Double Your Threat Blocking in 90 Days
H. Alper Memis, CEO and Co-founder, Picus Security | October 20, 2021
The Top 10 MITRE ATT&CK Techniques Used by Adversaries
Today, the Picus team and I are thrilled to announce the closure of our Series B funding round. This is a major milestone for the company and represents a huge endorsement of our team, technology and approach to addressing important security challenges.
The investment we have received not only gives us the support to scale our operations globally and accelerate product development. Importantly, it will ensure that we continue to deliver the outcomes our customers need to maximize their cyber resilience and minimize business risks.
Back in 2014, when my fellow co-founders and I established Picus, our motivation stemmed from the fact that most organizations lacked an ability to determine how secure they were at any moment. Point in time assessments such as vulnerability scanning and penetration testing provided some level of assurance but not a holistic or continuous view.
Without a high degree of situational awareness, many major security decisions were based on assumptions rather than evidence. This was particularly the case when it came to prioritizing investments. Organizations were routinely buying new technologies to address their problems but were unable to gauge their effectiveness. As a result, they were failing to obtain the best level of protection and value. It was how our idea for the Picus platform was born - an automated solution capable of helping security professionals continuously measure and improve the performance of controls, better understand their organization’s security posture, and achieve a more threat-centric and proactive approach.
The challenges that drove us to create what is now recognized as one of the very first Breach and Attack Simulation (BAS) platforms still persist to this day but are now experienced on an even greater scale. In particular:
At Picus, we recognize the need to continually enhance the capabilities of our platform to respond to the very latest security challenges. Our vision is to establish security control validation as essential to the day-to-day security operations of all organizations. It’s why we’re dedicated to building the most complete solution available - one that makes testing, measuring, and optimizing security controls as quick and painless as possible.
With the day-to-day workload of security teams only continuing to increase, it’s important that security validation doesn’t add to the size of the task. It should empower security teams to improve security outcomes with less effort, rather than being viewed as just another source of alerts.
The latest funding that we have received as part of this Series B round will ensure that we are able to continue working towards making our vision for security validation a reality. Among the areas of focus that are helping us to differentiate our platform include:
At Picus, we believe it’s imperative that all our customers have the ability to test their defenses against the latest threats. Over recent months, for example, Picus was the first BAS vendor to release attack simulations that test against some of the most critical vulnerabilities and adversarial techniques. These include the highly publicized RCE vulnerability in MSHTML (CVE-2021-40444) and PrintNightmare (CVE-2021-1675), as well as new tactics used by ransomware gangs and advanced persistent threat groups.
In total, the Picus Threat Library now includes over 10,000 attacks and attack scenarios - the most extensive number of simulations offered by any BAS platform. Our dedicated in-house research team leverages the latest threat intelligence and will continue to ensure that our customers benefit from the ability to proactively test their defenses against emerging threats as early as possible.
To obtain a more comprehensive understanding of security control effectiveness, it’s essential to have a solution that is not only capable of validating a wide range of controls but can do so on a truly continuous basis. The evolving threat landscape and factors such as infrastructure drift mean that gaps can occur from one day to the next.
At Picus, we are committed to delivering real-time insights that enable organizations to improve their understanding of how secure they are at any moment. Our platform integrates with network and endpoint security controls across prevention and detection layers to provide a holistic view and deliver insights that help security teams address threat coverage and visibility gaps sooner and more effectively.
Early in the development of the Picus platform, we realized that it is not enough to solely identify gaps. Helping to address them swiftly and effectively is equally as important. Monitoring the threat landscape for new tactics and behaviors, plus writing and applying new rules and signatures to detect them, are seriously time-consuming tasks for security teams. These are two of the most common reasons that tools are not kept up to date.
As the first BAS vendor to offer migration content for detection and prevention technologies, we will continue to prioritize improving the ability of our platform to make it easier for organizations to take defensive steps earlier and more rapidly. This includes adding to our 70,000+ library of vendor-specific mitigations, which have far greater value to security teams than generic recommendations.
Providing security teams with greater insights into the effectiveness of security tools remains an important part of our roadmap. Picus is proud to partner with leading security companies such as Cisco, Palo Alto, Fortinet, IBM, Splunk and VMware. Working with our Alliance Partners to closely integrate our platform with theirs enables us to achieve a much deeper level of validation and, as a result, supply a much broader and detailed range of vendor-specific insights. Improving the integrations we offer will also enable us to automate an even wider range of actions, helping relieve the strain on security teams by reducing the need for manual actions and streamlining workflows.
In recent years, Picus has been recognized by experts, including research firm Frost & Sullivan, for innovation in the BAS market. The plans we have in place will now ensure that we are able to achieve our ambition of taking security control validation to the next level. This includes expanding our operations to support a growing number of customers across North America, EMEA and APAC.
To help us achieve our goals, we are very fortunate to have the backing of Turkven and Earlybird Venture Capital, the two key participants in this Series B round. Both firmly share our vision and have a track record of supporting some of the world’s most successful businesses.
Of course, none of our achievements to date would be possible without our customers and partners. You inspire us to keep getting better and we look forward to telling you more about the many exciting things we have planned.
Last but not least, I’d also like to take this opportunity to say a huge thank you to the Picus team for your hard work in enabling us to reach this stage of our journey. This is an incredibly proud day for us all and I’m delighted to share it with such a great group of talented, passionate and enthusiastic people. Now could not be a better time to join us!
Here’s to an exciting new chapter!
H. Alper Memis,
CEO and Co-founder, Picus Security