With venture capital flowing into the cybersecurity space at a record level, investors continue to hunt for the next big thing.
Subscribe to the Daily
In the last two months, that has meant looking at how applications talk to each other — and how to protect the data and services that flow through them between application programming interfaces, or APIs as they are more commonly called.
“We get multiple emails a week from investors sniffing around,” said , CEO of Sunnyvale, California-based API security provider . “We see interest from PE, from growth venture — they all want to play in this space.”
This week, Cequence announced it received an undisclosed strategic investment earlier this year from , with existing investors and also participating.
That is not the only round API security providers saw in the last several weeks. Last month, London-based raised a $17 million Series A. Later that month, Palo Alto, California-based closed a $70 million Series C — raising the total amount of funding the company has seen in the last year to $120 million. Earlier this month, Colorado-based announced it had closed a $10 million round.
“Right now there is a lot of money flying around out there,” said , a partner at , which invested in ThreatX and described the round as competitive from the investor’s side.
The rise of APIs
An API is what enables two applications to talk with each other. For example, when you look up cheap flights on the Internet, the app you are using needs to connect to the databases of airlines to see what may be available. That connection is through an API.
The amount of APIs — including web, mobile and third-party — in use has exploded through the years. A by Internet company said 83 percent of all web traffic now goes through APIs.
“The API discussion is part of every discussion we have,” said ThreatX CEO . “Every company is leveraging more and more APIs.”
The proliferation of APIs is in large part due to the growth of “microservices,” Link said. Microservices is a style of building apps by loosely coupling services around the application’s main business function. As companies build their apps, developers integrate it with providers of microservices — things like communication, logistics and login verification. As more of these microservices become available, developers add them to apps through APIs.
“Companies really have no idea what their API footprint is anymore,” he added.
Just this year, huge companies such as , , and have run into API security incidents. Fay said his company noticed a multiple-fold increase in API attacks from the second quarter of last year — as cyber attackers used the pandemic to hone their skills — to the second quarter of this one.
Without secure APIs to protect the data and services that flow between applications, bad actors can take over accounts or disrupt a company’s ecommerce business.
“I am seeing an increase in companies that know their APIs are exposed,” Link added.
Still early innings
Although API security recently has captured investors’ imaginations, it still is a nascent space when compared to other areas of cybersecurity. According to data, companies that describe themselves as securing APIs only have seen about $193.4 million of venture funding in the last 18 months — most of that going to Salt Security — although that is more than triple what the space realized in 2018 and 2019 combined.
Dracon compares the API security to what endpoint security was several years ago. As actors became more sophisticated, antivirus tools from and began to lag. That gave rise to companies such as , and , all of which became large companies before exiting to the public markets or being acquired.
The application space is seeing much more modern, advanced attacks and the API has become a common attack vector. With that trend, next-generation application security is needed, Dracon said.
What comes next?
Aside from the recent funding rounds, the API security space has also witnessed some dealmaking. Just last month cyber giant bought Los Altos, California-based API security developer for an undisclosed amount.
That could be the opening salvo of a battle in the space. Along with Imperva, -backed also competes in the sector and investors expect more to join.
“I expect all large cyber vendors will have a play in this space at some point,” Dracon said.
Aside from the usual suspects of , and , Link said he could see , and looking more at the area of API security.
“Those guys are interested in the API space,” said Link, who expects to raise a $40-to-$50 million Series C growth round by the end of the year.
Fay added he expects the market evolution in the next three-to-four years will determine the ultimate winners.
“This space continues to get recognized …. And I know there are companies that will come into it,” Fay said. “I think there is a ton of market opportunity out there as this market grows.”
Illustration:
Stay up to date with recent funding rounds, acquisitions, and more with the Daily.
![Illustration of a guy watering plants with a blocked hose - Global [Dom Guzman]](/wp-content/uploads/quarterly-global-3-300x168.jpg)
67.1K Followers