Endor Labs comes out of hiding with $25 million to protect software supply chains
Endor Labs officially emerged from stealth, launching the company with a dependency lifecycle management platform that helps development and security teams maximize software reuse by assessing, maintaining, and updating safe dependencies.
The average company has over 40,000 open source dependencies uploaded directly by developers. Each of these dependencies can result in an average of 77 other (transitive) dependencies, creating massive, uncontrollable proliferation that slows development and increases the attack surface across multiple dimensions.
The existing environment does not have adequate solutions to deal with this problem. For example, Software Composition Analysis (SCA) tools lack context on how developers use dependencies. As a result, they drown developers with endless false positives and lack the ability to influence better OSS selection, prioritize fixes, or detect malicious dependencies.
“80% of the code in modern apps is code that your developers didn’t write but depend on through open source packages. When our founding team was leading the Prisma Cloud engineering group at Palo Alto Networks, we realized the true magnitude of this problem,” said co-founder and CEO Varun Badhwar. “Having previously created the Cloud Security Posture Management (CSPM) category, this team knows how to deal with next-generation threats. Our mission now is to enable the OSS to live up to its true potential without introducing unnecessary risks. It’s exciting to take a new approach to the market again, and we believe these solutions will radically improve application development everywhere.
Endor Labs’ platform gives security and development teams an unprecedented understanding of how dependencies are used in their organization. Additionally, by performing in-depth analyzes on each OSS dependency, Endor Labs uncovers potential security and operational risks beyond known vulnerabilities. Endor Labs helps customers select better dependencies; securing, monitoring and maintaining them at scale; and respond quickly to incidents like Log4j. Having a complete understanding of their dependency graph also allows customers to generate and analyze accurate SBOMs and have a single source of truth for all of their software inventory.
This lifecycle approach to dependency management means it becomes easier than ever to reuse software across the organization. The result is increased productivity for development and security teams, and significantly reduced supply chain risk.
“Dependency lifecycle management is going to be absolutely fundamental to open source supply chain and security,” said Rachit Lohani, SVP and CTO of Paylocity. “With Dependency Lifecycle Management, Endor Labs is setting a whole new standard through which organizations can prioritize and focus on the most important security and operational issues that tend to slow down application development.”
The company also announced today that it has raised $25 million in seed funding from Lightspeed Venture Partners, Dell Technologies Capital and Sierra Ventures, and several industry luminaries who have recognized the enormous problem that solves Endor Labs. These include CEOs and executives from Palo Alto Networks, Zoom, Snowflake, Zscaler, Netskope, Rubrik, Databricks, Microsoft, and more.
“Endor Labs fills a critical need – as open source software development continues to grow, the way OSS dependencies and their influence on supply chain risk are managed today is hampering development and frustrating developers. engineering and safety teams,” said Arif Janmohamed, partner at Lightspeed Venture Partners. “They have carved out a massive yet underserved market for themselves, and assembled a world-class team to meet this challenge. These are exactly the qualities we seek to add to our portfolio, and we look forward to a long and productive relationship with Endor Labs. »
“This team has a proven track record of being among the first to identify the industry-wide cyber challenges that accompany major fundamental shifts in enterprise technologies,” said Deepak Jeevankumar, managing director at Dell Technologies Capital. “Just as the F500 began to migrate massively to the cloud, Varun co-founded RedLock to create cloud-specific security solutions for them. Today, as the efficiency of open source software gives way to complexities that are difficult to track/manage, Endor Labs is building the platform to secure the code that these same companies depend on. We are honored to have the opportunity to once again support Varun with Dimitri and the team they have built.
An outstanding founding team at Endor Labs includes proven business builders with disruptive products and technologies, industry leaders like Meta, Uber, Sonatype, Palo Alto Networks, Amazon, Microsoft, and more, putting emphasis on security and development. The team includes:
- Varun Badhwar, Founder & CEO: A three-time founder and cybersecurity industry authority, Badhwar most recently founded GM and SVP of Prisma Cloud at Palo Alto Networks, which he built following the acquisition of his former company, RedLock. Previously, he founded a CASB company, CipherCloud, and held security practitioner roles at KPMG and Salesforce.
- Dimitri StiliadisPhD, Co-Founder and CTO: Leading the Endor Labs vision, Stiliadis was previously Cloud CTO at Palo Alto Networks following the acquisition of his company Aporeto, and prior to that he was Co-Founder and CTO of Nuage Networks, a subsidiary of Nokia/Alcatel-Lucent, and worked at Bell Labs Research.
- Georgious GousiousPhD, Lead Researcher: A well-published researcher and expert in applying advanced program analysis, data science, and machine learning techniques to improve developer productivity and operational efficiency, Gousious has received four awards of distinguished articles and is the main author of the GHTorrent project. which makes GitHub data searchable, among many other distinctions.
- Ron HarnikVP Marketing: A seasoned marketing executive and product marketing specialist, Harnik previously held leadership positions at several startups, including PureSec which was successfully acquired by Palo Alto Networks, where Ron led product marketing for the Prisma Cloud business .
- Sriram Subramanian, India R&D Center Manager: An engineering leader with over 25 years of experience building market-leading software products with strong expertise in cloud, security and SaaS. Prior to joining Endor, Sriram was Vice President of Engineering at Citrix, where he led the team of over 200 Networking Cloud services on their journey to cloud and SaaS products.
“Software development organizations struggle with software dependencies, a major threat vector preventing the development and maintenance of secure software, especially with today’s need for application speed,” said James Governor, co-founder of RedMonk. “Automated tools are needed to enable teams to work efficiently. Endor Labs is designed to automate governance and improve visibility in the era of industrialized software reuse.
Over the past year, more than 75 large organizations have provided feedback that has been incorporated into the product, which is currently in private beta with companies ranging from 200 to 35,000 employees.