ThreatX, a vendor of API protection services primarily for enterprise customers, announced today that it has raised $30 million in a Series B funding round led by Herbert Growth Partners with participation from Vistara Growth, .406 Ventures, Grotech Ventures and Access Venture Partners. With the new cash, which brings ThreatX’s total to $52 million, CEO Gene Fay told TechCrunch that ThreatX will “accelerate” investments in platform development while ramping up sales and marketing initiatives.
The increase reflects investors’ confidence in cyber security businesses’ continued growth in net income. Cybersecurity startups raised $2.4 billion between January and June, according to Pitchbook, despite some signs that fundraising has begun to slow. Companies that protect APIs from outside attacks have been particularly prolific, recently, with startups like Ghost Security and Corsha raising tens of millions of dollars in capital.
ThreatX in 2010 It was co-founded in 2014 by Brett Setter and Andreas Uskas. Prior to starting ThreatX, Settle was VP of Enterprise Architecture at BMC; Uskas worked with Brett at BMC where he was an enterprise security architect. The two were colleagues at Corporate Express, which was acquired by Staples in 2008, where Uskas joined as an external pen tester.
“During the many years of working together, Settle and Andrews saw a significant gap in the market in terms of a solution to protect the BMC application portfolio,” said Fay, who will be named CEO of ThreatX in 2020. Tuning and rule-writing and returning false positives pile up. Through it all, the idea of creating in the space – and ThreatX – was born.
ThreatX offers API protection, bot and DDoS mitigation, and a traditional web application firewall (WAF) for first- and third-party web applications. The platform builds risk actor profiles using a detection and correlation engine to show which actors are actively attacking and may pose the greatest threat.
Fey sees ThreatX as competing primarily with two other cybersecurity vendors. The first are new API monitoring tools such as Salt Security and Reputation. The second is bot management platforms such as Cequence and WAF players such as Akamai, F5 and Imperva, which are generally implementing rules-based protection across web applications and APIs.
Fay argues that the former group – bot management and WAF vendors – are less integrated as they tend to offer bundled capabilities through acquisition. As for the latter — API observability tools — Fi says they often don’t provide web app or bot protection and require offline analytics, which precludes the ability to block attacks in real time.
“The bottom line is that to protect APIs, you need to be able to block attacks in real time,” Fay said. “Taking data by looking at it and analyzing it after the fact can be fun, but it doesn’t immediately do much in terms of security. For our customers, the first priority is protection – in real time, all the time. That’s the value we offer to our customers.”
Real-time protection or not, it’s true that API attacks are a growing cyber threat. Gartner in 2015 It predicts that API attacks will become the most frequent attack vector by 2022, leading to data breaches of enterprise web software.
“The Covid-19 pandemic has accelerated the use of APIs,” Fay added. “As people—both consumers and professionals—turn to technology to do more, reliance on both APIs and web applications has grown exponentially. That, in turn, has increased the need for security in this context—which gives ThreatX plenty of opportunity.”
While Fay declined to comment on financials, he said ThreatX currently has more than 100 customers. He declined to name any.
When reached for comment, Tom Roberts, general partner of Herbert Growth Partners, said in a statement:
APIs have become a strategic priority for businesses of all sizes and a prime target for risk actors. Organizations are now contending with persistent threats and require API and web application protection capabilities that can detect and respond to attacks in real time. This need for “instant attack protection” is driving the API security market into a frenzy. Based on ThreatX’s strong customer base and unique product capabilities, we believe the company is well-positioned to meet this change head-on as a valuable partner for businesses looking to protect their attack landscape.