Series C Funding Supports Evolution to Protecting API-Powered Business Revenue
A San Francisco-based startup raised $55 million to evolve from simply securing APIs to protecting the business logic and revenue streams driven by those APIs.
See Also: Post-Quantum Cryptography – A Fundamental Pillar in the Future of Cybersecurity [ES]
Wallarm plans to use the Series C funding to become more appealing to CIOs by enhancing visibility and business intelligence through AI, making their platform indispensable for revenue protection, according to Wallarm co-founder and CEO Ivan Novikov. The company will also double down on brand visibility and leadership in thought marketing, with plans to significantly grow its presence outside the U.S.
“We’re now facing the reality where AI adoption across our major customers – which is enterprise companies – are even higher than cloud adoption for the same account,” Novikov told Information Security Media Group. “So basically, AI has somehow penetrated the enterprise world faster than cloud did.”
Wallarm, founded in 2016, employs 162 people and has raised nearly $66 million, having completed an $8 million Series A funding round in October 2018 led by Toba Capital. The company has been led since its inception by Novikov, who previously served as a senior business consultant at BearingPoint and a Java Developer at AISA (see: Deep Dive: Why Can’t We Solve API Security?).
A Fundamental Shift in the API Security Market
The rapid embedding of AI in the operations of major Fortune 500 enterprises has created an immediate need for robust, scalable security solutions around how AI systems request and exchange data, Novikov said. Wallarm plans to introduce features that align with how AI applications use APIs and generate new vectors of risk.
“We have to build new products with a new, very dynamically changing environment, with everyone pushing some new stuff to the CI pretty much daily,” Novikov said.
The API security market is undergoing a fundamental shift from protecting API endpoints in isolation to safeguarding the entire business logic that flows through those APIs since they carry operational and financial risk, Novikov said. Wallarm is designing systems to track how APIs support user actions, partner integrations and revenue flows, and to protect those flows from sophisticated attacks, Novikov said.
“Business logic cannot happen without real business needs,” Novikov said. “And real business needs are always about how businesses makes money, how revenue is generated by the APIs and business flows. So, we decided to focus on this and to address the business logic flows.”
Wallarm wants to offer not just security alerts but clear visualizations and business impact assessments so that CIOs can quantify and prioritize risks based on revenue exposure, user type and system criticality, Novikov said. The company is leveraging AI to analyze API flows, infer business logic and detect anomalies that would be impossible to define with static rules.
“Customers need more than just the hyperscalers or just us,” Novikov said. “They need a complete managed service that can block attacks and make them happy and stop real threats. That’s what we do.”
Where Wallarm Faces Its Most Serious Competition
Up to this point, Novikov said Wallarm’s growth is largely inbound-driven and U.S.-centric, but he said the time has come to proactively target international markets where enterprise AI and API usage is also accelerating. The goal is to shift from 60/40 U.S.-international revenue to a 50/50 balance as more enterprises outside the U.S. adopt API-centric architectures and AI-based tooling, Novikov said.
“Now it’s time for us to go global because we do have inbound pipelines that came from all the rest of the world, and because we now have this investment that allow us to get enough field reps,” Novikov said.
Some of Wallarm’s most serious competition now comes from infrastructure and CDN vendors including Akamai and hyperscalers such as AWS and Google Cloud, which offer built-in security features, Novikov said. But Wallarm’s deep domain expertise in API security, ability to combine security with business context and focus on real-time detection and blocking give it a differentiated edge, according to Novikov.
“More and more, if not all, of these new leads come with real-time prevention use cases, where customers are looking for something that really can block attacks and that’s where we see more and more competition with traditional players,” Novikov said.
Wallarm works primarily with established enterprises with more than 5,000 employees as well as hypergrowth tech startups, especially those in AI and SaaS, Novikov said. These companies generate large amounts of data and are particularly exposed to attacks that exploit complex business logic, and Novikov said Wallarm’s platform is uniquely designed to handle that volume and complexity.
“Whoever use and consume a lot of APIs is our best customer, because we’re really good at scale,” Novikov said. “The biggest benefit we have, and the main competitive advantage, is we can analyze a lot of traffic simultaneously, in real time and monitor attacks.”