Ghost Security, which its founders describe as an “app security” company, today emerged from stealth with $15 million in combined funding from 468 Capital, DNX Ventures, and Munich Re Ventures at a $50 million valuation. CEO Greg Martin said that the capital will go toward expanding the team, building Ghost's product, and launching pilots with potential customers.
Apps and APIs are at the core of organizations. Ultimately, they're what delivers essential info to employees and customers. But increasingly, apps and APIs have become attack vectors. Salt Security — which, to be fair, sells an API protection product — estimates that “malicious” API usage grew 681% from December 2020 to December 2021. As for apps, cybercriminals targeting mobile devices most frequently used them to break in, according to Pradeo Labs research.
Martin claims that Ghost takes a “data science” approach to security to solve challenges that other vendors cannot. While keeping the details high-level and mostly under wraps — Ghost's product hasn't launched yet — he said that the company's technology delivers visibility and risk protection for apps and their dependencies, including services and APIs, in both cloud and on-premises environments.
“As an industry, we are still seeing a lot of legacy thinking around how to deal with the application, data, and microservice sprawl that large scale cloud adoption has created,” Martin said in a press release. “Existing approaches and application security solutions are now dated and losing effectiveness. At Ghost, we are completely rethinking the approach to securing modern applications from the ground up.”
Them's fighting words for a company that's preproduct. But Martin highlights that Ghost's co-founders have considerable expertise in cybersecurity. Josh Larsen, CTO, was an engineering manager at Symantec before joining Check Point as an account manager and co-founding Blackfin Security Group, which Symantec acquired in 2015. Eric Cornelius, chief product officer, was the deputy director of the U.S. Department of Homeland Security's control systems security program and a chief product architect at BlackBerry.
Talent is only a part of the equation — and Ghost faces a slew of competition out of the gate. The aforementioned Salt Security has raised tens of millions of dollars for its tech to protect APIs from malicious abuse. Noname, another company aiming to solve API security problems, hit a $1 billion valuation after a $135 million Series C raise last December. Traceable AI, 42Crunch, and Cequence offer comprehensive API security services, too, while on the app security side, there's vendors like Astrix Security and Enso Security.
That doesn't faze Hiro Rio Maeda, a managing partner at DNX Ventures and an investor in Ghost. His is a meaningful investment, to be clear, given that the amount of venture capital investment for cybersecurity startups fell 35.8% this quarter on a quarter-over-quarter basis, according to Pitchbook data.
“The surge in adoption of applications, APIs, and microservices represents great growth potential for businesses but also introduces many new attack surfaces,” Maeda said in a statement. “A better approach to securing these assets is needed, and Ghost is well-positioned to address that challenge.”