Detectify, a security platform that employs ethical hackers to carry out attacks designed to highlight weaknesses in corporate systems, has announced that it has raised $10 million in follow-on funding led by Insight Partners. CEO Richard Carlson said the new cash, which brings Detectify’s total to $42 million, will be used for product development and improving the overall user experience.
Detectify was founded by four ethical hackers from Stockholm, including Carlson, who recognized the business potential of combining security research with automation. In an interview with TechCrunch, Carlson Product development workflows have changed dramatically over the past few years, with new teams in organizations spinning out Internet-facing applications and adding potentially vulnerable assets to their deployment environment. The trend toward smaller, codeless devices has lowered the app’s barrier to entry, but made the job of security specialists more difficult.
To illustrate the challenges, a recent DarkRead study found that 26% of IT and security professionals do not trust the platforms they use to create low-code, no-code applications. As many of them – 25% – said that they do not even know which applications are created in these devices in their companies.
“While companies try to integrate security best practices earlier in their development cycle and catch vulnerabilities in development, the key is production,” Carlson added in an email. “If you don’t have a company that doesn’t have a fully streamlined development process, you’ll never catch everything. And this legacy thinking and reliance on ‘shifting left’ creates a false sense of confidence in organizations that increase their risk levels.”
Image Credits: check
The invented approach collects real payloads – pieces of code that execute when a hacker exploits a vulnerability – from a private community of ethical hackers and uses these contributions for payload-based testing. Carlson says “Detectify” examines customers’ entire attack surface, which shows how malicious attackers exploit applications that conflict with the Internet in production.
In the near future, look for plans to release new functionality that will give security teams the ability to create custom alert policies. Teams will be notified if attacks on vectors such as hosts, domains or DNS records are detected, Carlson said.
“With Detectify, organizations can maintain an external view of how attackers use their attack surface, manage their vulnerabilities and prioritize their remediation efforts,” said Carlson.
Detectify currently has 2,000 customers in Europe, including “large government digital services” and a user base of over 10,000. Carlson asserts that interest is strong amid competition for digital transformation efforts around the pandemic, including the likes of Psychognito, Crowdstrike’s Reposify, IBM’s Randori, Google’s Mandiant and Microsoft’s RiskIQ.
“Simply put, the external attack surface has never been more complex and difficult to defend against. This protects Detectify from market headwinds,” he added. “While no company is immune to market trends, in cybersecurity, the pressure to cut costs is at odds with cybersecurity teams’ need for best-of-breed solutions to protect the business from a nationwide attack.”
