Security Experts:

Breach and Attack Simulation Firm SafeBreach Doubles Funding With $53.5M Series D Round

Sunnyvale, CA-based breach and attack simulation firm SafeBreach has raised $53.5 million in a Series D funding round led by Sonae IM and Israel Growth Partners (IGP). Sands Capital, Leumi Partners and existing investors participated, and the funding includes strategic investment from ServiceNow.

This latest round more than doubles the firm’s funding, bringing the total raised to date to $106.5 million. SafeBreach told SecurityWeek the money will be used to continue innovation in its core product platform and expand the firm’s market reach. The latter will include doubling the size of its team with the specific intent to expand in the EMEA and APAC regions.

Safebreach logoThe firm already has almost 100 enterprise customers within the Fortune 1000, including the top five largest financial, healthcare and pharmaceutical companies.

“As we enter a new phase of growth,” says Guy Bejerano, co-founder and CEO of SafeBreach, “this investment will significantly expand our go-to-market capabilities while simultaneously increasing availability of our widely used continuous security validation platform. In our evolving threat landscape, many organizations have responded to threats in their environment by buying more security products and hoping that will make them more secure. But hope is not a viable strategy – a holistic view of risk is needed.”

The firm provides automated attack simulations to allow customers to validate their controls, improve their security posture and mitigate their business risk. “SafeBreach is the most comprehensive breach and attack simulation platform on the market,” comments Carlos Alberto Silva, managing partner, Sonae IM – who joins the SafeBreach board. “Not only does it have the largest playbook containing over 21,000 breach methods; the platform also has flexible prioritization capabilities, extensive integrations and extensible remediation options.”

The 21,000 breach methods in the SafeBreach Hackers Playbook can be individually chosen (or chosen as a group) by the security analyst based on objectives – for example, to test against the latest ransomware or threat group, or to test a particular security control.

These tests can be integrated with the customer’s own priorities. “Vulnerabilities can be prioritized by integration with an organization’s existing vulnerability management systems,” Bejerano told SecurityWeek. “SafeBreach can enable more effective risk-based vulnerability management, identifying which vulnerabilities can be exploited and accounting for business risk – to help security teams find, prioritize, and fix vulnerabilities.”

An Insights module in the platform, he continued, “allows security teams to prioritize security gaps in their environment based on their business impact, empowering security teams to fix the gaps that have the potential to do the greatest harm to the organization.”

SafeBreach goes beyond finding security issues by integrating with the customer’s existing security controls, including workflow management tools like SOARs, SIEMs, and individual security controls like EDRs, network security tools, threat intelligence platforms and vulnerability management tools.

“With these integrations enabled,” said the firm, “SafeBreach can provide actionable remediation data, pre-formatted for the relevant controls. This allows for easy remediation that can be applied immediately and effectively within the control.”

SafeBreach was founded in 2014 by Guy Bejerano (CEO) and Itzik Kotler (CTO), both graduates of the Israeli military talent funnel. It raised $15 million in a Series A funding round in July 2016, a further $15 million in a Series B round in May 2018, and $19 million in a Series C round in April 2020.

Related: Cyberattack Simulation Company XM Cyber Raises $17 Million

Related: From IDF to Inc: The Israeli Cybersecurity Startup Conveyor Belt

Related: Fact vs Fiction: The Truth About Breach and Attack Simulation Tools

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.