Today’s official headline is that we have raised $70 million in our Series C funding round.
Of course, this is a major milestone for Balbix. Normally, I would be expected to list the stellar list of firms participating in this oversubscribed round, talk about hypergrowth in our ARR in 2021. I would probably enumerate our impressive list of reference customers, and mention that this funding will be invested in building out our go-to-market. Finally, I would ask you to take a look at our careers page, review our cultural values and consider joining our rocketship startup. My CMO’s expectation would be that you will like this post, and hope that some of you might add a nice comment.
This post is about none of those things. Instead, I want to share why my Balbix colleagues and I are so unhappy about cybersecurity.
Beneath all the hype and complexities, here is a 2-point summary of the state of enterprise cybersecurity today:
- Boards and executives are frustrated
- Security teams are exhausted
Gazillions of dollars have been poured into cybersecurity budgets, dozens of tools have been deployed, but no one feels safer, or confident that tomorrow will be any better.
It’s not hard to see why. The size and complexity of the enterprise attack surface has exploded. In spite of mountains of data output by the multitude of tools, organizations lack accurate asset inventory and cyber defenders don’t know all of what they are responsible for protecting. Cybersecurity folks constantly worry about unseen risks and vulnerabilities. New security issues appear faster than we can fix them. Our teams are constantly chasing low impact items.
And of course, technical and operational stakeholders speak different languages and don’t share the same understanding on the level of cyber risk. Operational people report technical metrics, which are usually opaque and meaningless to senior executives and the board. Sound cybersecurity decision-making is impossible.
This feels like a weird, unhappy and losing game.
Rethinking cybersecurity
Balbix’s mission is to do something about this situation. Ultimately, in cybersecurity, the one thing that determines success is the time it takes your organization to contain a new risk event. This is your security program’s mean time to respond to an indicator of risk, which could be a newly discovered vulnerability, evidence of an ongoing attack or an indicator of compromise. Every second that you spend not acting to mitigate such indicators of risk is a window of opportunity for the adversary.
Your cybersecurity posture program consists of many activities, tasks and linked workflows, all of which are fraught with challenges, inefficiencies and roadblocks – hurdles that slow you down. The Balbix platform provides unified asset inventory, continuous vulnerability analysis and prioritization, and cyber risk quantification while supporting automated dispatch, mitigation and verification of vulnerabilities.
Automating cybersecurity is a data science problem. Ultimately, we are looking at making speedy decisions by analyzing large amounts of cybersecurity telemetry data – thousands of application versions across tens or even hundreds of thousands of assets. This is not easy. Indeed, some of you might be trying to build this capability in-house. You need AI/ML models for dealing with incomplete, inconsistent, sometimes contradictory data across 100s of dimensions. At Balbix, we have spent an enormous amount of effort building 100s of models that address specific challenges in converting mountains of cybersecurity data into actionable insights. Our customers report that their security teams are 10x more efficient with Balbix and that has helped them reduce breach risk by 95% or more.
In order to win in cybersecurity, this is the game we need to play to win: intelligent automation of the containment of risk. There is no other way…
Back to our funding round, and the future of cybersecurity
This $70M funding round positions Balbix to double down on people and technology that will define the future of cybersecurity – cybersecurity posture automation. We will continue to innovate to meet market needs around accurate asset inventory including software bill of materials (SBOM), enterprise vulnerability prioritization, maximally automatic mitigation and cyber risk quantification.
And at the speed we’re advancing, how we manage cybersecurity posture and cyber risk today won’t look anything like how we do this in the months and years ahead. Cybersecurity posture automation opens up a new world of self defending, highly resilient enterprise networks where attacks are limited in both time and space. One thing is certain: my Balbix colleagues and I will strive to make moving to this brave new world a great experience for our customers.
It’s easy to get started with the process of automating your cybersecurity posture. Please contact Balbix and we’ll get you on your way! Is now not a good time?