The SafeBreach GRID [Global Risk Director] adds the ability to determine what impact threats will have on a business, so that customers can better prioritize their response.

Cybersecurity vendor SafeBreach has announced the expansion of their Breach and Attack Simulation platform with SafeBreach GRID [Global Risk Director]. SafeBreach GRID is a breach and attack simulation application which uses correlative analytics to identify security gaps, and then link them to their potential business impact.

SafeBreach was founded in Tel Aviv in 2014, and has been selling their platform since 2017.

“Our two founders were Guy Bejerano, who was a CISO for many years, and Itzik Kotler, who was in Unit 8200 in the IDF, and was a hacker from a young age,” said Yotam Ben Ezra, SafeBreach’s VP Products. “Itzik leads the research, and the R&D team is in Tel Aviv.” The head office is now in Sunnyvale CA.

“In terms of the funding lifecycle, we are now post-Series B, with a total of  $35 million so far,” Ben Ezra said. “One of the last round investors was originally a customer, which we think is worth highlighting.” Customers include major large enterprise logos,  and encompass healthcare, technology, manufacturing, and retail.

“SafeBreach was the first company worldwide with a product in the breach and attack simulation space,” Ben Ezra said. “Itzik, who had been in offensive security all his life, came up with this idea of using such a platform for defensive purposes to provide visibility. Others have got into the space as well, but it was very novel at the time.”

The company’s name suggests the core concept behind their solution.

“What we do is allow you to breach yourself,” Ben Ezra said. “Our platform allows you to do it 100 per cent safely, with no chance that something bad will happen.”

At the core, the idea and execution is very simple.

“We use analytics to allow organizations to prioritize where they want to start improving their security based on the results, and make them actionable,” Ben Ezra said. “We start with the platform that can show thousands of attacks, and produce lots of results showing the customer that they are not 100 per cent secure. The hard part for them, with so many dangers, is knowing where to start. What SafeBreach GRID does is link the impact of each danger to the business and tie the security posture to that. The customer can then see what remediation will make the biggest impact, so that they can determine priorities. We can show that ‘if you fix this malware, you will improve your security posture by x per cent. So GRID is important because it links security posture and risk to the business, and shows an actionable way for improvements, with insights which help you understand where to start.”

SafeBreach GRID is sold separately from the SafeBreach platform, and works exclusively with it. Customers do not necessarily need to have a SOC to get value from it, but they should have a fairly advanced security team

“We aim at customers who have focused enough security to enjoy full value from the value that we bring, which means that they will have a security team,” Ben Ezra said. “They need to be mature enough in security to get the most out of us.”

SafeBreach is still mainly direct in their Go-to-Market, although they have begun to add a channel.

“We work with partners that deliver security services like managed SOCs, and we  help them differentiate in their market,” Ben Ezra said. “We have a few MSSPs as well.”

SafeBreach is complementary to many other security vendors, so vendor strategic partnerships are an increasing part of their Go-to-Market.

“We are partnering with a few major vendors,” Ben Ezra indicated. “We have made several announcements in the last couple of months, and there are some more coming.” Three months ago, for example, they joined the Microsoft Intelligent Security Association.

They are also a member of HPE Pathfinder, that company’s program for incubating startups. Unlike some of the Pathfinder companies, they are not a member of HPE Complete, the Go-to-Market program for third-party vendors, and Ben Ezra indicated that placing a big bet on HPE is not in their immediate plans.

“HPE is definitely an opportunity for us, but we do have multiple routes to market,” he said.

“Next up, we plan to expand our capabilities even further, and go deeper into the flow of how people use our platform, adding additional insights,” Ben Ezra continued. We will also be extending integrations with our strategic technology  partners.”