San Diego Business Journal

AttackIQ, a company that provides continuous security control validation to improve cybersecurity program effectiveness and efficiency, has launched its latest security optimization platform and is doubling down on partnerships and the greater practice of threat-informed defense.

Founded in 2013, AttackIQ was founded by Chief Technology Officer Stephan Chenette and Chief Architect Rajesh Sharma. They sought to create a tool to let companies measure and test their cybersecurity tools, so they could reduce their risk of an attack.

Launched in the La Jolla-based EvoNexus technology incubator, within four years, the company has since grown from a 12-person team to roughly 100 staffers. The company now has moved its headquarters to Santa Clara and maintains a large presence in San Diego.

Increased Cyber Attacks

Cybersecurity has seen a massive boost in activity in the last few months due to the global health pandemic which caused more interactions and transactions moving online. As a result, more cyber attacks are happening than ever.

Brett Galloway, AttackIQ’s chief executive said the company has seen two growing trends this past year: tighter cybersecurity budgets and siege of attacks across tech-heavy industries.

For example, recent high-profile software breaches have occurred at Facebook, Twitter, Uber and even the US Postal Service, exposing millions of users’ private data.

“COVID-19 has been a game changer for cybersecurity practitioners,” said Galloway. “CISOs are under a siege of attacks, while spending is undergoing increased scrutiny. We’re in a new era that requires an optimization strategy for better insights, better decisions, and real business impact. We are addressing the most overlooked cybersecurity issue: control effectiveness.”

Improved Security

The problem is that the majority of cybersecurity teams generally have no idea if their controls are working. According to Verizon, about 82% of successful enterprise breaches should have been stopped by existing controls, but weren’t.

“Security controls are complex systems composed of technologies, people, and processes that fail silently,” said Galloway. “The only way to know if they are working is to actively test them in an automated and continuous way.”

This is where the cybersecurity startup comes into play, in particular AttackIQ runs simulated “attacks” to test companies’ security systems, and then provides them information on which controls failed.

AttackIQ offers prepackaged tests as well as enables companies to customize security threats they are likely to face in their particular industry. The tests also let customers validate that their security systems are actually working.

Jeremy Phelps, director of Information Security at Akin Gump said AttackIQ’s platform has been a vital way to ensure top-notch level security as their teams navigate the COVID-19 era and beyond.

“Security optimization is absolutely paramount in today’s cybersecurity operating environment,” said Phelps. “The new normal of measuring program effectiveness will be directly tied to better insights and better decisions that create value for the business.”

Notable technology partnerships that AttackIQ has formed include Microsoft, MITRE, Carbon Black, CrowdStrike, Palo Alto Networks, and Splunk, among several others.

Educated 2,100 Students

In addition to launching its security optimization platform, the company has introduced AttackIQ Academy, which offers free instructor-led courses that helps organizations bolster their defenses through its advanced cybersecurity curriculum. To date, more than 2,100 students have registered for Academy courses since its launch in April.

Galloway said the immediate effect of COVID-19 on its business was mildly negative. “We had accounts in the pipeline that were either deeply affected by the economic situation and they are not so inclined to buy new stuff,” he said. “What we’re starting to see however is the change in the budget situation which is starting to accelerate our business.”

In the second half of 2020, the company is now seeing much larger deals, Galloway said, as decision makers are realizing that this is not a testing tool — it’s a strategic platform for optimization. Annual revenue was not disclosed, although the company expects to double its revenue again this year.

Galloway joined as the company’s CEO in November. He had previously served as a senior vice president for Cisco, and before that, had also taken his own company public. His IT startup, Packeteer, was acquired by Blue Coat Systems, which was later acquired by Symantec.

“I joined AttackIQ to build a multi-billion dollar revenue business. We’re still growing aggressively,” said Galloway. “The overall business outlook is generally cautionary. I can’t predict the future. I can only prudently manage the business, align with our market opportunity and further our mission.”

In the long run, AttackIQ hopes to continue to grow the company toward an IPO. A now highly distributed company, it has teams in San Diego, Australia, Barcelona and Silicon Valley.

In 2019, AttackIQ raised $17.6 million in a Series B round, led by Khosla Ventures, the venture capital firm started by Sun Microsystems co-founder Vinod Khosla. In total, the company has raised $35 million in funding.