Startup information security firm Intrigue on Tuesday announced a US$2 million seed round led by LiveOak Venture Partners for a new attack service management platform that helps secure enterprise networks. The Intrigue tools scan all public, exposed attack surfaces inside and outside a company.
The seed funding will also support the security and developer communities contributing to Intrigue Core — an open-source asset discovery project that serves as the backbone of Intrigue’s enterprise solutions.
Intrigue Founder and CEO Jonathan Cran at the same time disclosed that his company’s network security tools discovered the extensive infiltration done in a successful breach by a Chinese cyber-espionage unit to compile a list of Fortune 500 companies still exposed to last month’s Microsoft Exchange breach.
Reports surfaced last month that a Chinese cyber espionage unit focused on stealing email from some 30,000 organizations by exploiting four newly-discovered flaws in Microsoft Exchange Server email software. That attack reportedly seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.
“You can’t secure what you can’t see. Intrigue goes far beyond current offerings to give enterprises visibility into their entire public-facing footprint so they can both monitor it and secure it,” said Creighton Hicks, principal at LiveOak Venture Partners, of the significance of Intrigue.IO’s network security tools.
Attack surface management (ASM) tools are designed to detect network vulnerabilities and prevent breaches. The network attack surface is comprised of all vulnerabilities in connected hardware and software accessible to unauthenticated users.
How It Works
Attack Surface Management is the practice of relentless mapping and securing of all Internet-facing assets throughout an organization’s entire network perimeter. It has rapidly become a top enterprise priority, as massive adoption of cloud, SaaS, and mobile across a distributed workforce means an expanding, evolving, and changing attack surface subject to an increasing number of sophisticated threats, according to Intrigue.
The Intrigue platform is built on an open core architecture that offers a comprehensive view of an enterprise’s attack surface. For example, according to Intrigue’s tools, the average Fortune 500 company now has 631 unique application endpoints across their external attack surface and an additional 464 open ports.
“Intrigue began with the idea that security teams must be able to scale to enable innovation while also managing an ever-growing and changing attack surface. To do this well requires deep visibility of assets and awareness of their exposure to threat actors,” explained Cran.
Rapid Market Path
Cran founded the company in 2019. He is a former principal at Rapid7, Bugcrowd and Kenna Security, and architect of multiple leading security technologies, standards and frameworks.
Intrigue offers a comprehensive view of an enterprise’s attack surface. It is the only attack surface management solution that fully enables organizations to map their assets, monitor their environment, and mitigate ongoing risk, he said.
Since opening its doors, the company developed Intrigue Enterprise which includes expanded non-linear mapping technology for asset discovery, workflows for automatic scoping and vulnerability control, and extensive enterprise integrations.
The Intrigue Core open-source software project includes a discovery engine for asset mapping, vulnerability, and misconfiguration identification, along with deep asset fingerprinting and analysis.
In this transitional moment, technology is becoming more dynamic and distributed. In the wake of yet another unprecedented wave of breaches, LiveOak is partnering with Intrigue to quickly bring the new platform to market, according to Intrigue’s founder.
“The founding team at Intrigue has spent years in the trenches exploring the problem set and building a world class attack surface discovery platform. With this investment, we are now in a position to expand upon this foundation investing in our enterprise solution and partnering deeply with our customers,” Cran said.
New Needs in Different Times
Managing enterprise security is a different ballgame than ever before, especially with the rise of cloud native, observed Chris Aniszczyk, CTO at Cloud Native Computing Foundation.
“Intrigue’s novel and extensive approach to mapping, monitoring, and managing attack surfaces, and its open-source strategy move the state of cloud native security forward,” he said.
Attack surface management was born out of necessity, with the recognition that existing security tools are unable to effectively discover and map an organization’s assets, offered Adrian Sanabria, senior research engineer at CyberRisk Alliance. Traditional vulnerability management offerings consistently miss assets, and penetration tests occur too infrequently to reliably fill that gap.
“I’ve yet to find a case where an organization used a solution like Intrigue, and wasn’t surprised by some significant discoveries,” he said.
The beauty of Intrigue is that it provides amazing detail on the attack surface and defensive posture not only of your organization but that of other organizations you depend upon, like your vendors, supply chain, and critical infrastructure sector, added Greg Conti, cofounder and principal at Kopidion, black hat trainer, and founder of the Army Cyber Institute.
“What we think is our organizational attack surface always differs from the reality. Intrigue allows defenders to learn the truth of their attack surface quickly and easily,” he said.
Essential Security Performance
Intrigue is an essential part of a firm’s security operations that creates a very detailed infrastructure mapping across all types of assets. It also continually monitors known threats, and alerts an organization to potential exposure, offered Chris Gates, red team manager at Robinhood.
“Intrigue is an extremely comprehensive asset discovery and security assessment platform that provides its users with an early warning to effectively mitigate risk,” he said.
Almost everywhere security teams are increasingly becoming overwhelmed by data, according to Greg Martin, general manager of security at Sumo Logic and former cybersecurity advisor to NASA, the FBI, and the Secret Service. They are inundated with an exploding number of security alerts driven by fundamental changes in IT infrastructure, a move to remote work, and an increase in the frequency of sophisticated threats.
“To optimize security operations and ensure a focus on the most critical vulnerabilities, it is essential that an organization receive actionable intelligence to quickly analyze any threat and immediately assess both its importance and the degree of exposure within their environment. This process used to be very manual, time-consuming, and error prone. Now an organization can just use Intrigue,” he said.