Meet Bastion, a French startup that was created in October 2022 to help small companies tackle cybersecurity risks without too many complexities. Created by former Palantir employees, the company has already raised $2.8 million.
What makes Bastion different from other cybersecurity startups is that it wants to be your first and last cybersecurity subscription. It bundles several different products that all revolve around cybersecurity risks with a software-as-a-service approach.
Frst, Global Founders Capital, Kima Ventures and Motier Ventures invested in the company, as well as several business angels, such as Denis Duverne, Joshua Motta, Renaud Deraison and Gaëlle Olivier.
At Palantir, the four co-founders (Arnaud Fournier, Arnaud Drizard, Sébastien Duc and Robin Costé) were already working on cybersecurity in one way or another. Some of them were part of a small team in charge of cybersecurity excluding governments and public administrations. One of them was in charge of anti-fraud offerings for big banks and insurance companies.
“Companies we talk with tell us: ‘We have an insurance broker, an accountant, why would we have multiple cybersecurity products?’” co-founder and CEO Arnaud Fournier told me.
When you want to lock your bike in a big city, you can either use three different locks to make sure the wheels are properly secured and the bike itself is attached to a pole — this way, you can be near 100% sure that your bike won’t get stolen.
Or you can buy a proper U-lock to make sure that it is more securely attached than most bikes. And this is Bastion.
Essentially, Bastion’s ideal customer just wants to make sure that their company is safe and there isn’t a big vulnerability that could end up creating a big mess down the road.
Right now, Bastion has four different modules. First, the startup runs phishing simulation tests because many security issues come from employees handing out credentials. With this training module, Bastion competes with Riot.
Second, Bastion scans your infrastructure and web applications to make sure that your attack surface is as small as possible. The company hands you a list of fixes to improve your configuration.
Third, Bastion scans and protects endpoints, such as employee laptops. “We provide an EDR solution, which is a sort of improved antivirus tool with a team that looks at what’s happening in real time,” Fournier said. EDR stands for ‘endpoint detection and response.’ For this product, Bastion partners with a white-label EDR provider.
And finally, Bastion wants to help companies monitor incoming emails with its fourth module. Right now, clients can forward suspicious emails so that they know for sure whether it’s a legit email or not. At some point, the startup also wants to help you set up filters on incoming emails so that they never even appear in your employees’ inboxes.
“For some of these products, we found that existing products on the markets were very expensive for what they offered. We leverage open-source building blocks or we re-build 80% of what’s needed,” Fournier said.
Bastion offers the entire suite for around €10 per employee per month. This isn’t cheap, but some companies can choose to subscribe to a portion of what Bastion has to offer.
Interestingly, the company doesn’t plan to sell its product directly to small companies. Instead, the company partners with outsourced security service providers, banks, insurance companies and more.
In the coming months, Bastion plans to build a network of partners that are already helping small and medium businesses and that can also start selling Bastion to their own customers. And, of course, there will also be new features and product improvements.