BreachQuest Emerges from Stealth to Fill Incident Response Gaps

Incident response company BreachQuest emerged from stealth today with $4.4 million in seed funding and a founding team of security experts, with the goal to modernize incident response.

BreachQuest's funding came from Slow Ventures, a venture capital firm that also invested in the early rounds of Venmo and Slack, as well as Lookout founder Kevin Mahaffey and Tinder co-founders Justin Mateen and Sean Rad, who said in a statement the startup has a "disruptive vision" and "a world class team."

Its leadership includes co-founder and CTO Jake Williams, former NSA hacker and founder of Rendition Infosec, a security firm that BreachQuest has acquired. Also at the helm are CEO Shaun Gordon, CISO A.J. King, and chief revenue officer Shawn Melito. BreachQuest team members also include former NSA, Department of Defense, and US Cyber Command operators.

The Dallas-based company plans to use its seed funding to accelerate the development and release of its Priori platform, which it claims will "re-engineer the incident response process and move incident preparedness into the future," said Gordon in a statement on today's news. Its goal is to give incident responders and analysts the tools they need to prepare for breaches.

An average breach takes 280 days to detect, 334 days to contain, and costs organizations an average of $3.9 million, BreachQuest reports. It's designing the Priori platform to improve the scoping, remediation, and recovery associated with a breach.

Part of the problem today's teams face is inadequate tooling, says Williams, whose experience has been more on the services side and has given him insight into the problems responders face.

"On the services end, we've long identified what's been wrong from the incident response side … and a huge portion of it is, the tools are not being created by practitioners," he explains. 

A practitioner will often sit down with a tool and can't find features they need to do their jobs. Part of Priori's goal is to provide response software they can easily navigate and use.

More broadly, Williams says organizations aren't spending money in the right places when considering the breach continuum. Plenty of money is allocated toward prevention, detection is part of the conversation, and while organizations have backups, "there's this giant gap in the middle" where preparedness should be. Most businesses don't exert the right amount of effort in determining how they'll address an incident when one occurs, as well as the software and data they'll have available to aid them.

This is the niche BreachQuest hopes to fill: "The idea is to give them more capability," says Gordon.

And incident responders could use the help. Williams refers to the "spreadsheet of doom," a common incident response term used to refer to the spreadsheet where an incident is tracked. When most coordination is done on spreadsheets, important data can fall between the cracks. With Priori, the company aims to address the challenges with data visibility and tracking.

Another priority is doing a better and faster job of bringing data to analysts who need it. In the aftermath of an incident, an analyst might request a log and not receive the data until some 72 hours later. The data has aged out by this point, Williams says, and valuable evidence is lost.

"Critical data takes far too long to gather and synthesize with spreadsheets, leading to substantially higher incident costs and suboptimal outcomes," he notes in a statement. 

The company aims for better coordination, both for its internal analysis and external analysts as Priori goes to market.

Right now, the founders say the timeline for that is earlier next year, though Williams says not all of Priori's capabilities will be ready at the same time. He describes the tool as a platform made up of multiple different components, and some of these may not be available until late 2022.

"The bad guys will be out there; networks will be penetrated," says Gordon. 

With its $4.4 million in seed funding, BreachQuest says it plans to accelerate development and hiring so it can meet its product goals and get Priori into companies' hands so they can better navigate the attacks.