The cost of cybercrime is growing at an alarming rate of 15% per year, expected to reach $10.5 trillion by 2025. To meet the challenges posed by this, organizations are turning to a growing array of AI-powered tools for their existing systems. The work of security software and their security teams. Today, a startup called Simulate — has built a platform to help those teams automatically and continuously stress test their networks against potential attacks with simulations and provide guidance on how to improve their systems. real Attacks – is announcing a significant amount of growth funding after seeing strong demand for its tools.
The startup — founded in Tel Aviv with a second base in New York — has raised $70 million, a Series D that it will use to continue expanding globally and invest in expanding its technology (both organically and potentially through acquisitions).
Today, Cymulate’s platform covers on-premise and cloud networks, providing breach and attack simulations for endpoints, email and web gateways and more; automated “red teaming”; And a “purple teaming” facility to create and initiate different security breach scenarios for organizations that don’t have the resources to dedicate people to a live red team — an overall, “comprehensive” solution to ensure companies are getting the most out of, in the words of Cymulate’s CEO Eyal Wachsman, the network security they already have. Architecture.
“We’re offering our customers a different way of doing cybersecurity and getting insights [on] All products are already deployed on the network,” he said in an interview. The resulting platform has found particular traction in the current market environment. Even as companies continue to invest in their security architecture, security teams are also feeling the market squeeze, affecting IT budgets and sometimes headcount in an industry already facing a skills shortage. (Simulate cites statistics from the US National Institute of Standards and Technology, which estimates a shortfall of 2.72 million security professionals in the global workforce.)
The idea with Simulate is that it’s built into something that helps organizations get the most out of what they already have. “And ultimately, we give our customers the ability to prioritize where they need to invest in terms of bridging gaps in their environment,” Wachsman said.
The round was led by One Peak, with Susquehanna Growth Equity (SGE), Vertex Ventures Israel, Vertex Growth and strategic backer Dell Technologies Capital also participating. (These five also backed Simulate in a $45 million Series C last year.) Relatively speaking, this was a big round for Simulate, doubling its total to $141 million, and while the startup didn’t disclose its valuation, I understand from sources it was around the $500 million mark.
Wachsman notes that the funding comes on the heels of a big year for the startup (which is good news for companies built to combat the ever-growing cybersecurity problem and growing threat landscape). Revenues have more than doubled, but the company now has more than 200 employees and works with around 500 paying customers in the enterprise and mid-market, including NTT, Telit and Euronext, with 300 customers a year, although numbers were not disclosed today. ago
Wachsman, who co-founded the company with Avihai Ben-Yossef and Eyal Gruner, said he first thought of the idea to build a platform to continuously test an organization’s threat posture in 2016 after years of working in cybersecurity consulting for other companies. He found that no matter how much effort his customers and outside consultants put into building security solutions annually or semi-annually, those gains could be lost every time a malicious hacker made an unexpected move.
“If the bad guys decide to get into the organization, they can, so we have to find a different approach,” he said. He looked to AI and machine learning for the solution, complementing everything the organization already had, “to build a machine that allows you to test your security controls and security posture continuously and on demand and get the results immediately… one step in front of hackers.”
Last year, Wachsman described Simulate’s approach to me as “the largest cybersecurity consulting firm without consultants,” but the company actually has its own large in-house team of cybersecurity researchers, white-hat hackers who try to find new holes — new bugs, zero days and other vulnerabilities. — to develop the intelligence that powers the Simulate platform.
These insights are combined with other assets, such as the MITER ATT&CK framework, a knowledge base of threats, tactics and techniques used by many other cybersecurity services, to build continuous assurance services that compete with Simulate. (Competitors include FireEye, Palo Alto Networks, Randori, AttackIQ, and many more.)
Simulate’s work comes in the form of network maps that illustrate a company’s threat profile, along with technical recommendations for prevention and mitigation, as well as an executive summary that can be provided to finance teams and management that audit security spending. It includes tools designed to implement security checks when integrating any services or IT with third parties, for example when working in an M&A process or supply chain.
Today the company focuses on network security, which is big enough on its own but leaves the door open for Simulate to acquire or build for companies in other areas such as application security. “It’s something on our roadmap,” Wachsman said.
If a potential M&A leads to more fundraising for Simulate, it helps that the startup is one of the few categories that continues to garner more attention from investors.
“We think cyber security will benefit from the current macroeconomic environment, as some more capital-intensive businesses like consumer internet or food delivery might,” said David Klein, managing partner at OnePeak. In it, “The best companies [are those] That’s a key target for their customers… they continue to attract very good multiples.”