The cloud, and the growing number of assets that are held and used within cloud services, have become a major focus in cybersecurity over the years. Today, a startup that’s leveraging the cloud in a different way — to run a security operations center within it — is announcing a round of funding to expand its activities. Cyrebro — a startup out of Israel built around a team of cybersecurity specialists that monitor networks for enterprises, leveraging both Cyrebro’s own automation tools and whatever other security apps an organization uses to keep data and infrastructure safe — has raised $40 million.
The funding, a Series C, is being led by Koch Disruptive Technologies (KDT), with new backer Elaia and previous investors Mangrove Capital Partners, Prytek, Bank Mizrachi and InCapital Group also participating.
Cyrebro has been profitable for the last several years, and it’s seen some explosive growth in that time. Today, it helps manage security for 400 customers, up from just 38 three years ago.
“Growth like that needs support,” Nadav Arbel, the CEO and co-founder, explained as the rationale for the funding.
Today, the platform covers a number of functions for its customers — threat hunting, threat intelligence, forensic investigations, incident response, SIEM (security management) optimization, and strategic monitoring, which it provides either as a complete solution or to complement existing security operations at an organization, depending on the size (it works with small businesses as well as very large enterprises).
Cyrebro will be using the new funding both to continue expanding the functionality of the product — today, for example, Cyrebro’s customers would use a third-party remediation tool to complement the work that Cyrebro does, so that could be one area of product expansion — and also to delve deeper into more geographies. The company is based out of Israel today with operations across North and South America, EMEA and Asia.
The company has raised $60 million to date, and it’s not disclosing its valuation.
Cyrebro’s pitch is that it can complement and consolidate what an organization may already be investing in its security operations, and it can help those organizations run their overall security operations faster, more efficiently and ultimately at a lower cost, and its arrival speaks to a specific evolutionary stage in the world of enterprise IT.
Migration to the cloud is the name of the game in enterprise IT today, and for the most part that architecture promises a lot of new features, efficiencies, and flexibility when it comes to digital work. The down side is that in many cases, across a wider organization, between on premise and cloud services, IT is grappling with a very fragmented landscape when it comes to monitoring and managing that data.
And the same goes for securing it: typically a company uses a number of different apps and systems to monitor data, devices and networks across a wider organization, but that begs the question of how all of that data is subsequently consolidated, to make it usable and actionable. And that’s before considering the strain and burnout that security teams are facing to grapple with this.
And that is essentially where Cyrebro believes it can play a role: by being the central nervous system that can read these different signals, and make concerted sense of them. “Cyrebro” is triple wordplay, Arbel said: first, on cerebrum, the Latin word for “brain”; second, on Cerebro, the headgear used by Professor Xavier in X-Men to “see the entire world”; and third, on the obvious reference to cyber (short for cybersecurity). Note: even with the different spelling, Arbel said his legal team cleared the copyright on using the term with Marvel/Disney.
In cybersecurity, a lot of the innovations these days are focused around AI and other software that automate certain tasks, and there is a very logical reason for that: malicious hackers are also building automated and AI-based tools to swarm networks, creating a mass of sophisticated activity, across a mass of data, and so the aim is to fight fire with fire.
But alongside that, there is an indisputable role still for human intervention and judgement, and that is something that anchors Cyrebro as well, which is based on a team of specialists, who in turn work with a company’s own in-house teams, with all of Cyrebro’s software assets, and those of their clients.
Arbel explained that this is also because of how the startup itself germinated. As with so many in cyber intelligence and security in Israel, his roots are in defense and working in the public sector: one of his past roles was as the Israeli police force’s cyber chief. He also worked for years in consulting, where he saw first-hand the need for a better, centralized approach to security operations.
“We are a company that grew out of red teaming, so we have an offensive mindset,” he said. “My idea for building this came from hundreds of red team exercises: yes, companies were monitoring — we have tools installed everywhere these days — but they were asking the wrong things.” Essentially they “lacked a wider understanding” of threats and how to see them off.
The company does have competitors in the area of SOC as a service, as well as managed security service providers overall, large organizations like Cybreproof, CheckPoint, Axonios and more, as well as newer players like SOC Prime — who all provide some of the same or similar services (or similar concepts, but with different approaches). Investors say that Cyrebro stands out for its comprehensiveness and track record so far.
“Cyrebro provides MSSPs the highest level of automation and lowest false-positive rate with its SOC Infrastructure offering, making it truly distinct,” says Isaac Sigron, managing director at KDT, in a statement. “We believe they are revolutionizing the industry by providing MSSPs with the foundation to build a world-class, state-level product with fewer resources and expenses. This enables MSSPs to provide better and more cost-efficient service to their customers while significantly extending their offering. CYREBRO has shown significant growth in a challenging market, and we’re confident that Nadav and his team will continue to drive the business forward.”
Longer term, as security breaches and malicious activity get more sophisticated, Arbel believes that the trend will be for specialists to manage an increasing amount of security work in an outsourced way, with companies like Cyrebro playing an ever-bigger role as a result.
“In five to ten years, companies will not build security operations centers from scratch,” he said.