Endor Labs Launches with $25M Seed Financing to Tackle Massive Sprawl of Open Source Software (OSS)
Solution from category-defining entrepreneurs and world-renowned experts helps developers spend less time dealing with security issues, more time accelerating their development through safe code reuse.
Solution from category-defining entrepreneurs and world-renowned experts helps developers spend less time dealing with security issues, more time accelerating their development through safe code reuse.
Solution from category-defining entrepreneurs and world-renowned experts helps developers spend less time dealing with security issues, more time accelerating their development through safe code reuse.
Solution from category-defining entrepreneurs and world-renowned experts helps developers spend less time dealing with security issues, more time accelerating their development through safe code reuse.
Solution from category-defining entrepreneurs and world-renowned experts helps developers spend less time dealing with security issues, more time accelerating their development through safe code reuse.
PALO ALTO, CA (OCT 10, 2022) – Endor Labs officially came out of stealth today, launching the company with a Dependency Lifecycle Management Platform that helps development and security teams maximize software reuse by safely evaluating, maintaining, and updating dependencies.
The average enterprise has more than 40,000 open source dependencies directly downloaded by developers. Each of those dependencies can bring in on average 77 other (transitive) dependencies creating a massive, uncontrollable sprawl that slows down development and increases the attack surface across multiple dimensions.
The existing environment doesn’t have adequate solutions to deal with this problem. For example, Software Composition Analysis (SCA) tools lack context on how developers are using the dependencies. As a result, they drown developers with endless false positives, and miss the ability to influence better OSS selection, prioritize remediation or detect malicious dependencies.
“Eighty percent of the code in modern applications is code your developers didn’t write but depend on through open source packages. When our founding team was leading the Prisma Cloud engineering group at Palo Alto Networks, we realized the true magnitude of this issue,” said co-founder and CEO Varun Badhwar. “Having previously created the Cloud Security Posture Management (CSPM) category, this team knows how to take on next generation threats. Our mission now is to enable OSS to live up to its true potential without introducing unnecessary risk. It’s exciting to once again take a new approach to the market, and we believe these solutions will radically enhance application development everywhere.”
Endor Labs’ platform provides security and development teams with an unprecedented understanding of how dependencies are being used across their organization. Furthermore, by performing deep analytics on each OSS dependency, Endor Labs uncovers potential security and operational risks beyond just known vulnerabilities. Endor Labs helps customers select better dependencies; secure, monitor and maintain them at scale; and quickly respond to incidents like Log4j. Having a full understanding of their dependency graph also lets customers generate and analyze accurate SBOMs, and have a single source of truth for their entire software inventory.
This lifecycle approach to dependency management means it becomes easier than ever to reuse software across the org. The result is increased productivity for development and security teams, and significantly reduced supply chain risk.
“Dependency Lifecycle Management is going to be absolutely foundational for supply chain and open source security,” said Rachit Lohani, SVP and chief technology officer of Paylocity. "With Dependency Lifecycle Management, Endor Labs is setting an entirely new standard by which organizations can prioritize and zero in on the most significant security and operational issues that have the tendency to slow down application development.”
Funding
The company also announced today that it has raised $25 million in seed financing from Lightspeed Venture Partners, Dell Technology Capital, and Sierra Ventures, and several industry luminaries who have recognized the massive problem Endor Labs is solving. These include CEOs and executives from Palo Alto Networks, Zoom, Snowflake, Zscaler, Netskope, Rubrik, Databricks, Microsoft, and more.
“Endor Labs serves a critical need— while open source software development continues to grow, the way OSS dependencies and their influence on supply chain risk is managed today hinders development, and leaves both engineering and security teams frustrated,” said Arif Janmohamed, Partner at Lightspeed Venture Partners. “They have carved out a market that is both massive and underserved, and have assembled a world-class team to take on this challenge. These are exactly the qualities we seek to add to our portfolio, and we look forward to a long and productive relationship with Endor Labs.”
“This team has a proven track record of being early to identify industry-wide cyber challenges that accompany fundamental big shifts in enterprise technologies,” said Deepak Jeevankumar, managing director at Dell Technologies Capital. “Just as the F500 began migrating to the cloud en masse, Varun co-founded RedLock to build cloud-specific security solutions for them. Now, as the efficiencies of open source software give way to hard to track/manage complexities, Endor Labs is building the platform to secure the code those same businesses depend on. We’re honored with the opportunity to again back Varun along with Dimitri and the team they’ve built.”
Team
A stellar founding team at Endor Labs includes proven builders of businesses with products and technologies that disrupt, from industry leaders like Meta, Uber, Sonatype, Palo Alto Networks, Amazon, Microsoft, and more, with emphasis on security and development. The team includes:
- Varun Badhwar, Founder & CEO: A three-time founder and luminary in the cybersecurity industry, Badhwar most recently was founding GM and SVP of Prisma Cloud at Palo Alto Networks, which he built following the acquisition of his previous company, RedLock. Prior to that he founded a CASB company, CipherCloud, and held security practitioner roles at KPMG and Salesforce.
- Dimitri Stiliadis, PhD, Co-Founder & CTO: Leading the vision at Endor Labs, Stiliadis formerly served as Cloud CTO at Palo Alto Networks following the acquisition of his company Aporeto, and prior to that was co-founder and CTO at Nuage Networks, a subsidiary of Nokia/Alcatel-Lucent, and served at Bell Labs Research.
- Georgious Gousious, PhD, Chief Researcher: A well published researcher and expert in the application of advanced program analysis, data science and machine learning techniques for improving developer productivity and operational efficiency, Gousious has received four distinguished paper awards and is the main author of the GHTorrent project that makes GitHub data queryable, among numerous other distinctions.
- Ron Harnik, VP Marketing: An experienced marketing executive and product marketer, Harnik previously served in leadership roles at several startups, including PureSec which was successfully acquired by Palo Alto Networks, where Ron led Product Marketing for the Prisma Cloud business.
- Sriram Subramanian, Head of India R&D center: An engineering leader with over 25 years experience in building market-leading software products with strong expertise in Cloud, Security and SaaS. Prior to joining Endor, Sriram was VP Engineering at Citrix where he led the 200+ strong Networking Cloud services team in their journey to cloud and SaaS products.
"Software development organizations are struggling with software dependencies, a major threat vector preventing the development and maintenance of secure software, particularly with today's need for application velocity," said James Governor, co-founder of RedMonk. "Automated tools are needed to enable teams to work effectively. Endor Labs is designed to automate governance and improve visibility in an era of industrialized software reuse."
Over the last year, over 75 major organizations have provided feedback that has been incorporated into the product, which is currently in private beta with companies ranging from 200 to 35,000 employees. To join the beta, go to Endor Labs website and book a demo with us!
Read the blog by our co-founder and CEO, Varun Badhwar for more about the story of Endor Labs.
About Endor Labs
Endor Labs helps developers spend less time dealing with security issues and more time accelerating development through safe Open Source Software (OSS) adoption. Our Dependency Lifecycle Management™ Solution helps organizations maximize software reuse by enabling security and development teams to select, secure, and maintain OSS at scale. The Endor Labs engineering team includes some of the world’s leading static analysis experts, including 7 PhDs and senior engineers from Meta, Uber, Amazon, and Microsoft. Endor Labs was founded by industry veterans Varun Badhwar and Dimitri Stiliadis, and is backed by Lightspeed & Dell Technologies Capital, as well as executives at companies like Palo Alto Networks, Zscaler, Zoom, Google, and more.
Addendum
ENDOR LABS LAUNCHING WITH WIDESPREAD INDUSTRY SUPPORT
Here’s what investors, partners, analysts and customers have to say:
“Dependency Lifecycle Management is going to be absolutely foundational for supply chain and open source security. With Dependency Lifecycle Management, Endor Labs is setting an entirely new standard by which organizations can prioritize and zero in on the most significant security and operational issues that have the tendency to slow down application development.”
- Rachit Lohani, SVP and chief technology officer of Paylocity
"Software development organizations are struggling with software dependencies, a major threat vector preventing the development and maintenance of secure software, particularly with today's need for application velocity. Automated tools are needed to enable teams to work effectively. Endor Labs is designed to automate governance and improve visibility in an era of industrialized software reuse."
- James Governor, Co-Founder, RedMonk - the developer-focused industry analyst firm
“When Varun launched Endor Labs, it felt like he, if anybody, would have the highest odds of success in trying to really raise that security bar and help security teams protect our own products and services against our common adversaries.”
- David Tsao, VP Security Engineering, Marqeta
"Many companies don't understand that an enterprise customer is not a monolith, it's made up of living, breathing people, all with different interests, all trying to protect the company. The team at Endor Labs not only has tried and tested founders, but an executive team that understands the corporate environment and how to build a solution that fits the needs of multiple groups."
- Aparna Bawa, COO, Zoom
"Solarwinds was the first time a lot of businesses became aware of supply chain risk. Every board room had a conversation about how the company can ship secure code. Log4j made this issue even more obvious as everyone had to scramble to find a solution. We need to shift further left and solve these issues at design time, that's what Endor Labs is doing."
- Bipul Sinha, CEO, Rubrik
“Endor Labs' new Dependency Lifecycle Management platform offers organizations a significant advantage by greatly shrinking the potential attack surface. It uses deep analysis to avoid the typical barrage of false alerts and pinpoint the actual code at risk. This gives security and development teams the level of insight they need to effectively secure application development practices.”
- Michael Sampson, senior analyst, Osterman Research - an analyst firm focused on cybersecurity, data protection and information governance
“This team has a proven track record of being early to identify industry-wide cyber challenges that accompany fundamental big shifts in enterprise technologies. Just as the F500 began migrating to the cloud en masse, Varun co-founded RedLock to build cloud-specific security solutions for them. Now, as the efficiencies of open source software give way to hard to track/manage complexities, Endor Labs is building the platform to secure the code those same businesses depend on. We’re honored with the opportunity to again back Varun along with Dimitri and the team they’ve built.”
- Deepak Jeevankumar, Managing Director, Dell Technologies Capital - an investment firm focused on disruptive, early-stage enterprise and cloud infrastructure startups
“Endor Labs serves a critical need— while open source software development continues to grow, the way OSS dependencies and their influence on supply chain risk is managed today hinders development, and leaves both engineering and security teams frustrated. They have carved out a market that is both massive and underserved, and have assembled a world-class team to take on this challenge. These are exactly the qualities we seek to add to our portfolio, and we look forward to a long and productive relationship with Endor Labs.”
- Arif Janmohamed, Partner at Lightspeed Venture Partners - a venture capital firm focused on accelerating disruptive innovations
Press Contact:
CONTOS DUNNE COMMUNICATIONS
endorlabs@cdc.agency
+1 (408) 776 1400 +1 (408) 893 8750