【200415 Securityweek】SafeBreach has raised a further $19 million to improve and expand its breach-and-attack simulation platform, which allows customers to assess their security posture against a continuous barrage of genuine, but safe, hacker behaviors.

【谷歌翻译 未经校对】SafeBreach又筹集了1900万美元，用于改进和扩展其违规攻击模拟平台，该平台使客户能够针对持续的真实但安全的黑客行为来评估其安全状况。

Sunnyvale, Calif-based breach-and-attack simulation (BAS) firm SafeBreach has raised $19 million in a Series C funding round led by OCV Partners. Previous investors Sequoia Capital, Deutsche Telekom Capital Partners, DNX Ventures, Hewlett Packard Pathfinder, and PayPal participated in the round, which brings the total raised to date to over $50 million. The money will be used to develop new product capabilities and services, and to expand its strategic partnerships and channel relationships.

总部位于加州桑尼维尔的违反攻击模拟（BAS）公司SafeBreach在OCV Partners领投的C轮融资中筹集了1900万美元。以前的投资者Sequoia Capital，Deutsche Telekom Capital Partners，DNX Ventures，Hewlett Packard Pathfinder和PayPal参与了此轮融资，迄今筹集的资金总额已超过5,000万美元。这笔钱将用于开发新产品功能和服务，以及扩大其战略合作伙伴关系和渠道关系。

The SafeBreach BAS platform allows users to continually test and assess their security posture by delivering simulated breach methods from an extensive playbook of more than 13,000 breach behaviors. This allows companies to detect whether they have adequate controls in place, and whether those controls are correctly configured.

SafeBreach BAS平台允许用户通过从超过13,000种违规行为的广泛游戏手册中提供模拟违规方法，来持续测试和评估其安全状况。这使公司能够检测到它们是否具有适当的控件，以及这些控件是否已正确配置。

"The explosive growth of cyberattacks, combined with the increasing complexity of managing IT infrastructure, creates a pressing need for continuous attack simulation," commented Hemi Zucker, managing principal at OCV Partners. "In addition, overstretched security teams need the ability to visualize their entire attack surface, receive guidance on remediation decisions, and ultimately reduce business risk." 

OCV Partners负责人Hemi Zucker表示：“网络攻击的爆炸性增长，加上IT基础架构管理日益复杂，迫切需要进行持续的攻击模拟。” “此外，过度紧张的安全团队需要能够可视化其整个攻击面，获得有关补救决策的指导，并最终降低业务风险。”

SafeBreach, added Guy Bejerano, co-founder and CEO of SafeBreach, allows CISOs and their security teams "to improve their security stance on an ongoing basis and avoid the misconfigurations and security lapses of their existing security controls that make possible the vast majority of serious security incidents today."

SafeBreach联合创始人兼首席执行官Guy Bejerano补充说，SafeBreach允许CISO及其安全团队“不断改善其安全立场，并避免现有安全控制措施的错误配置和安全失误，从而使绝大多数严重的安全问题成为可能。今天的安全事件。”

Simply buying and installing new security controls doesn't mean they work. As a result, organizations generally have little understanding of their actual rather than targeted security posture. "Spending and hoping," Bejerano told SecurityWeek, "is not an adequate security strategy.  What is missing is a way to validate the controls on a continuous basis, so that defenders can really know if the controls are effective."

仅仅购买和安装新的安全控件并不意味着它们起作用。结果，组织通常对其实际而不是目标安全状态了解甚少。贝杰拉诺对《安全周刊》说：“花钱和希望不是一个足够的安全策略。所缺少的是一种连续验证控件的方法，这样防御者才能真正知道控件是否有效。”

The solution to the paradox of increasing breaches despite increasing security controls is not to buy yet more security controls, but to fix the misconfigurations that are letting attackers through. This is the function of SafeBreach. Most attacks use similar tactics. This means that on the one hand, attackers don't need to reinvent new approaches, but on the other hand, defenders can learn them. BAS automates the role of a red team, safely simulating the actual steps that an attacker would use to see if the company's installed controls will detect the 'intrusion'. 

解决方案尽管安全控制措施不断增强，但违反行为不断增加的悖论的解决方案不是购买更多的安全控制措施，而是解决导致攻击者通过的错误配置。这是SafeBreach的功能。大多数攻击使用类似的策略。这意味着，一方面，攻击者无需重新发明新的方法，但另一方面，防御者可以学习它们。BAS自动执行红队的角色，安全地模拟攻击者将用来查看公司安装的控件是否会检测到“入侵”的实际步骤。

SafeBreach also collects and correlates the data from the controls being used, so that it knows what the controls actually see. It knows which, if any, security product detects the simulation, and provides a map of the security posture. "Over the past year," added Bejerano, we've also added the ability to mitigate any failed detections. The SafeBreach BAS no longer just helps the customer to understand its security posture, but helps it to improve the posture in an automated fashion. We take the gaps we find and loop them back into the security controls in order to improve and refine the configuration so that the same behaviors will no longer be available to a real attacker."

SafeBreach还从正在使用的控件中收集并关联数据，以便它知道控件实际看到的内容。它知道哪个安全产品（如果有）检测到模拟，并提供安全态势图。Bejerano补充说：“过去一年，我们还增加了缓解所有失败检测的能力。SafeBreach BAS不仅可以帮助客户了解其安全状况，还可以帮助其以自动化方式改善安全状况。我们利用发现的漏洞并将其循环回到安全控件中，以改善和完善配置，以使真正的攻击者无法再使用相同的行为。”

Another recent enhancement has been the ability to reach out to remote devices and check their security posture -- a capability that has become particularly relevant to the current COVID-19 pandemic and the increase in working from home. 

最近的另一项增强是能够连接到远程设备并检查其安全状态的能力，该功能与当前的COVID-19大流行以及在家工作的增加特别相关。

The playbooks used by SafeBreach in its simulated attacks are continually enhanced and expanded as new hacker methodologies are discovered. So, for example, "when the COVID-19 phishing and malware attacks became known," said Bejerano, "we added simulations to our playbooks within six hours." New threats are found from multiple sources, but the firm also has its own https://www.securityweek.com/new-ransomware-process-leverages-native-win... resource">SafeBreach that constantly looks for and evaluates possible attack scenarios. "During 2019," he added, "this team discovered 23 zero-days."

随着发现新的黑客方法，SafeBreach在其模拟攻击中使用的剧本不断得到增强和扩展。因此，例如，“当COVID-19网络钓鱼和恶意软件攻击已知时，”贝杰拉诺说，“我们在六个小时内将模拟添加到了游戏本中。”从多个来源发现了新的威胁，但该公司也拥有自己的https：//www.securityweek.com/new-ransomware-process-leverages-native-win ... resource“> SafeBreach，它会不断寻找并评估可能的威胁他补充说：“在2019年期间，该团队发现了23个零日。”

SafeBreach was founded by Guy Bejerano and Itzik Kotler (CTO) in 2014. It raised $15 million in a Series A funding round in July 2016, and a further $15 million in a Series B round in May 2018.

SafeBreach由Guy Bejerano和Itzik Kotler（CTO）于2014年成立。它在2016年7月的A轮融资中筹集了1500万美元，在2018年5月的B轮融资中又筹集了1500万美元。

网安团队找钱 / 投资人找网安项目

+微信 junshao

—— 全球网安投融事件 TimeLine ——

2020年4月

2020年3月

2020年2月

2019年12月

2019年11月

【反欺诈】Cheq：获融$16M 广告反欺诈

【威胁情报】InSights：获融$30M 数据库

【密码管理】1Password：获融$200M

2019年10月

【整体并购】九州云腾：阿里云全资收购 身份认证

【业务安全】Duality：获融$16M 隐私与数字IP保护

【云安全】LOKI：获SWG投资 SD-WAN

【身份认证】IDnow：获融€36M AI驱动身份认证

【数据安全】VGS：获高盛$35M 0数据

【威胁情报】CYFIRMA：获融$5M从Antuit剥离

【工业网安】天地和兴：获融近￥2亿

【车联网】Upstream：获融$30M

【风险控制】维择科技：获融$数千万 AI驱动风控

【流量分析】Corelight：获融$50M

【威胁情报】Flashpoint：获融$34M

【工业网安】长扬科技：获融近￥亿元 工业网安

【智能安防】MyGate:获融$50M 智能安保系统

【身份认证】Hypr：获融$18.3M 免密登录

【整体并购】长亭科技：官宣拟被阿里云全资收购

【二级市场】南洋股份：拟斥资￥1000万 设立成都天融信

【整体并购】Carbon Black：被VMware收购 强化网安能力

【工业网安】SparkCognition：获融$100M AI驱动安全

【二级市场】奇安信：完成￥15亿Pre-IPO轮融资

2019年9月

【二级市场】山石网科：9月30日 科创板IPO

【反欺诈】Verafin：获融$515M 金融犯罪防控

【安全检测】Cycode：获融$4.6M 代码检测

【安全保险】Arceo.ai：获融$37M 助力网安保险

【物联网】Crypto：获融$8M 物联网安全

2019年8月

【终端安全】网思科平：获琥珀投资 加码EDR

【身份认证】Yubico：获融$25M 身份认证与加密硬件

【终端安全】CrowdStrike：设立$20M基金 布局平台应用

【安全管理】Remediant：获融$15M 特权访问管理

【反欺诈】Cofense：获BlackRock投资 加码防钓鱼平台

【整体并购】PageSeal：被PerimeterX并购 强化终端威胁防护

【整体并购】Veriflow：被VMware并购 强化网络维护

【数据安全】Kasten：获融$14M 数据备份与恢复

【身份认证】AU10TIX：获融$60M 云身份认证

【云安全 】CloudCheckr：获融$15M 多云管理平台

【数据安全 】Clumio：获融$51M 云灾备

2019年7月

2019年6月

2019年5月

【IoT】智普信：获融￥过亿 物联网安全

2019年4月