Wallarm: Helping Companies Build Products With API Security In A $1 Billion Market

By Amit Chowdhry • Jun 5, 2024

Wallarm is a company that builds products offering robust protection for APIs, apps, and serverless workloads running in cloud-native environments. Pulse 2.0 interviewed Wallarm founder and CEO Ivan Novikov to learn more about the company.

Ivan Novikov’s Background

Novikov is a cybersecurity practitioner-turned-entrepreneur and AppSec has always been his passion. And Novikov said:

“Narrowing in AppSec, I became a security researcher and bug bounty hunter before getting my first full-time job, with trophies from Google, Facebook, Twitter, speaking at BlackHat and more. This passion resulted in my first company ONsec’s launch in 2009, which specialized in pentests and consultancy. Eventually, this venture led me to turn Wallarm out of stealth in 2016, which was part of Y Combinator’s batch S16.”

Formation Of Wallarm

How did the idea for the company come together? Novikov shared:

“During my time at ONsec, our customers requested WAF-managed services to mitigate vulnerabilities that were found during penetration tests, but I realized that existing WAF solutions weren’t able to secure APIs. Creating a new way of attack detection and automating vulnerability discovery was the next logical step I followed, which led to Wallarm. APIs enable trillions of dollars of economic activity in our highly connected world, and they’re increasingly under threat in recent years. The steady rise in API-related threats validates our focus on API and application security.”

Favorite Memory

What has been your favorite memory working for the company so far? Novikov reflected:

“I recall fondly when one of our first customers recommended us to another company they had just joined. It’s a fantastic feeling to know that our efforts and technology made such a positive impact on an organization that it then translated into awareness and new customers for Wallarm. Word-of-mouth referrals are high praise! Since that time, we have had many stories like that. Not a joke, our field CTO at Wallarm now is our ex-customer at Victoria’s Secret”

Core Products

What are Wallarm’s core products and features? Novikov explained:

“Wallarm builds products to automate API security in a full cycle. We always focus on delivering real threat prevention, not just security checkboxes. Our products consist of advanced API security, including an all-in-one solution for real-time API Discovery and Attack protection, API Testing, and WAAP, our Web Application and API Protection product. We also recently added a new offering called API Attack Surface Management (AASM), which provides continuous external API discovery and API leaks management, enabling enterprises to know which APIs are exposed, what risks they exhibit, and whether they’re protected.”

Challenges Faced

After asking Novikov about the challenges faced in building the company, Novikov acknowledged:

“With enterprise software, it’s always a challenge to get customers and build a referral database around it. We’ve overcome this challenge through in-depth technical expertise and product values that no other company can deliver. For example, our products’ detection accuracy allows our customers to more precisely detect attacks, providing them with better security for their APIs and applications. We also support legacy and modern applications and API protocols, giving customers broad coverage of their application infrastructure. Showing the value of deep technical products is not an easy task”.

Evolution Of Wallarm’s Technology

How has the company’s technology evolved since launching? Novikov noted:

“Our founding vision was to secure APIs and applications in real-time, which is what we have focused on. Initially, most Enterprises were not aware of the risks posed by APIs. We have had to educate the market and share real examples of vulnerabilities, attacks, and breaches. Many of the threats we predicted and discovered first have now become top threats, like SSRF, GraphQL batching attacks, and API leaks”.

“Wallarm is designed as a unified platform to secure APIs and apps in real-time at any scale. In fact, all of our products are available on one platform. They are not only integrated but are built to support each other and feed each other data for superior visibility and analytics. We have expanded Wallarm to support numerous API protocols and third-party integrations, and are continuing to do that.”

Customer Success Stories

After asking Novikov about customer success stories, he cited:

“Our client Miro, the online visual collaboration platform that enables distributed teams to work effectively together, wanted to increase its level of security and real-time protection from emerging API threats. So, its team turned to us to introduce threat prevention for their whole API portfolio.”

“By deploying our API security products, the Miro team could now monitor any potential malicious actors and alert their SecOps team when required, block malicious requests to the WebSockets and gRPC APIs in real-time without involving the SecOps team, and enable an API-specific dashboard, smart triggers, and integrations with DevSecOps toolchain that allowed them to automate incident response.”


After asking Novikov about the company’s funding information, he revealed:

“Wallarm has been capital-efficient and we have raised less than $20 million in total capital. Notable investors include Toba Capital (Long Beach, CA), Partech (San Francisco, CA), and YCombinator (Palo Alto, CA).”

“Many cybersecurity startups have raised significantly more funding than us but have yet to materialize the ROI ratio of capital efficiency that we’ve been able to achieve with far less funding.”

“Pound-for-pound, we’re an industry leader with the leanest sales and marketing team and 85% security engineering company”

Total Addressable Market

What total addressable market (TAM) size is the company pursuing? Novikov assessed:

“The API security ($1 billion in 2023) market is an extension of the larger AppSec ($7 billion in 2023).”

Differentiation From The Competition

What differentiates Wallarm from its competition? Novikov affirmed:

“First of all the list of differentiations are quite a few. Many of the other solutions in the market are no comparison to Wallarm from a feature, performance and effectiveness in solving customer use cases.”

“Wallarm’s key differentiator is our integrated API security and AppSec platform that works across any deployment options and environments. By having API security and AppSec in one place, organizations can streamline their security operations and be more agile against cybersecurity threats, allowing them to deliver more functionality with less complexity.”

“We are the only solution that addresses the API Security needs for developers, DevOps, Security and Operations teams.”

Future Company Goals

What are some of the company’s future company goals? Novikov concluded:

“As one of the leaders in the API and Application Security market, we intend to outpace and outdistance legacy and niche solutions.”

“We will innovate in the broad API and Application Security and adjacent security markets.”

“We will continue to expand our install base by winning against newer and established startups and legacy vendors.”

“Unlike other capital inefficient companies, we have a keen insight on customer use cases which we either address in our platform today or can quickly add.”