Security Experts:

Connect with us

Hi, what are you looking for?


Cybersecurity Funding

Breach and Attack Simulation Firm SafeBreach Doubles Funding With $53.5M Series D Round

Sunnyvale, CA-based breach and attack simulation firm SafeBreach has raised $53.5 million in a Series D funding round led by Sonae IM and Israel Growth Partners (IGP). Sands Capital, Leumi Partners and existing investors participated, and the funding includes strategic investment from ServiceNow.

Sunnyvale, CA-based breach and attack simulation firm SafeBreach has raised $53.5 million in a Series D funding round led by Sonae IM and Israel Growth Partners (IGP). Sands Capital, Leumi Partners and existing investors participated, and the funding includes strategic investment from ServiceNow.

This latest round more than doubles the firm’s funding, bringing the total raised to date to $106.5 million. SafeBreach told SecurityWeek the money will be used to continue innovation in its core product platform and expand the firm’s market reach. The latter will include doubling the size of its team with the specific intent to expand in the EMEA and APAC regions.

Safebreach logoThe firm already has almost 100 enterprise customers within the Fortune 1000, including the top five largest financial, healthcare and pharmaceutical companies.

“As we enter a new phase of growth,” says Guy Bejerano, co-founder and CEO of SafeBreach, “this investment will significantly expand our go-to-market capabilities while simultaneously increasing availability of our widely used continuous security validation platform. In our evolving threat landscape, many organizations have responded to threats in their environment by buying more security products and hoping that will make them more secure. But hope is not a viable strategy – a holistic view of risk is needed.”

The firm provides automated attack simulations to allow customers to validate their controls, improve their security posture and mitigate their business risk. “SafeBreach is the most comprehensive breach and attack simulation platform on the market,” comments Carlos Alberto Silva, managing partner, Sonae IM – who joins the SafeBreach board. “Not only does it have the largest playbook containing over 21,000 breach methods; the platform also has flexible prioritization capabilities, extensive integrations and extensible remediation options.”

The 21,000 breach methods in the SafeBreach Hackers Playbook can be individually chosen (or chosen as a group) by the security analyst based on objectives – for example, to test against the latest ransomware or threat group, or to test a particular security control.

These tests can be integrated with the customer’s own priorities. “Vulnerabilities can be prioritized by integration with an organization’s existing vulnerability management systems,” Bejerano told SecurityWeek. “SafeBreach can enable more effective risk-based vulnerability management, identifying which vulnerabilities can be exploited and accounting for business risk – to help security teams find, prioritize, and fix vulnerabilities.”

An Insights module in the platform, he continued, “allows security teams to prioritize security gaps in their environment based on their business impact, empowering security teams to fix the gaps that have the potential to do the greatest harm to the organization.”

SafeBreach goes beyond finding security issues by integrating with the customer’s existing security controls, including workflow management tools like SOARs, SIEMs, and individual security controls like EDRs, network security tools, threat intelligence platforms and vulnerability management tools.

“With these integrations enabled,” said the firm, “SafeBreach can provide actionable remediation data, pre-formatted for the relevant controls. This allows for easy remediation that can be applied immediately and effectively within the control.”

SafeBreach was founded in 2014 by Guy Bejerano (CEO) and Itzik Kotler (CTO), both graduates of the Israeli military talent funnel. It raised $15 million in a Series A funding round in July 2016, a further $15 million in a Series B round in May 2018, and $19 million in a Series C round in April 2020.

Related: Cyberattack Simulation Company XM Cyber Raises $17 Million

Related: From IDF to Inc: The Israeli Cybersecurity Startup Conveyor Belt

Related: Fact vs Fiction: The Truth About Breach and Attack Simulation Tools

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek


Forty cybersecurity-related M&A deals were announced in January 2023.