You are currently viewing ThreatX raises new round to protect APIs and web applications – TechCrunch

ThreatX raises new round to protect APIs and web applications – TechCrunch

ThreatX, a vendor that sells API protection services primarily to enterprise customers, today announced that it has raised $30 million in a Series B funding round led by Harbert Growth Partners with participation from Vistara Growth, .406 Ventures, Grotech Ventures and Access Venture Partners. With the new money, which brings ThreatX’s total raised to $52 million, CEO Gene Fay told TechCrunch that ThreatX will “accelerate” investments in platform development while expanding sales and marketing initiatives. marketing.

This increase highlights continued investor confidence in cybersecurity companies for net returns, despite the current macroeconomic headwinds. Although there is evidence that fundraising has started to slow, cybersecurity startups raised $2.4 billion between January and June, according to PitchBook. Companies that defend APIs against outside attacks have been particularly successful lately, with startups such as Ghost Security and Corsha raising tens of millions of dollars in capital.

ThreatX was co-founded in 2014 by Bret Settle and Andrius Useckas. Prior to launching ThreatX, Settle was vice president of enterprise architecture at BMC; Useckas had worked with Bret at BMC, where he was an enterprise security architect. The two were also colleagues at Corporate Express, which was acquired by Staples in 2008, where Useckas entered as an outside pen tester.

“During their years-long collaboration, Settle and Andrius saw a huge gap in the market in terms of solutions to protect BMC’s application portfolio,” said Fay, who was named CEO of ThreatX in 2020. “The products available required endless tweaking and rule writing, and returned loads of false positives. Through it all, the notion of innovation in the space – and ThreatX – was born.

ThreatX offers API protection, bot and DDoS attack mitigation, and traditional web application firewalls (WAFs) for proprietary and third-party web applications. The platform builds a profile of threat actors, using a detection and correlation engine to show which actors are actively attacking and which could pose the greatest threat.

Picture credits: ThreatX

Fay sees ThreatX competing primarily with two categories of cybersecurity vendors. The former are newer API observability tools such as Salt Security and Noname. The second are bot management platforms like Cequence and WAF players like Akamai, F5, and Imperva, which typically rely on applying policy-based protection to web applications and APIs.

Fay argues that the first group – bot management and WAF providers – tend to offer features that came together through acquisition, so they’re less integrated. As for the latter – API observability tools – Fay says they often don’t offer protection for web applications or bots and require offline analysis, making it difficult to block attacks in real time.

“The bottom line is that to protect APIs, you need to be able to block attacks in real time,” Fay said. “Capturing data by observation and analyzing it after the fact can be interesting, but it doesn’t do much from an immediate security point of view. For our customers, the number one priority is protection — in real time, all the time. This is the value proposition we offer our customers.

Real-time protection or not, it’s true that API attacks are a growing cyber threat. Gartner predicts that by 2022, API attacks will become the most common attack vector causing data breaches for enterprise web software.

“The COVID-19 pandemic has accelerated the use of APIs as companies consider how they could provide new services to deliver value – and generate revenue – to customers,” Fay added. “As people – both as consumers and professionals – have turned to technology to do more, reliance on both APIs and web applications has increased dramatically. This, in turn, has increased the need for security in this context, which presents a ton of opportunity for ThreatX.

While Fay balked when asked about finances, he said ThreatX currently has “over” 100 customers. He declined to name names.

When reached for comment, Harbert Growth Partners general partner Tom Roberts said in a statement, “APIs are a strategic priority for businesses of all sizes and have become a primary target for the threat. Organizations now face constant threats and need API and web application protection capabilities that can identify and respond to attacks in real time. This need for “real-time attack protection” is pushing the API security market into an aggressive pivot. Based on ThreatX’s strong customer traction and unique product capabilities, we believe the company is well positioned to tackle this change head-on as a valuable partner for enterprises looking to secure their attack surface.

Leave a Reply