Cequence Security Lands $60 Million to Protect APIs, ‘A New Attack Vector’

Cloud and mobile technologies, along with remote work, all continue to invite serious security risks. While “RDP” and “VPN” have become four-letter words, and IT experts pursue zero-trust and layered approaches to prevent breaches, APIs have consumed little of the cybersecurity conversation. Cequence Security aims to change that.

The eight-year-old company said on Wednesday it has closed $60 million in funding. That brings its total to more than $100 million. Menlo Ventures led the round as a new investor, joining a number of other existing and new venture capitalists in providing the money.

Cequence Security says it has experienced record growth during COVID-19 — little surprise given organizations’ unparalleled work-from-home deployments and digital transformation initiatives. A core part of that activity has come in the form of APIs to connect various business applications. The problem, Cequence Security asserts, is that most IT departments (and even channel partners) overlooked security reviews and governance best practices that would protect said APIs from bad actors.

Gartner supports that perspective.

Cequence Security’s Larry Link

“Many organizations lack visibility of their APIs, as many APIs are used as part of web or mobile applications and not published directly,” analysts Mark O’Neill and Jeremy D’Hoinne write in the research firm’s 2021 Hype Cycle for Application Security. “This means that a key requirement of API threat protection is API discovery, since, as every security professional knows, you can’t secure what you don’t know.”

Cequence Security’s platform addresses those gaps with API inventory tracking, risk assessment and threat prevention.

“It is the only solution that provides visibility and inline response mitigation to attacks on APIs,” said Venky Ganesan, partner at Menlo Ventures. “It’s the only solution out there that doesn’t need to signal other products for mitigation.”

Cequence Security will use the $60 million for a variety of growth strategies. Channel Futures talked with Larry Link, president and CEO of the company, to find out what MSSPs need to know.

Channel Futures: How will Cequence Security use the new investment money for the benefit of its partner program?

Larry Link: The recent investment will fund co-marketing activities to drive lead generation, the development of sales tools to help channel partners identify and articulate API security risks for their customers, and product enhancements to streamline customer onboarding for either SaaS-delivered or partner-delivered deployments.

CF: How else will Cequence Security put the $60 million to use?

LL: We will be investing in go-to-market initiatives in our existing markets of North America and EMEA. We are starting go-to-market programs in APAC and Japan, including hiring teams, signing channel partners and funding demand generation programs across all theaters. We are also heavily investing in customer success teams and tools to support our Global 2000 customer base.

CF: What do MSSPs need to know about securing APIs?

LL: APIs are increasingly being targeted to steal sensitive information and disrupt business applications. While most MSSPs have focused on the traditional breach and response to protect against data leakage or business disruption via ransomware, APIs are a new attack vector that cannot be protected using WAFs, NGFWs or vulnerability scanners. None of those tools will identify an …