Hadrian, a hacker-led cybersecurity startup that offers an event-based, offensive security platform in a SaaS model, has closed an unsolicited €10 million seed round led by HV Capital, with participation from Picus Capital, Slimmer AI and angels including Adriaan Mol, Koen Köppen and Niklas Hellman. This round of fundraising will be used to drive scale by onboarding new hacker, development, and sales talent, consolidating European markets, and preparing for expansion into the US.
As companies’ online attack surfaces become larger and more decentralized, they become harder for defensive security teams to monitor and protect. Part of the challenge is that IT infrastructure is increasingly complex; ESG reports that 30% – 40% of a company’s attack surface is unknown to the IT professionals tasked with protecting it. The rapid growth of IoT, cloud-sharing technology, APIs and work-from-home solutions in response to pandemic demand has compounded the issue.
The nature of cyber attacks is also changing as cyber criminals are automating their attacks to target thousands of companies at the same time. As a result, they are becoming less discriminating in their search for weaknesses, rendering any organization vulnerable to attack. Meanwhile, businesses are constrained by the severe shortage of suitably-trained staff, with only 700,000 security professionals entering a global industry with 2.7 million infosecurity vacancies in 2021, according to cybersecurity professional organization (ISC). Existing defense solutions often multiply the problem by scanning too broadly, picking up false positives that swamp CISOs, and not emphasizing real threats, leaving security teams with mountainous data streams but no clear priorities.
Hadrian takes a unique, more efficient approach and has already landed several key customers in financial services, industrials, and property management. Conventional pen testing is time- and labor-intensive, and tends to focus on the areas that companies already believe to be vulnerable. Hadrian’s holistic platform scans the entire attack surface – automatically and continuously – exposing unknown weaknesses throughout a company’s digital infrastructure.
The outside-in perspective allows Hadrian to identify and prioritize the most dangerous threats, which are then placed in workflow processes for agents’ attention based on the severity of the danger. Cross-asset tests also enable a vulnerability or insight revealed in one asset to trigger a test in another asset; for example, a list of credentials discovered on the darkweb triggers an additional test on a previously discovered internet-facing database.
This unique, event-based mechanism sets Hadrian apart from competitor technologies that test for weaknesses but are limited in the extent to which they allow for different events to interact with each other. The modular nature of Hadrian technology combines ML and AI-modules to more accurately mimic a hacker’s creativity. The SaaS platform is able to scan billions of assets daily to create near-real time insights on digital threats and attack vectors. Hadrian’s data stream includes clear defense priorities, and it integrates easily into existing CISO’s workflow tech stacks. The solution is agentless and works from the outside, which makes onboarding almost instantaneous.