Artificial Intelligence & Machine Learning , Governance & Risk Management , IT Risk Management
Safe Security Raises $50M to Bring ML to Risk Quantification
Generative AI Can Help Nontechnical Executives Better Understand Security PostureA cyber risk quantification startup backed by ex-Cisco CEO John Chambers has raised $50 million to apply machine-learning technology and build more API adapters.
See Also: Report: The State of Cloud Data Security 2023
The Silicon Valley-based company said the Series B funding will allow Safe Security to capitalize on generative artificial intelligence to help nontechnical leaders better understand their organizations security postures, said co-founder and CEO Saket Modi. Safe Security also plans to use the Sorensen Capital-led round to create a user experience that's comparable to consumer technology, Modi said.
"I think the whole problem of cybersecurity risk quantification and management is so fundamentally flawed," Modi said. "We would like to go ahead and really solve that and narrow that space and become the absolute No. 1 player."
Modi founded the company in 2012 during his final year of engineering school in India, hauled in $5 million of Series A funding from Chambers in 2017 and changed the company's name from Lucideus to Safe Security in February 2021 (see: Fortinet, VMware, Cisco Drive SD-WAN Gartner Magic Quadrant)
Putting Security Principles in Plain English
Embedding machine learning and generative AI into Safe Security's risk management platform will make the underlying information easier for nontechnical users to consume, Modi said. Once this happens, Safe Security's app will be able to answer questions in plain English about key areas of concern from a security perspective and how an organization's security posture compares to its peers.
Safe Security today relies on API signals from roughly 50 cyber vendors to determine an organization's real-time security posture as well as what actions they should take to bolster their protection, he said. By adding more integrations in the operational technology space, such as Claroty or Nozomi Networks, Safe Security will be better positioned to help manufacturing firms with risk quantification, Modi said.
"We would like to become the ERP of cybersecurity," Modi said. "What an ERP does very well is: It ingests a lot of data signals and makes sense out of it. And we're doing the same thing."
Many business-to-business products have a user experience that's suboptimal, and Modi would like to see Safe Security replicate the customer experience provided by business-to-consumer technology. Safe Security has up until now focused on functionality over form, but now that the company is bigger and better capitalized, Modi would like to see to see it allot more resources to user experience.
"We would like to become the ERP of cybersecurity."
– Saket Modi, co-founder and CEO, Safe Security
Safe Security is compatible with Google Chrome and laptops and has load times of 2 seconds, Modi said. To make Safe Security's technology more enterprise-ready, it should be compatible with all browsers and devices and have load times of no more than 1 second, he added.
"The experience has to be like when you go to Airbnb's website or PayPal or Google," Modi said. "I want that B2C experience for our B2B product."
Eschewing Long Questionnaires for Deep APIs
The company primarily serves customers in the financial services, retail, healthcare and service provider space with between $1 billion and $10 billion of annual sales. A typical client spends $125,000 with Safe Security each year, Modi said. Roughly 80% of Safe Security's revenue comes from the United States, while the United Kingdom, India and Australia each contribute just north of 5% in annual sales.
Safe Security primarily competes against other cyber risk quantification products such as RiskLens, Axio and Core Security, and Modi said his company's ability to provide both an outside-in and inside-out view of risk through API integrations rather than relying on extensive questionnaires sets it apart from the pack. Over the last two years, Safe Security has lost almost no competitive deals for which it was considered, he said.
From a metrics perspective, Safe Security enjoys 200% sales growth, a net retention rate of 131%, a gross retention rate of 96%, a net promoter score of 67 and just 8% employee attrition, Modi said. The company also tracks data tied to profitability such as gross margins, customer acquisition costs and the rule of 40 to ensure Safe Security isn't pursuing a financially unsustainable level of growth, he said.
"We're answering a fundamental need for CISOs who want to elevate from being compliance-led to actual business executives who can talk the language of the business and risk," Modi said. "That is the heart and soul of what Safe is meant for."