Endor
Labs officially
launched out of stealth, announcing the company with a Dependency Lifecycle Management Platform that helps development and security
teams maximize software reuse by safely evaluating, maintaining, and updating
dependencies.
The average
enterprise has more than 40,000 open source dependencies directly downloaded by
developers. Each of those dependencies can bring in on average 77 other
(transitive) dependencies creating a massive, uncontrollable sprawl that slows
down development and increases the attack surface across multiple dimensions.
The existing
environment doesn't have adequate solutions to deal with this problem. For
example, Software Composition Analysis (SCA) tools lack context on how
developers are using the dependencies. As a result, they drown developers with
endless false positives, and miss the ability to influence better OSS
selection, prioritize remediation or detect malicious dependencies.
"Eighty percent
of the code in modern applications is code your developers didn't write but
depend on through open source packages. When our founding team was leading the
Prisma Cloud engineering group at Palo Alto Networks, we realized the true
magnitude of this issue," said co-founder and CEO Varun Badhwar. "Having
previously created the Cloud Security Posture Management (CSPM) category, this
team knows how to take on next generation threats. Our mission now is to enable
OSS to live up to its true potential without introducing unnecessary risk. It's
exciting to once again take a new approach to the market, and we believe these
solutions will radically enhance application development everywhere."
Endor Labs'
platform provides security and development teams with an unprecedented
understanding of how dependencies are being used across their organization.
Furthermore, by performing deep analytics on each OSS dependency, Endor Labs
uncovers potential security and operational risks beyond just known
vulnerabilities. Endor Labs helps customers select better dependencies; secure,
monitor and maintain them at scale; and quickly respond to incidents like
Log4j. Having a full understanding of their dependency graph also lets
customers generate and analyze accurate SBOMs and have a single source of truth
for their entire software inventory.
This lifecycle
approach to dependency management means it becomes easier than ever to reuse
software across the org. The result is increased productivity for development
and security teams, and significantly reduced supply chain risk.
"Dependency
Lifecycle Management is going to be absolutely foundational for supply chain
and open source security," said Rachit Lohani, SVP and chief technology officer
of Paylocity.
"With Dependency Lifecycle Management, Endor Labs is setting an entirely
new standard by which organizations can prioritize and zero in on the most
significant security and operational issues that have the tendency to slow down
application development."
The company
also announced today that it has raised $25 million in seed financing from Lightspeed
Venture Partners, Dell Technologies Capital, and Sierra Ventures, and several industry luminaries who
have recognized the massive problem Endor Labs is solving. These include CEOs
and executives from Palo Alto Networks, Zoom, Snowflake,
Zscaler,
Netskope,
Rubrik, Databricks,
Microsoft, and more.
"Endor Labs serves a critical need- while open source
software development continues to grow, the way OSS dependencies and their
influence on supply chain risk is managed today hinders development, and leaves
both engineering and security teams frustrated," said Arif Janmohamed, Partner
at Lightspeed Venture Partners. "They have carved out a market that is both
massive and underserved, and have assembled a world-class team to take on this
challenge. These are exactly the qualities we seek to add to our portfolio, and
we look forward to a long and productive relationship with Endor Labs."
"This team has a proven track record of being early to
identify industry-wide cyber challenges that accompany fundamental big shifts
in enterprise technologies," said Deepak Jeevankumar, managing director at Dell
Technologies Capital. "Just as the F500 began migrating to the cloud en masse,
Varun co-founded RedLock to build cloud-specific security solutions for them.
Now, as the efficiencies of open source software give way to hard to
track/manage complexities, Endor Labs is building the platform to secure the
code those same businesses depend on. We're honored with the opportunity to
again back Varun along with Dimitri and the team they've built."