisticated attacks not on enterprise infrastructure, but on the applications themselves. Even more concerning, the attacks weren’t directly on a specific application vulnerability, but rather on the widely used 3rd party components of the applications…which meant the blast radius of the attacks was wide, broad, and affected all of us.”

Almost all modern applications rely extensively on open source software, standardized APIs, and a lingua franca of programming techniques so that they can be efficiently developed and maintained, whether they are small, bespoke apps, or consumer-facing giants. Developers don’t have time to reinvent the wheel when they can solve their problems with standardized tooling, especially ones with robust communities of support and ongoing development.

The problem is, this very feature of open source can be a critical, even fatal bug. The most popular codebases attract the highest volume of attacks, and if a particularly bad vulnerability is discovered, huge swaths of the internet could suddenly become vulnerable. But that’s not all – the other part of this problem is that vulnerabilities are discovered all the time, every day. Developers can be absolutely flooded with security alerts about attack vectors that are completely irrelevant to their particular tech stack and implementation. 

This is part of the “productivity tax” developers pay for using open source software. They can save huge amounts of time upfront, and even deploy capabilities they wouldn’t otherwise be able to code in-house, but they also end up caught in a cycle of maintaining packages and updating code that grows ever more complex and ever more exposed to vulnerabilities never considered when originally building the application.

Endor Labs has set out to reduce and even eliminate this tax by helping developers select and maintain high quality open source software, and also by making sure DevSecOps teams can prioritize only the vulnerabilities that would actually affect their operations. It’s a revolutionary approach that gets DevSecOps truly working as one unit, so they ship and maintain applications that are secure and performant right out of the gate.

As DevSecOps emerges as the default paradigm in which applications are built, the disparate groups often find themselves at loggerheads – applications can’t ship until they’re secure, but they can’t test performance until they’re shipped, and new features or ops enhancements are backlogged behind security updates. This is the opposite of a flywheel effect, where each group’s concerns serve to blockade those of the others. It just doesn’t work.

Endor Labs’ innovation is to rebuild DevSecOps into a functioning flywheel, where developers, security experts, and operations engineers are working seamlessly together on a platform – Endor Labs’ Code and Pipeline Governance platform – that enables each group to address their priority issues without blocking the other teams’ similarly critical concerns. And it’s expanded even further to cover not only open source software security, but also wider application security, with Continuous Integration/Continuous Delivery (CI/CD) and secret governance, and compliance – all with a focus of prioritizing risks that impact the business.

It’s a blueprint for success. Star Wars fans might recognize Endor Labs’ namesake, Endor, as the home planet of the Ewoks – a small but formidable species that displayed remarkable coordination and teamwork in their hunts for the bad guys (Stormtroopers). Cheesy or not, it’s this kind of coordination that Endor Labs is trying – and succeeding – to bring to the world of application development.

Endor Labs is already receiving accolades from Gartner (as a Cool Vendor) and as a finalist at RSA’s Innovation Sandbox and Black Hat’s Startup Spotlight. Its Co-Founders, Varun Badhwar and Dimitri Stiliadis, are experienced operators who have massively scaled engineering-centric businesses before. Indeed it’s their experience scaling Prisma Cloud by Palo Alto Networks that led them to the insight that software supply chain security is a huge pain point in need of a solution, which is how they came to the idea that illuminates Endor Labs.

Our strategy has always been to partner early with outstanding entrepreneurs who have clarity of vision, and support them through the process. Varun and team are not only addressing a massive, unmet need in the application security world, but are laying the foundation for a long and enduring company in a fast-growing market. We’re proud and excited to have been with Endor Labs since day one, and to continue this journey with them.

Lightspeed Possibility grows the deeper you go. Serving bold builders of the future.