Technology

Horizon3 secures $40M to expand its pen testing platform

Cybersecurity funding is falling after enjoying impressive heights in the last few years. According to Crunchbase, VC financing for security declined to just over $1.6 billion in Q2 2023, marking a 63% drop compared to the same quarter last year — when startups landed nearly $4.3 billion.

But that’s not to suggest deals have dried up entirely.

Enter Horizon3, a startup providing a platform designed to improve the effectiveness of organizations’ cybersecurity solutions. Horizon3 today announced that it raised $40 million in a Series C round led by Craft Ventures with participation from Signal Fire and Okta Ventures. Bringing the company’s total raised to $78.5 million, the round will be put toward R&D, expanding Horizon’s channel presence and growing its team of engineers, CEO Snehal Antani says.

Horizon3 was founded in 2019 by a team of former U.S. Special Ops cyber operators, entrepreneurs and cybersecurity practitioners including Antani. Previously, Antani was the CTO at Splunk and a team leader within the U.S. Military’s Joint Special Operations Command, which studies special operations requirements and techniques.

According to Antani, Horizon3’s founding team sought to build a solution that could solve the common security problems faced by enterprise organizations, namely the ineffective security tools, false positives and lead times in hiring consultants for security assessments and manual testing.

“Our thesis is using the attacker’s perspective to cut through the noise and help organizations find and fix exploitable attack vectors,” Antani told TechCrunch in an email interview. “We deliver this by enabling continuous, autonomous testing and other operations to identify proven attack paths and weaknesses in our users’ networks. We aim to deliver the best-in-class autonomous security risk management platform that provides accurate risk insights and actionable recommendations for technical users, decision-makers and auditors.”

Horizon3’s software attempts to continuously find, fix and verify exploitable attack surfaces by revealing attack paths, showing how possible weaknesses might impact the organization, prioritize and detail fixes teams should make and verify that those fixes are effective.

The platform has hundreds of exploit modules that can find and “safely” exploit specific weaknesses in networks, Antani explained. IT teams can use these modules to proactively fix security issues within their infrastructure, while security teams can tap them to tune third-party security tools, assess software supply chain risks and gain strategic insights.

The platform — a self-service software-as-a-service solution in the truest sense — requires no additional hardware or software to maintain.

“On its own, Horizon3 pivots through a user’s network, chaining weaknesses together just as an attacker would — and then safely exploits them,” he added. “The platform uncovers blind spots in organizations’ security posture that go beyond known exploits and patchable vulnerabilities, such as easily compromised credentials, exposed data, misconfigurations, poor security controls and weak policies. Weaknesses are prioritized based on their impact to the organization so users know immediately what they should fix first — and guidance on how to do it most efficiently.”

Horizon3 competes against Strike Security, Cobalt.io and HackerOne among others in a penetration testing tool market that could be worth as much as $2.7 billion in 2027, according to Markets and Markets.

Antani asserts that Horizon3 has seen great uptake, though, with a customer base that recently eclipsed 300 organizations, including several government agencies. He anticipates that as more regulatory actions take place and new security guidelines and recommendations that support autonomous penetration testing approach, the demand for Horizon3’s solutions will grow.

“Since the cyber threat landscape continues to expand, so will Horizon3’s revenue and customer base grow as well,” Antani said. “Organizations are beginning to reconsider legacy approaches to security assessments and
penetration testing, and instead, are adopting autonomous pentesting at a considerable rate.”

Leave a Reply

Your email address will not be published. Required fields are marked *