Randori, a cybersecurity startup whose platform enables organizations to see their network vulnerabilities as might a sophisticated attacker, has landed $9.8 million in early stage investment capital.
Seed investor Accomplice Ventures led the funding round with additional early stage capitalization from .406 Ventures and Legion Capital. All three are prior investors in endpoint security provider Carbon Black. (Small side note: “Randori” refers to martial arts mock combat where there are multiple attackers. And, “.406” is an homage to Ted Williams’ batting average in 1941, the last big league player to top the .400 mark.)
The Boston-based Randori intends to use the money to underwrite further development of what it claims is the industry’s first “nation state caliber”, cloud-based attack platform purpose-built to anticipate how advanced threat actors think and behave. The alpha stage technology is currently in use by some two dozen customers, Ian Lee, Randori products director, told MSSP Alert. A beta version is expected later this year along with more customers, he said.
Randori’s value proposition isn’t that it has a better mousetrap. Quite the opposite, actually: Top brass contend that in cybersecurity there’s nothing quite so illuminating as the real thing. Learning how hackers see and hit your weak points can’t come from a simulation, the company suggests, but from a real attack (safely executed), armed only with the information an attacker would know.
Chief information security officers (CISOs) are Randori’s target customers. If the company can convince CISOs that its platform will allow them to see where bad actors are likely to attack and to assess what’s at risk to their organization, they believe they’ve got something going.
The company’s approach takes into account the fluid nature of hacking, said Brian Hazzard, Randori’s chief executive. “Cyber security is fundamentally broken,” he said. “Despite massive investments of time and capital, organizations often don’t know where they’re vulnerable until after they’re hit. Simulated environments can’t account for the changing tactics of today’s attacker,” he said.
What he’s referring to is penetration testing. Indeed, the prevalence of traditional penetration testing to find system leaks, and the growing reliance organizations place on it, is the hill Randori will have to climb.
For one thing, pen testing is big business with global spending expected to reach roughly $12 billion in the next two years, according to Momentum Cyber. For another, the methodology delivers useful results. In one recent study, hired ethical hackers were able to grab administrative control of a targeted organization’s network nearly 70 percent of the time in some 270 client engagements. The saving grace for Randori, however, is the size of the available market -- it’s a roomy space that Hazzard and company want in on with plenty of room for a new arrival.
Randori’s executive team includes co-founder David Wolpoff, the developer’s chief technology officer and a veteran white hat hacker and red team leader. Owing to the funding round, Mike Viscuso, an Accomplice partner and Carbon Black co-founder, and Greg Dracon, a .406 partner, have been seated on Radori’s board of directors.