Hot on the heels of raising $102 million this 12 months, Crowd of bugs is making good on its promise to use some of those funds for acquisitions to strengthen its security elements. The company, which attracts skills from greater than half a million hackers to find and fix security and other operational vulnerabilities in enterprise networks and applications, has acquired Informantattack surface management (ASM) assessment and maintenance specialist.
ASM, which is currently a key aspect of security technology performance, requires the use of assorted techniques to constantly monitor potential attack vectors in an organization’s IT environment.
The terms of the transaction are not disclosed. But Informer was fully launched, which meant profit. This is also Bugcrowd’s first-ever acquisition.
Informer is based in the UK and that is where most of its customers appear to be. These include corporations like Brandwatch and (satirically, considering it has never raised money) enterprise firm InMotion.
As a part of the deal, Bugcrowd will hire Informer’s technology, customers and entire staff, including CEO and founder Marios Kyriacou, who himself began way back as a white hat hacker, and will later develop into Bugcrowd’s chief product officer.
Bugcrowd said the goal of shopping for the company is to have more of the technologies it commonly uses inside its own stack.
“Bringing external attack surface management directly into the Bugcrowd portfolio was a no-brainer,” CEO Dave Gerry – pictured above right – said in an interview.
“So far, we’ve been using ASM technology partners, and then we’ve also been offering something called ‘attack reconnaissance,’ which is basically where hackers use ASM to then be able to say, ‘Hey, I would he did this way.” enter.’ This was an necessary piece of technology for us that we wanted to have on the platform. Because one of the things we hear over and once more from customers is that they still don’t understand their perimeter partitions. Even in 2024.”
Indeed, ASM is quite a hot area in the security world at once. In short, the migration of many services, architectures and data to the cloud, in addition to the explosion of distant work, have enabled organizations to develop into much more agile. But it also created a minefield for security operations teams.
Many IT professionals and even security teams don’t have a complete picture of which company assets are actively getting used and which are inactive, and as more services, employees, devices and data are added over time, the more sensitive the lack of visibility becomes . Not having a complete picture of the problem often means corporations cannot secure all the pieces either. (This may mean that corporations are inadvertently creating security vulnerabilities through overlapping services, data, and resources.)
There are many startups that have raised significant rounds of funding and invested in large R&D budgets to help solve this problem. Previously, Bugcrowd could say it was working with best-in-class partners on this technology, but having an in-house team means it will probably now develop its own products (and have higher margins) in this area.
Bugcrowd is backed by corporations corresponding to General Catalyst and has raised $180 million to date. It doesn’t reveal pricing, but as a point of reference one of its closer competitors, HackerOnewas valued at over $800 million in 2022.
At a time when we are seeing many security startups once require huge valuations to be pushed down by investors and the market – these valuations were often too high and based on sales projections that simply didn’t materialize – Bugcrowd is positioning itself as a potential consolidator .
Gerry said this deal marks the starting of “what we hope will be a rapid pipeline of opportunities for us.” He and founder/chief strategy officer Casey Ellis say they are approached “all the time” by corporations looking to sell before they have to close.
..