Free Trial
|
Login
Free Trial
Login
Platform
Platform
I want to
report
WHITEPAPER Picus Red Report 2025
white paper
DATASHEET Security Validation Platform
Use Cases
Use Cases
Frameworks
Group
WHITEPAPER Building a Robust Defense-in-Depth Strategy with Breach and Attack Simulation (BAS)
Paper Icons
E-BOOK An Introduction to Exposure Validation
Research
RESEARCH
LEARNING
whitepaper
Whitepaper Modernize Your SOC with Breach and Attack Simulation
report (1)
REPORT Blue Report: Effective Threat Exposure Management
Resources
RESOURCES
LEARNING
Group
WHITEPAPER Double Your Threat Blocking in 90 Days
Paper Icons
E-BOOK An Introduction to Exposure Validation
Company
COMPANY
PARTNERS
webinar
REGISTER NOW: Assessing Your Zero Trust Program with "Assume Breach" Mindset
Data sheet
DATASHEET The Pioneer of Breach & Attack Simulation
GET A DEMO
H. Alper Memis, CEO and Co-founder, Picus Security | 6 MIN READ

LAST UPDATED ON OCTOBER 16, 2024

Announcing Series C Growth Investment: From the Pioneer of Breach and Attack Simulation to Adversarial Exposure Validation Leader

Today is an important milestone for Picus Security. We’ve closed our Series C investment round, validating the hard work of our Picusers and recognizing our leadership position in the critical new category of Adversarial Exposure Validation, the new cornerstone of Exposure Management.

Several years ago, we embarked on the journey to pioneer a new security category: Breach and Attack Simulation. From there, we have pushed the limits, evolved BAS for our customers, and added Automated Penetration Testing and Detection Rule Validation to our suite of capabilities. Now, we are excited to lead Adversarial Exposure Validation and work toward building an ecosystem that offers a comprehensive Exposure Management solution.

More Data, But Not More Secure

The cybersecurity industry, once in its adolescence, is maturing into the next era of security AI, increased automation, and technological self-awareness. This next phase of security is marked by acceleration, transforming how adversaries operate and broadening the attack surface - making it more difficult to protect organizations. Vulnerability management alone is no longer enough to handle the pace of change, and today, organizations are facing three major threat areas:

  • The exponentially expanding attack surface: No longer confined to port and protocol, each connected device or log-in credential is now a potential attacker’s entry point. Migration to the cloud, more remote workers and devices, and a steady stream of new applications offer adversaries many new ways to infiltrate systems. As you build more complex systems, your attack surface grows too, creating an overwhelming volume of vulnerabilities that security teams are incapable of sifting through. At the same time, our time to respond to incidents is shrinking.
  • Legacy prioritization is not enough: Scoring vulnerabilities was once a clear way to fix the biggest risk first. CVSS scores and EPSS scores provide rankings but do not consider intelligence from other toolsets or context from critical business units.  In addition, many vulnerabilities may be theoretical due to deployed compensating controls, or lack of context.  While vulnerability scoring does provide some prioritization, it does not shorten the length of your team’s to-do list.  Essentially, traditional approaches are flawed and fail to consider the organization’s context.
  • Automation and AI are increasing the speed: Attackers are moving faster than ever. In the past, they could linger in systems for months or years before acting. Today, they are working more quickly and stealthily, leveraging AI and automation. 

Each of these challenges is related to one another. Over the years, organizations have invested in several tools to manage their attack surface. In addition to Vulnerability Management tools, they deploy EASM, BAS, PTA, and CAASM-like offerings in an attempt to address these problems. These technologies help organizations with some visibility, yet multiply the workload of security practitioners by introducing reporting and prioritization complications due to the islands of information inherent in stand-alone toolsets.

How cybersecurity teams build their ecosystem, connect their data, and enable timely remediation are more important than ever.

Exposure Validation: A Cornerstone of Exposure Management

As detection and response capabilities have become a mainstay in the cybersecurity tech stack, it was known that perimeter security was no longer enough. Teams rightfully embraced Zero Trust, and knew it was not if, but when, a breach would occur. We have found that this continues to be true, even with added defenses. As a community, cybersecurity is taking the stance that we must “assume breach,” and validate our own defenses regularly. The time has come to challenge what we think we know, and assume we are not protecting it all. 

A single platform for cybersecurity seems like a distant dream, but an ecosystem where different cybersecurity data and technologies work together to provide a better outcome for organizations is within our reach. At Picus, we believe in a future where you can bring your exposure data together in one open platform that integrates with best-of-breed technologies. To achieve this future we’re partnering to bring validation to technologies focusing on Continuous Threat Exposure Management (CTEM).  

Addressing key challenges in recent cybersecurity frameworks is a priority for the Picus team. As we build to bring new capabilities to market, we’re guided by the following tenents:

  • Combine and correlate exposure data: Continuously bringing together all exposures (such as vulnerabilities and misconfigurations) is a critical starting point we cannot ignore. Vulnerabilities can often look different to different tools. Bringing them together so you can deduplicate, normalize, and correlate exposures will improve operational efficiency.  By leveraging integrations and automation we can start making the attack surface less overwhelming and more manageable.
  • Validate and Prioritize Continuously: Consolidated exposures can now be prioritized based on severity, asset criticality, likelihood of exploitation and the context of security controls. In addition to severity-based prioritization, teams must incorporate exposure validation (such as, compensating control effectiveness and attack paths) to shrink down the to-do list — this leaves only the biggest issues remaining which must be addressed in real-time. This should also be done continuously as part of your exposure management program rather than as a linear next step.
  • Streamlined Remediation: Once you’ve identified the most material risks to the organization, modern tools must give teams clear next steps for mobilizing fixes whether via remediation or compensating controls. With integrations and tools that automate the heavy lifting, teams can address vulnerabilities faster.

Closing Thoughts

Together with co-founders Volkan Ertürk and ​​Süleyman Özarslan, we set out to address a critical gap in the cybersecurity market. In the summer of 2012, Volkan was advising a company that suffered a data breach after a substantial security investment. Volkan had a realization – cybersecurity is based on the premise that services will offer protection; however, complexity requires a new approach. Volkan, ​​Süleyman, and I knew we wanted to address the influx of new threats, and so, Picus was born. 

Today, we are a globally connected team of innovation drivers building for the future with purpose, perseverance, and pride. We set our sights on the future as we share our Series C announcement. This funding round marks a significant milestone in our journey, and the beginning of our next phase. The creation of the Adversarial Exposure Management category stems from the widespread understanding of cybersecurity and the need for a new framework for managing cybersecurity risk in enterprise organizations, Continuous Threat and Exposure Management (CTEM). CTEM has given rise to an offensive view of cybersecurity, which we believe deserves acknowledgment.

We have sought out – and will continue looking for top-tier talent and investing in our Picus team members. With this week’s milestone, there is no better time to get on board. Our success is entirely a team effort, and we take pride in working tirelessly to protect our customers around the world. 

At Picus, we shed light on the unknown. We help organizations navigate the complexities of cybersecurity by demystifying uncertainties and making them manageable. Our Series C funding is a testament to our investors' confidence in our team’s vision for the future. We’re proud to be continuously innovating, pioneering the growth of cybersecurity defenses, and will continue to lead the market in exposure management capabilities to be a light for cybersecurity teams when all other lights go out.

H. Alper Memiş

CEO & Co-founder, Picus Security
 
Adversarial Exposure Validation is a process pioneered by Picus Security to assess and manage cybersecurity risks by continuously validating and prioritizing exposures based on severity, asset criticality, likelihood of exploitation, and the context of security controls.
Vulnerability management alone is not sufficient because the attack surface has expanded exponentially, legacy prioritization methods are flawed, and attackers are leveraging AI and automation to move faster, making it necessary to adopt more comprehensive exposure management strategies.
Picus Security helps organizations manage cybersecurity risks by offering tools and solutions that validate and prioritize exposures, streamline remediation processes, and integrate with other technologies to create a unified ecosystem for Continuous Threat and Exposure Management (CTEM).
Picus Security addresses key challenges such as the overwhelming attack surface, the limitations of legacy vulnerability prioritization methods, and the need for continuous validation and prioritization of exposures to effectively manage cybersecurity risks.
The Series C growth investment is significant as it marks a milestone in Picus Security's journey, validating their leadership in the Adversarial Exposure Validation category and supporting their efforts to innovate and expand their cybersecurity solutions.
The main components of Picus Security's cybersecurity platform include Security Control Validation, Attack Surface Validation, Cloud Security Validation, Attack Path Validation, and Detection Rule Validation, all integrated to provide comprehensive exposure management.
Automation and AI have increased the speed at which attackers operate, making it essential for cybersecurity teams to adopt advanced tools and strategies that can keep up with the rapid pace of threats and improve response times.
Continuous Threat Exposure Management (CTEM) plays a crucial role in cybersecurity by providing a framework for continuously validating, prioritizing, and managing cybersecurity exposures, thereby enhancing an organization's ability to respond to threats effectively.

Table of Contents

Article What are Adversarial Exposure Validation Tools
Learn More
cyber-risk-management-for-cisos
Article Cyber Risk Management for CISOs: A Quick Overview
Learn More
adversarial-exposure-validation-in-ctem
Article The Role of Adversarial Exposure Validation in CTEM
Learn More
exposure-assessment-to-management
Article From Exposure Assessment to Management: The Power of Validation in CTEM
Learn More
ctem
Article Uncovering Critical Defensive Gaps with Automated Penetration Testing Software
Learn More
gartner-hype-cycle-secops-2024
Reports 2024 Gartner® Hype Cycle™ for Security Operations
Learn More
blue-report-2024
Article Blue Report 2024 Reveals 40% of Environments Exposed to Full Take Over
Learn More
choosing-which-vulnerabilities-to-patch
Article Choosing Which Vulnerabilities to Patch
Learn More
choosing-which-types-of-attacks-to-prevent
Article Choosing Which Types of Attacks to Prevent
Learn More