DAST vendor Bishop Fox looks to help orgs manage the attack surface 

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Securing enterprise environments against professional cybercriminals is more difficult than ever before. The explosion in the attack surface that’s occurred over the past few years has created a level of defensive complexity that few organizations can maintain. 

Last year, NIST reported 18,378 vulnerabilities, a number that no security team could scale to manage. With the attack surface growing as cloud adoption increases, organizations need more scalable approaches to protecting the attack surface. 

It is for this reason that Bishop Fox, a dynamic application security testing (DAST) provider that offers enterprises the Cosmos platform, a continuous automated offensive testing solution, today announced it has raised $75 million as part of a series B funding round led by Carrick Capital Partners.

Bishop Fox’s solution enables organizations to continuously map the attack surface, and identify high-risk exposures so they can take action to remediate them. It also offers live access to dedicated testers. The new funding brings the Bishop Fox’s total funding raised to $100 million. 

The need for automation 

Modern enterprise networks can’t be secured by protecting endpoints alone. Enterprises need to have the ability to secure assets including IPs, domains, networks, hostnames and other external-facing assets that threat actors can target to gain access to the environment. 

The bad news is that many organizations are failing to meet these requirements. In fact, research shows that nearly 7 in 10 organizations admit they have experienced at least one cyberattack that started through the exploit of an unknown, unmanaged or poorly managed internet-facing asset.

The good news is that attack surface management solutions have the potential to automatically identify vulnerabilities. This enables security teams to address the most high-risk vulnerabilities first. 

“Today’s IT environments are incredibly dynamic, given the proliferation of technologies like cloud, IoT, SaaS, and the adoption of agile methodologies — and this means attack surfaces are constantly changing,” said cofounder and CEO of Bishop Fox, Vinnie Liu. 

“Unfortunately, traditional solutions weren’t built for these dynamic environments, missing critical exposures and inundating security teams with false alarms,” Liu said. 

Liu explains that organizations need to take a preventative, rather than a reactive approach to securing their environments. Quickly identifying and mitigating vulnerabilities from the perspective of an attacker is now critical for decreasing the likelihood of a data breach. 

The attack surface and vulnerability management market 

Bishop Fox is one of many providers that falls under the vulnerability management market, which researchers project will grow from a value of $13.8 billion in 2021 to $18.7 billion by 2026.

One of the organization’s main competitors is CyCognito, an attack surface management provider founded in 2017 that last year raised $100 million as part of a funding round and has a total valuation of $800 million. 

CyCognito’s platform discovers internet-facing assets to map risks across an enterprises environment, 

Another competitor is Randori, which IBM acquired earlier this year and most recently raised $20 million as part of a series A funding round. Randori’s solution is designed to map an organization’s external attack surface. Then, after mapping the attack surface, the platform helps to prioritize vulnerabilities so enterprises can identify the highest risk vulnerabilities first. 

However, Liu argues that Bishop Fox’s diverse approach to vulnerability management is what sets it apart from competitors. 

“We are able to discover threats across the full spectrum of organization’s attack surfaces given the breadth of our offerings. From point-in-time assessments to continuous attack-surface testing, we cover multiple offensive subcategories where other providers are limited in their scope or focus on only one subcategory,” Liu said.

Originally appeared on: TheSpuzz