Events 0
En
Ua
Events 0
Search result:
More
Home Press center Series C investment announcement: from attack simulation pioneer to leader in attack exposure validation
Series C investment announcement: from attack simulation pioneer to leader in attack exposure validation- image 1
News
Published:

Series C investment announcement: from attack simulation pioneer to leader in attack exposure validation

Picus Security has reached an important milestone – the completion of its Series C investment round. This is not only a confirmation of the hard work of the company’s team, but also recognition of its leadership in the new, extremely important category of Adversarial Exposure Validation, which is becoming a key element of modern cyber threat management.

Ten years ago, Picus Security set out to create a new category of cybersecurity – Breach and Attack Simulation (BAS). Since then, the company has not only expanded its capabilities, but also improved BAS for customers: automated Lateral movement testing and validation of detection rules for SIEMs have been introduced. Today, Picus Security is proud to lead the Adversarial Exposure Validation business and strives to create an ecosystem that provides a comprehensive solution for cyber threat management. Translated with www.DeepL.com/Translator (free version)

More data, but not more security

Cybersecurity is moving into a new phase where artificial intelligence, automation and technological self-awareness are enhancing defences. This new phase is characterised by acceleration, which is changing the way attackers operate and expanding the attack surface, making it increasingly challenging for organisations to protect themselves. Here are the three main threats organisations face:

  1. A rapidly growing attack surface. Every connected device or credential can become an entry point for attackers.Cloud migration, the growing number of remote workers and devices, and the constant flow of new applications provide attackers with numerous new opportunities to penetrate systems. As complex systems evolve, so does the attack surface, leading to a huge number of vulnerabilities that security teams do not have time to address. At the same time, the time to respond to incidents is steadily decreasing.
  2. Outdated priorities. Vulnerability assessments used to help address the biggest risks first. While CVSS and EPSS ratings provide a scale, they do not take into account data from other tools or critical business context. Also, many vulnerabilities remain theoretical due to compensating controls or lack of context. Despite their partial effectiveness, these approaches do not reduce the number of tasks for the team. In fact, traditional methods are imperfect and ignore the specifics of each organisation.
  3. Automation and artificial intelligence accelerate attacks. Attackers are moving faster than ever before. In the past, they could remain invisible in systems for months or even years before becoming active. Today, thanks to the use of artificial intelligence and automation, their actions have become much faster and more stealthy.

All of these issues are interconnected. Over the years, organisations have invested resources in various tools to manage the attack surface. In addition to vulnerability management tools, they have used solutions such as EASM, BAS, PTA, and CAASM to try to overcome these challenges. While these technologies provide a certain level of visibility, they also significantly increase the workload of security professionals, making reporting and prioritisation difficult due to the fragmentation of information between the individual tools.

Today, it is more important than ever for cybersecurity teams to build an effective ecosystem, integrate their data and ensure that threats are addressed quickly.

Exposure validation: the foundation of exposure management

With the evolution of the cybersecurity technology stack, where detection and response have become key components, it has become clear that perimeter protection alone is not enough. Teams have rightly embraced the concept of ‘zero trust’ and understand that it’s not a question of if a breach will happen, but when it will happen. This remains true even with additional security measures in place. The cybersecurity community is now adopting a ‘breach assumption’ approach and emphasising the need to regularly test your defences. It’s time to question the common understanding of security and accept that some aspects may remain unprotected.

While a single platform for cybersecurity remains a dream, creating an ecosystem where cybersecurity data and technology interact to achieve better results is within reach. Picus believes in a future where all vulnerability data can be brought together in one open platform, integrated with best-in-class technology. To achieve this, the company is working with partners to validate technologies focused on continuous threat execution management (CTEM).

For Picus, it is important to solve major challenges based on these principles:

  • Combining and correlating vulnerability data. Ongoing integration of all vulnerability and misconfiguration data is a critical initial step that cannot be ignored. Since different tools may display vulnerabilities differently, combining this data allows you to deduplicate, normalise and correlate information to improve operational efficiency. Through integration and automation, we can make the attack surface less complex and more manageable.
  • Continuous validation and prioritisation. Consolidated threats can now be prioritised based on severity, asset criticality, likelihood of exploitation, and the context of security controls. In addition to prioritising by threat level, teams should consider testing the effectiveness of compensating measures and possible attack paths to significantly reduce the task list, leaving only the most critical issues to be addressed quickly. This should be done continuously as an integral part of the vulnerability management programme, not as a one-off step.
  • Optimising vulnerability remediation. After identifying the most significant risks to the organisation, modern tools should provide teams with clear next steps for rapid resolution, whether through remediation or compensating controls. With integrations and automated tools, teams can address vulnerabilities faster and more efficiently.

Concluding thoughts

Together with his co-founders Volkan Ertürk and Suleyman Ozersalan, he decided to fill a critical gap in the cybersecurity market. In 2012, Volkan was advising a company that had suffered a data breach and realised that the existing approach to cybersecurity needed to change. They created Picus to respond to new threats.

Today, Picus Security is a global team of innovators building the future with purpose and inspiration. This Series C funding round is a significant step and the beginning of a new phase for the company. The creation of the Adversarial Exposure Validation Management category reflects the need for a new approach to cybersecurity management in large organisations.

Alper Memisch, CEO and co-founder of Picus Security, emphasises: ‘The Series C is a recognition of our investors’ confidence in our vision for the future of cybersecurity. We’re proud to continue to innovate, advance cybersecurity defences and remain a leader in exposure management to help cybersecurity teams meet today’s threats.’

NEWS

Current news on your topic

Постреліз
Cyber Incidents Without Borders: How an Ecosystem for Data Sharing Is Taking Shape
More
News
Cybersecurity Dialogue in Kyiv: How Business is Changing Its Approach to Cybersecurity
More
News Vectra AI
Vectra AI expands network observability with proactive exposure management designed for AI enterprises
More
All news
All news
This website uses cookies for convenience. Privacy policy