Attack surface management platforms

Updated: June 21, 2022

2022. Attack surface management platform RapidFort raises $8.5M

RapidFort, a startup that helps developers reduce the potential attack surface of their applications by automatically removing unused software components from their containers, today announced that it has raised an $8.5 million seed round. The service reduces the overall attack surface by analyzing which components in a container are actually needed to run an application. Development teams run them as normal in dev, test or production, while RapidFort figures out which components it can remove. The company says its improvements are typically in the range of 60 to 90%, so that in the end, security and developer teams can focus on the vulnerabilities that actually matter.

2022. IBM acquires attack surface management startup Randori

IBM has announced that it’s acquiring Randori, a Boston-based offensive security startup that combines attack surface management (ASM) with continuous automated red teaming (CART) to help organizations bolster their cyber defenses. ASM — the continuous discovery, inventory, classification and monitoring of a company’s IT infrastructure — is becoming a must-have for organizations of all sizes. The number of potential exposure points in hybrid cloud operating environments is growing exponentially as a result of the pandemic-fueled shift to remote and hybrid working, with ESG data showing that 67% of organizations saw their external attack surface expand over the past two years due to the rising use of cloud, third-party services and Internet of Things (IoT) devices.

2022. Cyberpion raises $27M for its external attack surface management platform

External attack surface management services like Cyberpion has raised $27 million Series A round. The idea behind external attack surface management is to take an outside look at a company’s entire outside-facing assets and infrastructure and proactively scan for risks and vulnerabilities. Since raising its seed round in 2020, attacks like the SolarWinds hack increased awareness of how vulnerable the software supply chain can be. At the same time, a large percentage of enterprise IT infrastructure now sits outside of the traditional company firewall, yet a recent Gartner report noted that only 10 percent of organizations have adopted attack surface assessment solutions so far. That leaves a lot of room for growth because sooner or later, these companies will have to adapt these solutions.

2021. Attack surface management startup CyCognito raises $100M

CyCognito, a startup helping to prevent cyber attacks, has raised $100 million Series C. Like any attack surface management company, CyCognito is looking at the range of assets a company has and looking for gaps in security, but the comprehensiveness of the company’s approach is what differentiates it from the pack. It's leveraging machine learning-based, attack surface management to understand what’s out there. And it's the first company to automate security testing at the scale of millions of assets

2020. Palo Alto Networks to acquire AI cybersecurity firm Expanse for $800M

Palo Alto Networks has acquired Expanse for $800 million. Expanse provides a service to help companies understand and protect their attack surface, where they could be most vulnerable to attack. It works by giving the security team a view of how the company’s security profile could look to an attacker trying to gain access. The plan is to fold Expanse into Palo Alto’s Cortex Suite, an AI-driven set of tools designed to detect and prevent attacks in an automated way. Expanse should provide Palo Alto with a highly valuable set of data to help feed the AI models.