Energy companies, health records companies, and other tech-heavy industries are keeping a closer eye on security. And with good reason: A failure in the electric grid or a banking system could be disastrous. But how do they ensure the dozens of systems they employ are working properly?
That’s where a San Diego-based cybersecurity startup says it has the missing ingredient. AttackIQ runs simulated “attacks” to test companies’ security systems, and then provides them information on which controls failed.
“How do you check to make sure that your front door is locked? You try to open it,” AttackIQ CEO Brett Galloway said. “That’s more or less what we do across a broad array of security controls. They’re more complicated than the lock on your door, but they’re vulnerable to being misconfigured or not set up correctly.”
AttackIQ raised $17.6 million in a Series B round on May 29, led by Khosla Ventures, the venture capital firm started by Sun Microsystems co-founder Vinod Khosla. Along with the investment, Khosla Ventures Partner Brian Byun, a former VMware executive, joined AttackIQ’s Board of Directors.
Galloway said the company raised the additional funds after its lead competitor, Verodin, was acquired by FireEye for $250 million.
“That validates the product category, and leaves us as the clear leading independent player in the space,” he said.
AttackIQ was founded by Chief Technology Officer Stephan Chenette and Chief Architect Rajesh Sharma, in 2013. They sought to create a tool to let companies measure and test their cybersecurity tools, so they could reduce their risk of an attack.
“As we observed a seemingly never-ending number of breaches occurring, we knew that building a detection and/or prevention security tool was not the answer,” Chenette wrote in an email. “The creation of AttackIQ has been a vision of mine for the past 20 years of my career, but the company has far exceeded my expectations due to our incredible team and customers that have helped us grow to where we are today and will help us continue to succeed in the future.”
Galloway joined as the company’s CEO in November. He had previously served as a senior vice president for Cisco, and before that, had also taken his own company public. His IT startup, Packeteer, was acquired by Blue Coat Systems, which was later acquired by Symantec.
Galloway said his work left him with two beliefs about security: First, it matters deeply, and second, it was often ineffective.
“I was actually not looking for a job. I was introduced to (AttackIQ) by a colleague,” Galloway said. “When I heard about AttackIQ, my reaction was, ‘oh, that is the solution to the problem.’ I joined as CEO because I fell in love with the mission.”
The company plans to use the additional funding to build up its workforce. It currently has about 60 employees, and Galloway hopes to be in the “high-double digits” by the end of the year. The new hires will be split between engineering, sales and marketing, and will largely be in AttackIQ’s San Diego office, though it has also grown its teams in Australia, Barcelona and Silicon Valley.
“We’ve been able to grow the business quite a bit,” he said. “Stephan and Raj are thrilled to see their baby growing up.”
In the long run, Galloway hopes to continue to grow the company toward an IPO.
“We’re venture backed, so venture investors expect me to deliver an exit at some point.,” he said. “I didn’t join the company to sell it; I joined the company to build a great business. In due course, I expect we’ll take it public.”