Cybersecurity budgets are under strain due to economic uncertainty.
More than a third of chief information security officers (CISOs) have either kept their security spending the same or slightly reduced it in 2023, according to a 2023 survey conducted by IANS and recruitment firm Artico Search. Another report from PwC found that one in five organizations will see their cybersecurity budgets stagnate or even shrink this year.
So what's a CISO to do? Well, ask Garrett Hamilton to give Reach Security a thought.
Reach is the brainchild of Hamilton, a startup he co-founded with Colt Blackmore in 2021. Although it is technically a cybersecurity platform, it is not a traditional platform.
Rather than acting as just another layer in a company's cybersecurity stack, Reach connects to a company's existing IT and security products, collects data about attacks, and uses the security tools the company already owns. and recommends ways to counter attacks.
“The average security team uses less than 20% of the resources they have, and as a direct result of that, they struggle to keep their organizations secure,” Hamilton said in an interview with TechCrunch. Told. “Other companies in our industry will say we need another security mousetrap to solve this problem. They're wrong.”
Prior to joining Reach, Hamilton was Director of Product Management at Palo Alto Networks. Blackmore led data science efforts at cybersecurity firm Proofpoint and previously served as head of technology in Palo Alto.
Hamilton and Blackmore said they designed Reach to abstract away some of a company's fundamental security decisions. In Hamilton's view, organizations feel like they're “running in place.” In other words, you buy security tools, put effort into operating them, and often don't see results.
The spread is real. A study by security posture management vendor Panaseer found that organizations manage an average of 64 to 76 security tools (as of 2022). According to the same survey, only one-third said they were “very confident” in their ability to prove that their security controls are working as intended.
Perhaps it's no surprise that many CISOs feel their cybersecurity budgets are being wasted. And even with a myriad of defensive and offensive tools, it can take days or even weeks to detect a threat.
“It's becoming increasingly important for security teams to optimize the tools they already have based on the attacks they're actually facing,” Hamilton said. “Vendors should meet face-to-face with customers to prove their value, and customers should focus on effectively operating what they have in place before considering another tool or platform.”
Reach Security's central dashboard.
To do so, Reach seeks to discover who the attacker is, what their targets are, what they have access to, how the attack works, and recommend options available to thwart the attack through a company's subscription products. Reach also automatically adjusts the configuration of security tools to prevent attacks and prioritizes actions based on how the attack is carried out.
“Reach goes beyond best practices and compliance to assess an organization's security posture,” said Hamilton. “We also solve the 'last mile' problem by tailoring security management recommendations and assessments based on each customer's unique threat profile and allowing operators to deploy changes directly from their Reach. .”
Companies, and investors alike, find this premise attractive.
Hamilton said “dozens” of organizations, including Autodesk, have adopted Reach's tools. And Leach recently closed his $20 million funding round led by Ballistic Ventures with participation from Artisanal Ventures, Ridge Ventures, Webb Investment Network, Tech Operators and former Palo Alto Networks CEO Mark McLaughlin .
Geoff Belknap, CISO at LinkedIn, said:
Rather than asking you to buy one more tool, Reach Security makes sure that “tools don't stop” by tackling problems pragmatically with products that focus on getting the most out of what you already have. We solve the problem of “too many people and not enough people.” If you are one of those security leaders who have all the necessary personnel and budget, it is definitely worth ignoring. But 99.999% of us want to further leverage the tool investments we've already made and better demonstrate stable or even increasing returns from those investments to board and executive stakeholders. I hope that. This is something you should actively consider.
Reach's ability to secure a sizable tranche of funding is even more impressive given the ongoing downturn the cybersecurity sector is experiencing.
According to startup incubator DataTribe, completed cybersecurity funding deals fell by 37% from Q4 2022 to Q4 2023. Series A valuations took a big hit, with the median pre-money valuation falling from a five-year high of $73.45 million. Up to $29.5 million.
“The widespread slowdown in the technology industry has amplified the value Reach provides,” he added. “Reach addresses a universal need and is positioned for growth in an area where there is a growing demand to use existing security controls more effectively…This new funding will help us scale It was procured in [up] When it comes to business, we will continue to take a disciplined approach to scrutinizing our spending against the results achieved. ”