Bishop Fox Raises $75M to Fortify Offensive Security MuscleThe Money Will Fuel Bishop Fox's Visibility and Continuous Testing for All Services
An emerging offensive security player has closed an eight-figure funding round to strengthen its visibility and continuous testing capabilities across all of its service offerings.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Bishop Fox says the $75 million funding will allow the Phoenix-based company to go from just offering to do attack surface testing on its Cosmos platform to offering all service offerings, including application penetration testing, external network and penetration testing, and red teaming. The Series B round was led by Carrick Capital Partners and brings Bishop Fox's total funding to $100 million since its 2005 founding.
"We've got a tremendous amount of stability in a very shaky economic environment," co-founder and CEO Vinnie Liu tells Information Security Media Group. "So we're hoping that that then serves as a source of strength for us."
Bishop Fox tapped Carrick to lead the Series B round due to the investment firm's experience helping portfolio companies expand their go-to-market motion and transition from traditional managed services to tech-enabled and platform-driven services, according to Liu. He says Bishop Fox plans to expand from just shy of 400 employees today to more than 500 workers a year from now (see: Electronic Health Records: Spotlighting Risks).
"The services-to-platform transition is very unique to Carrick," Liu says. "The thing that we're really pivoting around is that they've successfully helped companies make that transition."
Leaving Point-in-Time Testing Behind
The traditional approach to pen testing that organizations have taken for the past 15 years entails having customers tell a third-party vendor like Bishop Fox what and where they should test during a two-week period. But for the remaining 50 weeks of the year, Liu says, the company's defenses aren't being tested and the third-party vendor has no visibility into their customer's security posture.
Bishop Fox's debut of the Cosmos platform is intended to help organizations shift from point-in-time to continuous assessments of their IT environment, Liu says. The debut of continuous attack surface testing on Cosmos means that customers now have a much better view of what their attack surface really is since they can now see when assets move around in the cloud or in and out of cloud environments.
With attack surface testing now on Cosmos, Liu says, customers now know throughout the year whether there are any severe or commonly exploited vulnerabilities on their external attack surface. Migrating the external pen testing, application pen testing and red teaming to Cosmos will require a decent amount of engineering work since each service was developed separately and has its own intricacies.
The external pen testing and application pen testing are currently in the early phases of beta testing and should be available within the next three months and in the first quarter of 2023, respectively. Shifting to continuous pen testing for apps means customers will learn where vulnerabilities in their custom apps are located more quickly so that weaknesses can be addressed before they're exploited.
"We're doing it against custom applications, which is incredibly difficult to do," Liu says.
The Red Team That Never Stops
The continuous red teaming on Cosmos will allow Bishop Fox to emulate a broad variety of ransomware attacks in an almost entirely automated fashion so that customers can figure out how susceptible they are to different strains of ransomware. This means clients can determine the most likely attack paths without having to allocate many internal resources since the work is almost entirely automated, he says.
As a result, Liu says, this frees up time for customer vulnerability management and security personnel to have more strategic conversations around other areas of security testing they wish to focus on and carry out more point-in-time assessments.
From a metrics standpoint, Liu hopes the Series B funding and subsequent expansion of Cosmos will increase the speed at which Bishop Fox discovers new assets or changes in the attack surface. He also anticipates the money will increase the speed at which highly exploitable vulnerabilities are identified as well as the speed at which those vulnerabilities are remediated working in partnership with customers.
"There's actually an opportunity for us to tech-enable our platform, all of our services," Liu says. "And that's going to be a real game changer for us because we can actually strengthen the entire business, all the services that we do."