Continuous Security Validation Company AttackIQ Raises $17.6 Million

By Amit Chowdhry ● May 30, 2019
  • Continuous security validation company AttackIQ announced it raised $17.6 million led by Khosla Ventures
  • Existing investors Index Ventures, Salesforce Ventures, and Telstra Ventures also joined this round
  • Khosla Ventures partner Brian Byun has joined the board in conjunction with this funding round

AttackIQ, a continuous security validation company, announced it has raised $17.6 million in funding led by Khosla Ventures. Existing investors including Index Ventures, Salesforce Ventures, and Telstra Ventures also joined this round. Including this round of funding, AttackIQ has raised a total of $35 million. In conjunction with this round of funding, Khosla Ventures partner Brian Byun has joined the board.

With this round of funding, AttackIQ is going to continue development of its continuous security validation platform, increase hiring across functional areas, and further expand field operations.

“AttackIQ is on a mission to fix enterprise security,” states AttackIQ CEO Brett Galloway. “We believe that security matters very deeply. A successful cyber attack on critical infrastructure would be devastating. Yet the effectiveness of enterprise security controls is often poor. The missing ingredient is systematic feedback on effectiveness. The best way to deliver this feedback is to emulate attacker behavior and see what the security controls do – or, all too frequently, what they don’t do. AttackIQ provides enterprises the information necessary to move from security guesswork to successfully managing the cybersecurity risks that they face, both today and into the future.”

AttackIQ has built the industry’s first platform that enables red and blue teams to test and measure the effectiveness of security controls and staff. And as an open platform, AttackIQ supports the MITRE ATT&CK framework — which a curated knowledge base and model for cyber adversary behavior used for planning security improvements and verifying defenses are working as expected.

“Since our initial investment in AttackIQ, we have seen the company achieve clear leadership in operationalizing the MITRE ATT&CK framework,” added Index Ventures and AttackIQ board member Shardul Shah. “We are proud to support the management team of AttackIQ. The combination of an obsessive focus on customers, category leadership, and significant momentum will set us up for success in our next chapter of growth.”

The MITRE ATT&CK framework is also known for acting as a playbook for the cybersecurity industry as it offers a vast knowledge base that allows organizations to clearly see the steps of complex attacks and the procedures that are linked to a specific adversary behavior.

“AttackIQ’s unique approach fits our view that effective enterprise security programs require an objective, continuous, and machine-driven approach to pressure test and validate the sprawl of security products and controls,” explained Khosla Ventures partner Brian Byun. “We believe this market opportunity is huge and that AttackIQ is well positioned to lead the market.”

And this cybersecurity lexicon levels the playing field for security teams, thus letting analysts and purple teams see specific trends between attacks and adversary styles. Plus it allows security executives to think systematically about the adversary environment in which they must establish a security program and determine if security dollar spend is effective in preventing or detecting all known attacker behaviors.