Attack surface management startup CyCognito raises $100M Series C on $800M valuation

As companies look for ways to prevent cyber attacks, one strategy is to be proactive and find vulnerabilities that could lead to a breach in an approach called “attack surface management.” A number of companies have taken this approach, and one, CyCognito, announced a $100 million Series C today on an $800 million valuation.

The Westly Group led the round with participation from new investors Thomvest Ventures and The Heritage Group along with existing investors Accel, Lightspeed Venture Partners, Sorenson Ventures and UpWest. Today’s investment brings the total raised since inception to $153 million, according to the company.

Like any attack surface management company, CyCognito is looking at the range of assets a company has and looking for gaps in security, but CEO and co-founder Rob Gurzeev claims that the comprehensiveness of his company’s approach is what differentiates it from the pack.

“We are leveraging machine learning-based, attack surface management to understand what’s out there. And we’re the first company to automate security testing at the scale of millions of assets,” he said.

Gurzeev says that using this approach, the company has grown revenue over 400x in the last year, although he didn’t get specific about the revenue number.  Neither did he want to discuss specific customer numbers, but he did say they had dozens of Fortune 500 customers including Colgate-Palmolive, Scientific Games and Tesco.

As for employees, the startup began the year with 85 and is expected to finish up with more than 140 with the goal of reaching around 230 by the end of 2022.

Gurzeev says that diversity is essential in the security business, and he is working to build a diverse team. “We strongly believe that our customers’ adversaries, and the general challenge in this space is very diverse, and also building a company is a very diverse and multifaceted challenge. So we strongly believe that diversity in a deep sense is [extremely] important in terms of backgrounds, experience, gender, political perspective and other elements,” he said.

So far that has translated into about one third of the engineering team being women and several executive-level posts being held by women, he said, and that helps attract other women to the company. What’s more, these women are participating in efforts to bring more women and other underrepresented groups into security, which in turn builds a bigger pool of potentially diverse employees.

Gurzeev says that companies have looked into buying his company at various points, but he and his co-founders have rebuffed these attempts to this point, believing they have the potential to build a substantial stand-alone company.

“There have been inbound inquiries from very relevant acquirers and smart companies and we decided strategically that we’re not looking into it because we believe we have [a substantial] opportunity and we should be the ones that are trying to build [this into] a significant company.”