Today, we’re excited to announce that Cequence Security has raised $60 million in series C funding, beginning our next phase of significant growth as a leader and innovator in the API Security category. Menlo Ventures led this most recent funding round, with partner Venky Ganesan joining our board of directors. Our relationship with Menlo Ventures and Venky, a seasoned cybersecurity investor who has his finger on the pulse of the API security market, is a significant milestone for us. In our funding press release, Venky expanded on his belief in our approach, explaining, “Part of the appeal is their superior product architecture. Cequence can stand alone: It is the only solution that provides visibility and inline response mitigation to attacks on APIs. It’s the only solution out there that doesn’t need to signal other products for mitigation.” Additional series C participants included ICON Ventures, Telstra Ventures, and HarbourVest Partners, in addition to existing investors Shasta Ventures, Dell Technologies Capital, and Touchdown Ventures.
As Cequence enters our next chapter, we’re thrilled to celebrate this news with our customers and incredible team. However, we realize there are many more innovations to be made, customers to help, and billions more APIs to protect. APIs have become the foundation for nearly every customer interaction with any business. Web applications call APIs for their business logic, mobile apps are API-based, partner ecosystems are all API-based, and the backend applications supporting the business are now modular in nature, relying on APIs to communicate.
In most organizations, these APIs are located in different locations – multi-cloud to the datacenter. In a decentralized, geo-distributed, and multi-could world, cataloging, risk scoring and protecting all of your APIs is a security nightmare. However, that’s what Cequence does best. Today, we help protect over 85 global brands while processing over 2 billion API transactions per day in industries like finance, fintech, retail, insurance, travel and hospitality, social media, and more. As Mark O’Neill and Jeremy D’Hoinne emphasize in the 2021 Gartner® “Hype Cycle™ for Application Security, 2021” report, API Security is at the peak of the hype curve. That means it is a nascent market, flooded with immature, point solutions creating a lot of buzz but also a lot of confusion for customers.
API Security upstarts, legacy AppSec players, CDN based security offerings, IaaS vendors, and API Management vendors all try to claim a piece of this big pie. However, only Cequence has the most complete and comprehensive offering in the market, as validated by Venky and others as part of their investment thesis. That’s why instead of choosing a point solution, many enterprises prefer Cequence’s API Security Platform.
Cequence Security starts by cataloging APIs to eliminate shadow APIs, and strictly enforces API schema conformance. We protect APIs from threats defined in the OWASP API Top 10 list; we are helping data governance teams detect sensitive data leaking through APIs, while preventing automated API business logic abuse that commonly leads to fraud.
Cequence’s differentiated approach and superior architecture is a delight to customers as we can natively stop all the threats it detects without reliance on any third-party integration, scale as needed, and is API-based, allowing you to import and export data to improve your overall security posture. Our modern, API-first architecture can be enabled swiftly in complex and multi-cloud environments. Customers can begin discovering and protecting their APIs with our SaaS solution in as little as just 15 minutes, or if they prefer, completely on-premises or a mixture of both.
Most importantly, we are helping our customers solve critical API security challenges, starting with the need for API visibility and inventory tracking. The Platform helped a global telecom customer generate an accurate, departmental-level inventory of thousands of APIs across multiple public clouds. Their prior solution was a manually managed Excel spreadsheet – out of date before they even hit save.
Data governance is the second challenge. Remember that an API includes the payload, like a credit card number, and coding best practices are to mask and encrypt it. Our Platform helped a financial services industry customer avoid a potential compliance violation by surfacing an API exposing sensitive data.
The last challenge encompasses coding errors that can introduce risks – like poorly implemented authentication, non-conformance to a defined specification, or internal APIs exposed publicly – all of which can be exploited by threat actors. In another customer scenario, the API development was widely distributed, included external developers, and had loosely defined checks and balances. Our platform is now the new basis of their API security initiative, which aims to improve API coding practices and publication processes to eliminate errors that expose them to security risks.
By no means is our mission complete, with this new round of funding we will help even more organizations take the next step to improve their API security. We will continue to expand our reach into new geographies and help customers in these parts of the world safeguard their APIs from abuse and attacks. In the coming months, we will also announce new product offerings that expand our capabilities beyond run-time detection and protection of APIs. A few select existing customers have previewed this new offering and they are loving it! This will be a game-changer in this space and further differentiate us from the noise.
Finally, we want to say thank you to our employees, customers, and partners. All of you made this journey possible. We couldn’t have gotten this far without each and every one of you. I am excited to continue working together and see what the future of Cequence Security will bring.