Cequence Security lands $60M for ML-powered API protection

Cequence Security, which today announced a $60 million series C funding round, said it has doubled the customer base for its API security platform this year and plans to launch a self-service subscription offering in 2022 to help continue its brisk growth pace. The Sunnyvale, California-based company now has 85 customers, including T-Mobile and Estée Lauder, and stands out with its use of machine learning (ML) capabilities for detection of API threats, Larry Link, president and CEO of Cequence Security, told VentureBeat.

“Our ML-based detection separates malicious from legitimate and blocks them natively, with out-of-the-box policies — something no other API security vendor does currently,” Link said in an email.

The “comprehensive” platform unifies API discovery and inventory tracking with risk analysis, remediation, and real-time threat prevention across any cloud, he said.

Growing threats

API security has come to the forefront with enterprises across all industries in the process of turning into digital businesses — a shift that necessitates large quantities of APIs (application programming interfaces). The software serves as an intermediary between different applications, allowing apps and websites to access more data and gain greater functionality. By 2022, the vast majority of web-enabled apps — 90% — will have more surface area exposed for attack in the form of APIs than via the human user interface, according to Gartner research.

Meanwhile, several API security vendors have reported a surge in API-based attacks during 2021. Without a doubt, “APIs are an increasing attack point,” said Peter Firstbrook, vice president and analyst at Gartner, at a recent conference put on by the research firm.

The most frequent API-based attacks involve exploitation of an API’s authentication and authorization policies. In these attacks — also known as “leaky” APIs — the hacker breaks the authentication and the authorization intent of the API in order to access data.

Improved visibility

Ultimately though, with API security, “the first challenge customers have is that they have no idea how many APIs they have — and you cannot protect what you cannot see,” Link said.

Thus, Cequence Security’s platform starts with enabling customers to discover and create an updated inventory of all of their APIs. Then, the platform helps customers to analyze and remediate the risks that have been introduced by coding errors, while also protecting the customers and their APIs with “native, enterprise-class threat prevention,” Link said.

The foundation of the platform is the company’s patented ML-based analytics engine, CQAI, which discovers APIs and analyzes their risk posture, then detects and prevents threats, he said.

Product plans

New models in the works will include natural language analysis that will find common patterns that may pose a risk within API communications, according to Link. Other updates under development include an enhancement for the platform’s discovery capabilities to provide customers with an “inside-out” view of their attack surface area, he said.

Additionally, with the help of the new funding round, Cequence is developing a new self-service, subscription-based version of its API discovery product, Link said.

The funding was led by Menlo Ventures, with participation from Icon Ventures, Telstra Ventures, HarbourVest Partners, Shasta Ventures, Dell Technologies Capital, and T-Mobile Ventures. Cequence Security has now raised $100 million since its founding in 2015.

Growth spurt

During 2021, Cequence has seen 3X revenue growth year-over year, according to Link. Along with T-Mobile and Estée Lauder, other customers include American Express, Narvar, Houzz, and Zulily. The company reports that its platform currently protects 2 billion API transactions per day.

Cequence’s headcount now stands at 80, which has more than doubled over the past year — and the company is aiming to double its team again over the coming year, Link said.

Key geographies for market expansion in 2022 will include the U.S., Europe, Asia, and Australia, he said.

Cequence was founded by chief product officer Ameya Talwalkar and chief technology officer Shreyans Mehta. The founders previously worked at Symantec, where Talwalkar was director of development and Mehta was architect and technical director, both serving in the company’s Security Technology and Response unit. Previous roles for Link included serving as senior vice president of worldwide sales at Palo Alto Networks.