With growing pressure and lack of talent, most security teams in 2022 are trying to do more with less. Cyber threats continue to grow, evolve, and grow in complexity. Meanwhile, job tracker Cyber Seek estimates that there are approximately 460,000 openings in cybersecurity in the US alone.
This mismatch between supply and demand for cybersecurity professionals means that many companies are primarily focused on playing defense — and less emphasis on active activities such as penetration testing, red/blue/purple teaming, and threat hunting.
But as it turns out, much of what proactive security professionals spend their time on is not directly related to improving their company’s security posture. Most of their week is actually spent on mundane, routine tasks — like gathering data and writing reports, says Dan DeCloss, founder and CEO of PlexTrac.
And most of that work can be automated — which is what PlexTrac seeks to do with its software to improve the efficiency of active security teams. The PlexTrac platform collects data from proactive security tools in a central repository, automates the workflows involved in writing reports, and ultimately saves these teams an average. that’s 30% of their time, according to the company.
The result, DeCloss told VentureBeat, is companies are expanding their proactive security audits — and thus improving their security posture. “Instead of just ad hoc assessments, or point-in-time assessments that are once a year, we help people do it consistently,” he said.
And there’s another big benefit, as well: Because the platform can aggregate so much security data, “you get a better picture of what your biggest issues are and what you should prioritize. , ”DeCloss said.
Today, PlexTrac announced that it has raised a $ 70 million series B funding round to further develop a proactive security management platform and expand its market growth. The round was led by Insight Partners, with additional support from Madrona Venture Group, Noro-Moseley Partners, and StageDotO Ventures.
The funding follows PlexTrac’s growth in 2021, which saw recurring revenue expand 3X and the number of its customers grow 200%, the company said. PlexTrac reports that it already has more than 160 customers in total, including eight Fortune 100 companies.
Among PlexTrac’s well-known customers is cybersecurity firm Mandiant, which uses the platform with its teams — although its penetration testing team has the largest adoption, DeCloss said. PlexTrac has improved the reporting process around assessments for Mandiant, allowing the company to deliver “better reports in less time,” said Evan Pena, managing director for global red team at Mandiant, in a quote provided by PlexTrac.
Other customers include three of the four largest accounting firms, four large insurers in the U.S., two major payment platforms, and two large asset managers, according to PlexTrac. Additional named customers include security consultants such as Herjavec Group, MegaplanIT, and Asylas Security.
The PlexTrac platform has approximately 20 integrations, bringing data from tools such as vulnerability scanners, breach and attack simulation tools, and penetration testing platforms as a service.
The platform then collects all customer data from those tools in one place — displaying the various campaigns the customer is running in one centralized dashboard.
This speeds up the amount of time it takes to get that data to a single place, while the software also normalizes the data to provide a view on “what your top issues are,” DeCloss says. The dashboard displays other important information such as who is assigned to fix the issues and how long they have been open as well.
Then, when it comes to remediation of the issues found, that part of the process can also be facilitated and monitored on the platform, DeCloss said.
“We save a lot of time with people because PlexTrac serves as the central storage for all issues and risks,” he said. “They don’t have to track that all the time from different systems or different teams.”
Additionally, PlexTrac integrates with Jira and ServiceNow ticketing systems so users don’t have to switch between tools.
In terms of writing the report itself, PlexTrac provides a repository for reusable content that is easy to use in the report — eliminating copying and pasting into Word and Excel documents, DeCloss says.
In its series B funding round, PlexTrac has now raised $ 82 million since DeCloss began focusing full-time on the company in 2019 (he says he originally started writing code in 2016).
Prior to PlexTrac, DeCloss worked as a penetration tester at Veracode, Mayo Clinic, and Anthem. He then worked at Scentsy as director of IT security from 2016 until going full-time at PlexTrac in March 2019.
The Boise, Idaho-based company currently has 85 employees, and aims to end the year with a headcount of approximately 160.
Plans for the forward product include adding the ability to schedule proactive security tests and campaigns for third-party tools right within PlexTrac, along with integration with threat intelligence feeds to further further enhance the prioritization of issues, DeCloss said.
Overall, PlexTrac does more than just improve the security posture and the efficiency of the security teams, he said.
“When they don’t have to focus on worldly tasks, they just have better morale throughout their team,” DeCloss said.
The mission of VentureBeat has become a digital town square for technical decision makers to gain knowledge about transformative enterprise technology and transactions. Learn more