Back in April, Verodin emerged from stealth mode, revealing to the market its new platform approach to testing security. It’s an approach that has attracted organizations and investors, with Verodin announcing June 28 that it has raised a $10 million Series A round of funding from Cisco Investments, Rally Ventures, Crosslink Capital and Blackstone.
Total funding to date for Verodin, including its seed round, now stands at $13.1 million. The new funding will be used to support the company’s sales, marketing and technical development efforts, according to Christopher Key, co-founder and CEO of Verodin.
Verodin emerged from stealth in April after two and a half years of working on the company’s instrumented security technology platform, Key said. Verodin’s technology is aimed at helping an organization evaluate its security posture and deal with cyber-attacks.
“It was really overwhelming in a positive way to see the reaction when we emerged from stealth,” Key told eWEEK. “Across the commercial space in general there is a commitment to cyber-security spending and everyone knows it’s important, but at the same time people really want to know if they’re actually more secure after spending money on technology.”
According to Key, many organizations assume that cyber-security technologies just work, which isn’t always accurate. In his view, it’s important to test the assumption that security technology works and make sure that organizations are instrumenting environments to make sure each of the things they are doing is effective.
“We have seen a massive opportunity for something that is missing in the market, and with this funding, we really wanted to make sure we have enough money to not just define the market, but aggressively capture it and move forward,” Key said.
There are multiple vendors and approaches in the market today for testing security. AttackIQ and SafeBreach announced technologies this year to simulate attacks to help defenders identify risks, while SecurityScorecard is a vendor that helps rate an organization’s security and that of its suppliers.
Verodin’s approach, in contrast, is to actually attempt to understand how an organization’s technology and people work when facing cyber-threats.
Since the company emerged from stealth, Verodin’s technology has continued to grow and evolve, driven by different use cases. Key said that one use case is Security Operations Center (SOC) readiness and making sure that an organization’s security staff and technology are properly aligned for dealing with threats. Another use case is to help bridge the gap between penetration testing and defensive posture. So instead of a penetration test simply resulting in an organization knowing it is vulnerable, the organization can instrument its security to mature threat response.
“Let’s make sure that for every successful offensive activity that there is a clear path and bridge to communicate to the defenders and that they are really measurably mature in what they are doing,” Key said.
The Verodin platform also helps continuously validate security controls in an organization, even as technologies within the organization change over time.
“Defenders are often not in control of the changes made by an organization’s IT and networking staff, but they need to understand what the impact of changes are,” Key said.
Verodin is continuously working to improve the automation of the platform, so as the technology is being deployed in organizations, it’s easier to use and not taking up more staffing resources, he added.
Looking forward, there are a number of things that Key has on the strategic roadmap for Verodin. One is growing Verodin’s customer forum such that users can share true behavior simulations, as well as real ways for preventing, detecting and responding to threats.
Additionally, Verodin is working with a number of threat intelligence providers. Key explained that the goal is to share threat intelligence in an actionable way that can help improve the way organizations are set up to defend and respond to attacks.
“The purpose of our activities is not simply to poke a bunch of holes in an organization and show how we poked them, but to really provide a means to help defenders to measurably mature defenses,” Key said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.