After raising $102 million earlier this year, bugcrowd is making good on its promise to use some of that funding to make acquisitions to bolster its safety cigarettes. The company — which pools the skills of more than half a million hackers to find and fix security vulnerabilities and other functional gaps in companies’ networks and applications — has acquired Informerattack surface management (ASM) assessment and sustainment specialist;
ASM, which is a critical aspect of how security technology works today, involves using a variety of techniques to continuously monitor potential attack vectors in an organization’s IT environment.
Terms of the deal were not disclosed. But Informer was completely closed, so profitable. This is also Bugcrowd’s first acquisition.
Informer is based in the UK and it seems, for the most part, that’s where their customers are as well. They include companies like Brandwatch and (ironically, given that it never raised money) venture capital firm InMotion.
The deal will see Bugcrowd bring Informer’s technology, customers and entire staff, including CEO and founder Marios Kyriakos, who started out as a white-hat hacker a long time ago and will become product manager for Bugcrowd.
Bugcrowd said its goal in buying the company is to have more of the technology it regularly uses as part of its own stack.
“It was a bit of a joke, bringing external attack surface management directly into the Bugcrowd portfolio,” CEO Dave Gerry – pictured above at right – said in an interview.
“We’ve leveraged various partners on ASM technology up to this point, and then we’re offering what we call ‘attack recognition,’ which basically means we’re basically getting hackers to leverage ASM so they can then say, ‘Hey, this is how I wanted you to come in.’ This for us was an important piece of technology that we wanted to have on the platform. Because one of the things we hear all the time from customers is that they still don’t understand their perimeter walls. Even in 2024”.
Indeed, ASM is a pretty hot area in the security world right now. In short, the migration of many services, architecture and data to the cloud, plus the explosion of remote work, has enabled organizations to be much more flexible. But it has also created a minefield for security operations teams.
Many IT people, even security teams, don’t have a complete view of what corporate assets are in use or down, and the more services, employees, devices and data are added over time, the more thorny this lack of visibility becomes. Not having a complete picture of the problem usually means that companies can’t secure everything either. (And that can mean, inadvertently, companies end up creating vulnerabilities because of how services, data, and assets overlap with each other.)
There are several startups that have raised significant rounds of funding and invested large R&D budgets to help solve this problem. Previously, Bugcrowd could have said it was working with the best partners for this technology, but having an in-house team will mean it can now develop its own products (and have bigger margins) in this area.
Bugcrowd is backed by the likes of General Catalyst and has raised $180 million to date. It does not disclose valuation, but as a benchmark one of its closest competitors, HackerOnevalued at over $800 million in 2022.
At a time when we’re seeing a number of security startups that once commanded massive valuations get whittled down by investors and the market — those valuations were often too high and based on sales projections that simply didn’t materialize — Bugcrowd is positioning itself as a would-be unifier.
This deal, Gerry said, comes as the start of “what we hope will be a rapid succession of opportunities for us.” He and founder/chief strategy officer Casey Ellis say they are approached “all the time” by companies they hope to sell before they are forced to fold.
This report has been updated to correct the new job title of Informer CEO and founder Marios Kyriakos at Bugcrowd. Casey Ellis’ title was also initially misreported. Sorry for the mistakes.
