Thanks to an uncertain economy, cybersecurity budgets are in a tight spot.
According to 2023 overview by IANS and recruitment firm Artico Search, more than a third of chief information security officers (CISOs) have kept their security spending the same — or slightly reduced — in 2023. report from PwC suggests that one in five organizations will see their cybersecurity budgets stagnate or even shrink this year.
So what’s a CISO to do? Well, if you ask Gareth Hamilton, they should deliver Approach security a vortex.
Reach is the brainchild of Hamilton, a startup he co-founded with Colt Blackmore in 2021. It’s technically a cybersecurity platform — but not a conventional one.
Rather than serving as yet another layer in a company’s cyber security stack, Reach is connected to a company existing IT and security products, collecting data on attacks and recommending ways to combat them using security tools the company already has.
“The average security team is using less than 20% of what they have and struggling to secure their organization as a direct result,” Hamilton told TechCrunch in an interview. “Every other company in our industry will say you need another one security mousetrap to solve this problem. They are wrong.”
Prior to Reach, Hamilton worked at Palo Alto Networks, where he was director of product management. Blackmore led data science efforts at cybersecurity firm Proofpoint and, prior to that, was a technical lead at Palo Alto.
Hamilton says he and Blackmore designed Reach to take away some key business security decisions. Organizations feel like they’re “running in place,” as Hamilton sees it — buying security tools and putting in the work to make them work, but often not seeing the results.
The spread is real. ONE overview by security posture management vendor Panaseer found that organizations manage an average of 64 to 76 security tools (as of 2022). According to the same survey, only a third said they were “very confident” in their ability to demonstrate that their security controls were working as they should.
Perhaps this is not surprising Many CISOs feel like their cybersecurity budget is being wasted — and that even with countless defensive and offensive tools, it takes days to weeks to detect threats.
“It’s becoming increasingly important for security teams to optimize the tools they already have based on the attacks they’re actually facing,” Hamilton said. “Vendors should meet the customer where they are to prove their value, and customers should focus on running what they’ve developed effectively before considering another tool or platform.”
The Reach Security central control panel. Image Credits: Approach security
To that end, Reach attempts to identify attackers, their goals, what they have access to, and how their attacks work — and to suggest options available to end attacks through a company’s registered products. Also automatically access the security tool configurations you will try to make them prevent attacks, prioritizing actions based on how the attacks are carried out.
“Reach assesses an organization’s security posture beyond best practices and compliance frameworks,” said Hamilton. “It also tailors security audit recommendations and assessments based on each customer’s unique threat profile and solves the ‘last mile’ problem by enabling operators to deploy changes directly from Reach.”
Companies — and investors — find this case attractive.
Hamilton says “dozens” of organizations have developed Reach’s tools, including Autodesk. And Reach recently closed a $20 million funding round led by Ballistic Ventures with participation from Artisanal Ventures, Ridge Ventures, Webb Investment Network, Tech Operators and former Palo Alto Networks CEO Mark McLaughlin.
Here’s Geoff Belknap, LinkedIn’s CISO, on it:
Reach Security solves the “too many tools, not enough people” problem not by asking you to buy yet another tool, but by realistically attacking the problem with a product that focuses on making sure you get the most out of what you already have. It’s definitely worth a look if you’re one of those security leaders who has all the people and budget they could ever want. However, for the 99.999% of us who want to get more out of the tool investments we’ve already made and are improving at showing our board and executives a steady or even increasing return on those investments: Something we should actively consider.
That Reach managed to secure a sizable tranche of funding is all the more impressive considering the ongoing downturn the cybersecurity industry is experiencing.
According at DataTribe, a startup incubator, saw a 37% drop in completed cybersecurity financing deals from Q4 2022 to Q4 2023. Series A valuations took a huge hit, with average pre-money valuations to fall from a five-year high of $73.45 million to $29.5 million.
“The broader slowdown in technology has enhanced the value that Reach provides,” he added. “Reach addresses a universal need and is positioned for growth in an area where the demand for use exists security controls more essentially scaling… While this new capital increased in scale [up] across the business, we will continue to take a disciplined approach that scrutinizes spending against the results achieved.”
