Attacks/Breaches

5/9/2018
12:35 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SafeBreach Announces $15 Million in Series B; Deepens Focus on Breach and Attack Simulation

SUNNYVALE, CA – May 8th, 2018 – SafeBreach, the leader in Breach and Attack Simulation, today announced new funding, new product capabilities and record growth. Bookings increased more than 470 percent year-over-year with expanded traction in the Fortune 100. The company added $15 million in strategic funding led by Draper Nexus with participation from PayPal and existing investors Sequoia Capital, Deutsche Telekom Capital Partners and HPE Pathfinder. The company also introduced major new capabilities that set it apart by allowing customers to not only simulate attacks and assess risk, but more effectively prioritize areas for remediation, and take action to stay ahead of attacks.

“CISOs and their security teams have spent considerable amounts of time and money implementing best-of-breed technologies, but today’s ever changing IT environments make it challenging to understand whether these security products can actually stand up to attacks,” said Managing Director Rio Maeda at Draper Nexus. “The SafeBreach platform has seen hypergrowth adoption in helping security teams continually prove people, process and technology are actually working. We invest in transformative technologies, and are excited to partner with the leader in this market.”

Accelerated momentum comes at a time when Breach and Attack Simulation as a sector is drawing increased attention and investment. Industry analyst firm Gartner has established category coverage and last year named SafeBreach among the "Cool Vendors in Monitoring and Management of Threats to Applications and Data 2017."

SafeBreach offers the most comprehensive Breach and Attack Simulation platform in the industry -- with a playbook of over 3400 breach methods, along with the most flexible prioritization capabilities and most extensible remediation options. The platform is designed to be continuous, automated and intuitive, removing human testing biases and eliminating the need for manual creation of methods. As a result, the SafeBreach platform has been able to uncover unknown or unexpected security issues in the most sophisticated security environments.

“Simulating attacks is critical to understanding the bigger picture of infrastructure and asset risk, but alone, it’s not enough,” said Guy Bejerano CEO & co-founder, SafeBreach. “Simulations need to inform prioritized actions. Our new, unique capabilities were built to provide the most effective breach method coverage, identify and prioritize critical results, and quickly remediate issues to enable customers to stay ahead of attacks.”

The most important new capabilities include:

  • Up-to-date Simulations Aligned to US-CERT Alerts and MITRE ATT&CK Framework – With a new ability, powered by SafeBreach Labs, to produce new simulations of critical attacks in less than 24 hours, the Hacker’s Playbook™ continues to represents the largest and most thorough simulation knowledge base in the industry, and growing every day. More than 700 attacks -- aligned with US-CERT alerts and the MITRE ATT&CK framework -- were added last year, bringing the total of breach methods to more than 3400. The company also recently announced an integration with Visa Threat Intelligence to weaponize payment industry indicators of compromise by transforming them into breach methods. SafeBreach Labs also continues to publish a bi-annual Hacker’s Playbook Findings report of deployment findings and best practices for security product deployments, while also producing unique intelligence and discoveries such as the ability to abuse third-party plugins in text editors and exfiltrate data using online public sandboxing.
  • Informed and Actionable Prioritization Right-Sized for Every Security Team – To accommodate varied security prioritization preferences for enterprises, SafeBreach now offers multiple ways to prioritize and drill down into breach simulation results. Organizations can use the Risk Trends, Kill Chain Explorer and simulation analysis dashboards available on the platform, integrate with existing security operations workflows via SafeBreach partnership with industry leading SIEM providers such as Splunk and Arcsight, or utilize existing Business Intelligence tools such as Tableau and Kibana to target critical areas of focus and vastly reduce alert fatigue.
  • Accelerated Remediation Via Automation and Orchestration, and Ticketing Systems  – SafeBreach offers the most extensible platform for remediation, integrating with enterprise ticketing systems like Jira and ServiceNow, along with automation and orchestration platforms such as Phantom and Demisto to support remediation workflows.

SafeBreach received numerous awards and accolades throughout 2017, including:

  • Making Bloomberg’s “50 Most Promising Startups You’ve Never Heard of” List
  • Winning the HPE and SAP Startup Showcase
  • Earning a spot on the Momentum Partners' “Q1 2017 Quarterly Market Report Watch List”
  • Named a Cool Vendor in the “Cool Vendors in Monitoring and Management of Threats to Applications and Data 2017” report by Gartner
  • SC Media named SafeBreach Co-Founder and CTO Itzik Kotler a Rising Star in the Reboot Awards and the company as an Industry Innovator in Security Infrastructure category
  • San Francisco Chamber of Commerce selected SafeBreach as the Winner of the Ebbies Awards in the ‘Innovation in Technology’ category
  • CRN named SafeBreach as a Finalist in the Tech Innovator Awards and an Emerging Vendor in the ‘Security’ category

Companies interested in seeing the SafeBreach platform in action can sign up for a demo. Successful techniques and insights from SafeBreach deployments are available in the Hacker’s Playbook Findings Report.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now about that mortgage refinance offer from Wells Fargo .....
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-2446
PUBLISHED: 2018-08-14
Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
CVE-2018-2447
PUBLISHED: 2018-08-14
SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database.
CVE-2018-2448
PUBLISHED: 2018-08-14
Admin tools in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, allows an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
CVE-2018-2449
PUBLISHED: 2018-08-14
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.
CVE-2018-2450
PUBLISHED: 2018-08-14
SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database.