Picus Security announced the completion of its $24 million Series B funding round. The investment is led by Turkven with participation from existing investor, Earlybird Venture Capital, as well as cyber security veteran, Nathan Dornbrook. The round brings Picus’ total funding to $33 million and will be used to help accelerate the company’s expansion in North America as well as across EMEA and APAC.
The CEO announcement is below.
Achieving another milestone in our growth as we take security control validation to the next level and enable all organizations to achieve a threat-centric approach.
Today, the Picus team and I are thrilled to announce the closure of our Series B funding round. This is a major milestone for the company and represents a huge endorsement of our team, technology and approach to addressing important security challenges.
The investment we have received not only gives us the support to scale our operations globally and accelerate product development. Importantly, it will ensure that we continue to deliver the outcomes our customers need to maximize their cyber resilience and minimize business risks.
The need for a threat-centric approach to security
Back in 2014, when my fellow co-founders and I established Picus, our motivation stemmed from the fact that most organizations lacked an ability to determine how secure they were at any moment. Point in time assessments such as vulnerability scanning and penetration testing provided some level of assurance but not a holistic or continuous view.
Without a high degree of situational awareness, many major security decisions were based on assumptions rather than evidence. This was particularly the case when it came to prioritizing investments. Organizations were routinely buying new technologies to address their problems but were unable to gauge their effectiveness. As a result, they were failing to obtain the best level of protection and value. It was how our idea for the Picus platform was born – an automated solution capable of helping security professionals continuously measure and improve the performance of controls, better understand their organization’s security posture, and achieve a more threat-centric and proactive approach.
The same challenges persist but now on a greater scale
The challenges that drove us to create what is now recognized as one of the very first Breach and Attack Simulation (BAS) platforms still persist to this day but are now experienced on an even greater scale. In particular:
- The attack surface continues to expand as organizations migrate workloads to the cloud and embrace remote working.
- Security teams are using more tools than ever and face an uphill task trying to manage and monitor them all.
- Network security and detection tools are more sophisticated, yet the professionals with the skills to leverage them are in short supply.
- Security leaders are under increasing pressure from the boardroom to quantify risk, demonstrate value and justify new investments.
Security control validation as an everyday part of SecOps
At Picus, we recognize the need to continually enhance the capabilities of our platform to respond to the very latest security challenges. Our vision is to establish security control validation as essential to the day-to-day security operations of all organizations. It’s why we’re dedicated to building the most complete solution available – one that makes testing, measuring, and optimizing security controls as quick and painless as possible.
With the day-to-day workload of security teams only continuing to increase, it’s important that security validation doesn’t add to the size of the task. It should empower security teams to improve security outcomes with less effort, rather than being viewed as just another source of alerts.
What separates Picus from the rest
The latest funding that we have received as part of this Series B round will ensure that we are able to continue working towards making our vision for security validation a reality. Among the areas of focus that are helping us to differentiate our platform include:
Simulating real-world threats when they emerge
At Picus, we believe it’s imperative that all our customers have the ability to test their defenses against the latest threats. Over recent months, for example, Picus was the first BAS vendor to release attack simulations that test against some of the most critical vulnerabilities and adversarial techniques. These include the highly publicized RCE vulnerability in MSHTML (CVE-2021-40444) and PrintNightmare (CVE-2021-1675), as well as new tactics used by ransomware gangs and advanced persistent threat groups.
In total, the Picus Threat Library now includes over 10,000 attacks and attack scenarios – the most extensive number of simulations offered by any BAS platform. Our dedicated in-house research team leverages the latest threat intelligence and will continue to ensure that our customers benefit from the ability to proactively test their defenses against emerging threats as early as possible.
Validating controls continuously, 24/7
To obtain a more comprehensive understanding of security control effectiveness, it’s essential to have a solution that is not only capable of validating a wide range of controls but can do so on a truly continuous basis. The evolving threat landscape and factors such as infrastructure drift mean that gaps can occur from one day to the next.
At Picus, we are committed to delivering real-time insights that enable organizations to improve their understanding of how secure they are at any moment. Our platform integrates with network and endpoint security controls across prevention and detection layers to provide a holistic view and deliver insights that help security teams address threat coverage and visibility gaps sooner and more effectively.
Supplying actionable mitigation content to address gaps swiftly
Early in the development of the Picus platform, we realized that it is not enough to solely identify gaps. Helping to address them swiftly and effectively is equally as important. Monitoring the threat landscape for new tactics and behaviors, plus writing and applying new rules and signatures to detect them, are seriously time-consuming tasks for security teams. These are two of the most common reasons that tools are not kept up to date.
As the first BAS vendor to offer migration content for detection and prevention technologies, we will continue to prioritize improving the ability of our platform to make it easier for organizations to take defensive steps earlier and more rapidly. This includes adding to our 70,000+ library of vendor-specific mitigations, which have far greater value to security teams than generic recommendations.
Integrating with the broadest range of security tools
Providing security teams with greater insights into the effectiveness of security tools remains an important part of our roadmap. Picus is proud to partner with leading security companies such as Cisco, Palo Alto, Fortinet, IBM, Splunk and VMware. Working with our Alliance Partners to closely integrate our platform with theirs enables us to achieve a much deeper level of validation and, as a result, supply a much broader and detailed range of vendor-specific insights. Improving the integrations we offer will also enable us to automate an even wider range of actions, helping relieve the strain on security teams by reducing the need for manual actions and streamlining workflows.
Grateful for the support of our investors, customers and partners
In recent years, Picus has been recognized by experts, including research firm Frost & Sullivan, for innovation in the BAS market. The plans we have in place will now ensure that we are able to achieve our ambition of taking security control validation to the next level. This includes expanding our operations to support a growing number of customers across North America, EMEA and APAC.
To help us achieve our goals, we are very fortunate to have the backing of Turkven and Earlybird Venture Capital, the two key participants in this Series B round. Both firmly share our vision and have a track record of supporting some of the world’s most successful businesses.
Of course, none of our achievements to date would be possible without our customers and partners. You inspire us to keep getting better and we look forward to telling you more about the many exciting things we have planned.
Last but not least, I’d also like to take this opportunity to say a huge thank you to the Picus team for your hard work in enabling us to reach this stage of our journey. This is an incredibly proud day for us all and I’m delighted to share it with such a great group of talented, passionate and enthusiastic people. Now could not be a better time to join us!
Here’s to an exciting new chapter!
H. Alper Memis,
CEO and Co-founder, Picus Security