CyCognito raises $30 million for a bot network that probes potential attack vectors

Cybersecurity startup CyCognito today announced it has raised $23 million in funding, bringing its total raised to $53 million. A spokesperson told VentureBeat the funds will be used to expand CyCognito’s team and accelerate its customer acquisition efforts.

A majority of businesses — 62% — experienced phishing and social engineering attacks in 2018, according to Cybint Solutions. That’s all the more troubling in light of the fact that only 5% of companies’ folders are properly protected and that data breaches collectively expose billions of records each year.

CyCognito’s solution is a bot network that performs reconnaissance to continuously scan, map, and fingerprint digital assets around the world. The platform operates externally, requiring no setup, configuration, or maintenance, and it integrates with existing security and DevOps workflows from third-party vendors.

CyCognito profiles things like web apps, keyword and code fragments, logos and icons, and deployed software to identify potential attack vectors. Using risk evaluation methods like authentication and misconfiguration testing, network design analysis, and data exposure spotlighting, the company’s attack simulator orchestrates assessments without affecting business operations.


Above: CyCognito’s web dashboard.

Image Credit: CyCognito

From a dashboard, IT teams can use CyCognito to view attacker-exposed assets, all of which are automatically classified based on business function. Those same teams can also see which department assets belong to and continuously monitor for new assets while taking remediation steps recommended by CyCognito’s simulator. The company grades risks according to severity to help with prioritization.

CyCognito says it mapped the attack surface for a global publishing conglomerate with 900 subsidiaries, discovering roughly 3 times the number of previously identified assets. The majority, or about 80%, were both unknown and unmanaged. Separately, CyCognito claims it recently discovered a cross-site scripting vulnerability on the web admin interface of certain Cisco enterprise-class routers. The exploit gave attackers a path to take control of an admin web configuration utility and perform actions like viewing and modifying sensitive information, controlling the router, and gaining access to other systems.

Accel led the series B round in Palo Alto-based CyCognito, with participation from existing investors, including Microsoft chair John Thompson.

Competition in the cybersecurity segment is fiercer than ever. Players include Dtex, Cynet, IntSightsTrapX SecurityCybelAngel, and Deep Instinct, all of which take an algorithmic approach to threat detection. That’s not to mention San Francisco-based ZecOps, which recently nabbed $10.2 million for tech that automates analysis and response to cyberattacks. Then there’s Trinity Cyber, whose threat-combating suite combines detection with “adversary inference,” and Huntress, which brought in $18 million to detect and remediate cyberthreats. Not be outdone, Lacework protects cloud environments from data breaches.

Sign up for
Funding Weekly to start your week with VB’s top funding stories.