Attacks/Breaches

5/9/2018
12:35 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SafeBreach Announces $15 Million in Series B; Deepens Focus on Breach and Attack Simulation

SUNNYVALE, CA – May 8th, 2018 – SafeBreach, the leader in Breach and Attack Simulation, today announced new funding, new product capabilities and record growth. Bookings increased more than 470 percent year-over-year with expanded traction in the Fortune 100. The company added $15 million in strategic funding led by Draper Nexus with participation from PayPal and existing investors Sequoia Capital, Deutsche Telekom Capital Partners and HPE Pathfinder. The company also introduced major new capabilities that set it apart by allowing customers to not only simulate attacks and assess risk, but more effectively prioritize areas for remediation, and take action to stay ahead of attacks.

“CISOs and their security teams have spent considerable amounts of time and money implementing best-of-breed technologies, but today’s ever changing IT environments make it challenging to understand whether these security products can actually stand up to attacks,” said Managing Director Rio Maeda at Draper Nexus. “The SafeBreach platform has seen hypergrowth adoption in helping security teams continually prove people, process and technology are actually working. We invest in transformative technologies, and are excited to partner with the leader in this market.”

Accelerated momentum comes at a time when Breach and Attack Simulation as a sector is drawing increased attention and investment. Industry analyst firm Gartner has established category coverage and last year named SafeBreach among the "Cool Vendors in Monitoring and Management of Threats to Applications and Data 2017."

SafeBreach offers the most comprehensive Breach and Attack Simulation platform in the industry -- with a playbook of over 3400 breach methods, along with the most flexible prioritization capabilities and most extensible remediation options. The platform is designed to be continuous, automated and intuitive, removing human testing biases and eliminating the need for manual creation of methods. As a result, the SafeBreach platform has been able to uncover unknown or unexpected security issues in the most sophisticated security environments.

“Simulating attacks is critical to understanding the bigger picture of infrastructure and asset risk, but alone, it’s not enough,” said Guy Bejerano CEO & co-founder, SafeBreach. “Simulations need to inform prioritized actions. Our new, unique capabilities were built to provide the most effective breach method coverage, identify and prioritize critical results, and quickly remediate issues to enable customers to stay ahead of attacks.”

The most important new capabilities include:

  • Up-to-date Simulations Aligned to US-CERT Alerts and MITRE ATT&CK Framework – With a new ability, powered by SafeBreach Labs, to produce new simulations of critical attacks in less than 24 hours, the Hacker’s Playbook™ continues to represents the largest and most thorough simulation knowledge base in the industry, and growing every day. More than 700 attacks -- aligned with US-CERT alerts and the MITRE ATT&CK framework -- were added last year, bringing the total of breach methods to more than 3400. The company also recently announced an integration with Visa Threat Intelligence to weaponize payment industry indicators of compromise by transforming them into breach methods. SafeBreach Labs also continues to publish a bi-annual Hacker’s Playbook Findings report of deployment findings and best practices for security product deployments, while also producing unique intelligence and discoveries such as the ability to abuse third-party plugins in text editors and exfiltrate data using online public sandboxing.
  • Informed and Actionable Prioritization Right-Sized for Every Security Team – To accommodate varied security prioritization preferences for enterprises, SafeBreach now offers multiple ways to prioritize and drill down into breach simulation results. Organizations can use the Risk Trends, Kill Chain Explorer and simulation analysis dashboards available on the platform, integrate with existing security operations workflows via SafeBreach partnership with industry leading SIEM providers such as Splunk and Arcsight, or utilize existing Business Intelligence tools such as Tableau and Kibana to target critical areas of focus and vastly reduce alert fatigue.
  • Accelerated Remediation Via Automation and Orchestration, and Ticketing Systems  – SafeBreach offers the most extensible platform for remediation, integrating with enterprise ticketing systems like Jira and ServiceNow, along with automation and orchestration platforms such as Phantom and Demisto to support remediation workflows.

SafeBreach received numerous awards and accolades throughout 2017, including:

  • Making Bloomberg’s “50 Most Promising Startups You’ve Never Heard of” List
  • Winning the HPE and SAP Startup Showcase
  • Earning a spot on the Momentum Partners' “Q1 2017 Quarterly Market Report Watch List”
  • Named a Cool Vendor in the “Cool Vendors in Monitoring and Management of Threats to Applications and Data 2017” report by Gartner
  • SC Media named SafeBreach Co-Founder and CTO Itzik Kotler a Rising Star in the Reboot Awards and the company as an Industry Innovator in Security Infrastructure category
  • San Francisco Chamber of Commerce selected SafeBreach as the Winner of the Ebbies Awards in the ‘Innovation in Technology’ category
  • CRN named SafeBreach as a Finalist in the Tech Innovator Awards and an Emerging Vendor in the ‘Security’ category

Companies interested in seeing the SafeBreach platform in action can sign up for a demo. Successful techniques and insights from SafeBreach deployments are available in the Hacker’s Playbook Findings Report.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.