Paris-based cybersecurity startup Filigran is capitalizing on the success of OpenCTI to build a suite of open source threat management products.
That’s why the company recently raised €15 million (around $16 million at today’s exchange rate) in a funding round led by Accel with existing investors Moonfire Ventures and Motier Ventures also participating.
Filigran’s first product is OpenCTI. It’s a threat intelligence platform that lets you gather threat data from multiple sources in a single interface. Thanks to its modular approach, customers can use connectors to import and enrich data from various sources, including threat intel data providers such as CrowdStrike, SentinelOne or Sekoia. In that sense, OpenCTI is a bring-your-own-data product.
After that, cybersecurity teams can explore the dataset in a structured way. OpenCTI supports relationships between entities, which adds some much needed context when investigating a threat. The platform also offers different ways to visualize your data.
In other words, it has become an important tool for cybersecurity teams that manage incidents every day and that can be used as an alternative to ThreatQuotient, Anomali or EclecticIQ.
“This software product is designed to give you an overview of your entire threat environment. More importantly, it’s not limited to technical or non-technical elements. It’s really a consolidated view of your threat environment, from the most technical and low-level elements to the most strategic ones,” co-founder and CEO Samuel Hassine told me.
“So you’ll find information that will help you get better at threat detection of course — improve your response to security incidents — but also improve your risk analysis as a CISO.”
From an open source side project to 40 employees
Hassine and his co-founder Julien Richard first started working on OpenCTI several years ago, well before the inception of Filigran. Hassine spent several years working for France’s ANSSI cybersecurity agency and then Tanium, while Richard spent several years leading engineering teams working on data-driven products.
At first, OpenCTI was just a side project. But the duo decided to build a startup around this product. In addition to amassing more than 4,000 stars on GitHub and 10 million downloads for the open source edition of OpenCTI, Filigran already has more than 100 paid customers, including Marriott, Thales, Airbus, but also the FBI, the European Commission and the Dutch police.
These customers pay for the enterprise edition of OpenCTI, which can be used as a hosted software-as-a-service product or on-premise with an enterprise license. Now Filigran wants to follow CrowdStrike’s or Palo Alto’s examples and build a portfolio of cybersecurity products.
Filigran’s second product is OpenBAS, an attack simulation platform that was previously called OpenEX. OpenBAS can be used to create exercise scenarios across several communication channels, such as emails and text messages. Everything is then logged in OpenBAS so that you can review the goals and how the company performed against these goals.
OpenBAS can be used as a stand-alone product, but it works better if you’re already using OpenCTI, as it can use its threat intelligence data. There will be another two products in Filigran’s eXtended Threat Management (XTM) product suite that focus on data-driven risk analysis and crisis management.
Image Credits: Filigran
“The vision that Julien and I have for the XTM Suite is a suite with four products that interact with each other so that they become more useful. You can use each one separately, but when you use the whole suite, it creates a lot of value,” Hassine said.
Right now, there are 40 people working for Filigran. The company plans to create a team in the U.S. and grow to 70 employees by the end of the year.