In December 2021, Gartner® reviewed its earlier predictions about API attacks, commenting, “On Target: 2017 Prediction — By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications…. As 2022 approaches, this prediction could arguably be counted as “missed” — but only because we underestimated the steep rise in attacks on APIs.
Now, Salt Security, the API security company, has announced it has received $140 million in Series D funding, a testament to the growing issue of attacks on APIs. Led by CapitalG, Alphabet’s independent growth fund, with participation from all existing investors, the latest investment brings the valuation of the company to $1.4 billion. Salt Security intends to bolster its leadership position in the API security market, stating it now has the most funding, highest valuation, most customers, and deepest penetration among Fortune and Global 500 enterprises.
Salt Security will use the additional capital to expand R&D investment, fuel sales and marketing, and more rapidly grow its international operations to address the growing number of cyber threats targeting APIs.
“APIs provide the foundation for innovation in today’s economy. Our vision for Salt Security has always been to make it safer and easier for companies to innovate by securing APIs in the face of a growing and dynamic attack surface,” said Roey Eliyahu, CEO and co-founder, Salt Security. “We are honored to have CapitalG as our strategic partner as we achieve this vision at global scale and widen our lead in this important industry.”
This latest funding round brings the company’s total funding to $271 million, with $210 million raised in the last 12 months.
In the past year, Salt added a number of leading financial services, insurance, pharmaceutical, eCommerce/retail, and digital services companies to its customer ranks. Recent new customers include Takeda Pharmaceuticals, bp Launchpad (the digital innovation and scale up unit of bp), Markel, Icatu Seguros, Apiture, and Berkshire Bank. In the same period, Salt Security drove:
- 500% growth in revenue
- 300% growth in its customer base
- 250% growth in its employee count
- 900% growth in signed customers among Fortune 500 and Global 500 companies
James Luo, Partner at CapitalG and Salt Security board member said: “Our investment in Salt Security comes at a time of critical importance for the wider business community. APIs are essential to enabling business innovation, but security risks are multiplying at an unprecedented scope and scale. Salt took an innovative, best-in-class approach to building its API security platform leveraging cloud-scale big data, allowing it to effectively detect and stop attacks in the wild while not compromising on strong shift left capabilities.
“Salt Security has a proven record of success as the leading solution in the market, and our conversations with customers made it clear that Salt is providing them with market-leading protection and the fastest time to value. We look forward to partnering with the team at Salt Security to help it catapult into the next tier of market penetration and success,” he continued.
All the investors who have backed Salt Security in previous rounds also participated in this raise, including Sequoia Capital, Y Combinator, Tenaya Capital, S Capital VC, Advent International, Alkeon Capital, and DFJ Growth.
“YC Continuity invests only in the very best, category-defining YC companies. Salt Security is one of those companies,” said Ali Rowghani, managing director, YC Continuity. “Like fellow YCC companies Stripe in payments and DoorDash in food delivery, Salt will become an iconic security company. Five years ago, the Salt founders had the vision to create this critical category, and they have led it ever since by creating the most secure and robust solution in the industry. The company’s innovation and dominance led us to double down on our investment.”
Executive and global expansion
Following the Salt Security Series C round in May 2021, the company expanded quickly, hiring several key industry leaders and launching global operations in EMEA and LATAM. Salt also made public the findings and analysis of its security research division, Salt Labs, so Salt can now educate the broader industry on the latest API threats by publishing vulnerability research and other community reports from the industry’s only API-focused security research team.
Salt also hired several executives across a range of functional areas, including:
- Kfir Lippmann, CFO, who led finances at Monday.com from its early days when it had 40 employees through to its IPO
- Yaniv Balmas, VP of Research, who is heading up Salt Labs after leading cyber research at Check Point Software Technologies for eight years
- Jon Peppler, VP of worldwide channels, who led channel initiatives at Bitglass, Menlo Security, and Proofpoint
- Nico Wagemans, Sales Director for EMEA, who held sales leadership positions at Nutanix and Cohesity
- Daniela Costa, Sales Director for LATAM, who held sales leadership roles at Arcserve and CA Technologies
The proliferation of APIs to support digital transformation, application mobilization, and other IT modernization initiatives, combined with the focus bad actors have put on tapping APIs as an attack vector, have laid bare the reality that traditional tools, such as web application firewalls (WAFs) and API gateways, cannot adequately defend against API attacks and vulnerabilities. In the first half of 2021, malicious API traffic grew more than 340% according to the Salt Security State of API Security Report, Q3 2021. To combat growing threats, the Salt Security API Protection Platform provides a unique approach to API security that leverages its API Context Engine (ACE) Architecture, a cloud-scale big data engine that applies machine learning (ML) and artificial intelligence (AI) to secure APIs. With the industry’s only patent for ML-based API protection, Salt provides its customers with automated and continuous API discovery, detection and prevention of API attacks, and “shift left” capabilities to identify and remediate API vulnerabilities during the build phase.
To learn more about Salt Security or to request a demo, please visit https://content.salt.security/demo.html.