Paris-based cybersecurity startup Filigran is leveraging the success of OpenCTI to build a suite of open source threat management products. The company is already gaining early momentum with its open source threat intelligence platform, OpenCTI.
To that end, the company recently raised €15 million (approximately $16 million at current exchange rates) in a funding round led by Accel, with participation from existing investors Moonfire Ventures and Motier Ventures.
Filigran's first product is OpenCTI. It is a threat intelligence platform that allows you to collect threat data from multiple sources in a single interface. Thanks to its modular approach, customers can use connectors to import and enrich data from a variety of sources, including threat intelligence data providers such as CrowdStrike, SentinelOne, and Sekoia. In that sense, OpenCTI is a bring-your-own-data product.
Cybersecurity teams can then explore the dataset in a structured way. OpenCTI supports relationships between entities, adding much-needed context when investigating threats. The platform also offers various ways to visualize data.
In other words, it has become a valuable alternative to ThreatQuotient, Anomali, and EclecticIQ for cybersecurity teams managing incidents every day.
“This software product is designed to provide an overview of the entire threat environment. More importantly, it is not limited to technical or non-technical elements. It is designed to provide an overview of the entire threat environment. It's a really integrated view of the threat environment, from everything down to the most strategic elements,” co-founder and CEO Samuel Hassine told me.
“That means you have information that can help you not only better detect threats and respond to security incidents, but also improve your risk analysis as a CISO.”
From open source side projects to 70 employees
Samuel Hassine and his co-founder Julien Richard first started working on OpenCTI several years ago, long before Filigran was launched. Hassine is from France where he worked for several years at the ANSSI cybersecurity agency and then at Tanium, where Richard spent several years leading engineering teams and working on data-driven products.
Initially, OpenCTI was just a side project. However, the two decided to build a startup around this product. In addition to amassing over 4,000 stars on GitHub and his 10 million downloads of the open source version of OpenCTI, Filigran already has over 100 paying customers including Marriott, Thales, and Airbus. as well as the FBI, the European Commission and the Dutch police.
These customers pay for the Enterprise Edition of OpenCTI, which they can use as a hosted Software-as-a-Service product or on-premises with an Enterprise license. Now, Filigran hopes to follow in the footsteps of CrowdStrike and Palo Alto and build a portfolio of cybersecurity products.
Filigran's second product is OpenBAS, an attack simulation platform formerly known as OpenEX. OpenBAS allows you to create exercise scenarios that span multiple communication channels, such as email and text messages. Everything is then recorded in his OpenBAS, so you can see your goals and how your company performed against them.
Although OpenBAS is available as a standalone product, it works better if you are already using OpenCTI because it can use OpenCTI's threat intelligence data. Filigran's eXtended Threat Management (XTM) product suite adds two of his products focused on data-driven risk analysis and crisis management.
Image credits: filigran
“Julian and I's vision for the XTM Suite is a suite of four products that work together to make each other more useful. Each can be used individually, but the suite as a whole is , it creates a lot of value,” says Hassine.
Currently, 40 people work at Filigran. The company has set up a team in the United States and plans to increase the number of employees to 70 by the end of the year.