Governance & Risk Management , Vulnerability Assessment & Penetration Testing (VA/PT)
HelpSystems Buys Red-Teaming Firm for Offensive Security
Purchase of Outflank Marks Security Software Firm's 10th Acquisition in 20 MonthsMinneapolis-based HelpSystems is betting that customers are tiring of narrow point products and want a single vendor. The company has acquired 10 companies over the past 20 months to broaden its security services, and this week bought Dutch red-teaming startup Outflank for an undisclosed amount.
See Also: Mobile Apps are the New Endpoint
The cybersecurity and automation software provider says its purchase of Amsterdam-based Outflank will provide clients with a broader range of red-teaming software and services thanks to Outflank's tight integration with Cobalt Strike, says John Grancarich, executive vice president of strategy at HelpSystems. Clients will also benefit from Outflank's sophisticated security testing and pen-testing product capabilities (see: How Has COVID-19 Changed CISO Approach to Data Security?).
"Red teaming really mimics the tactics, the techniques and the procedures that are used by real-world attackers to test the resilience of any organization today," Grancarich tells Information Security Media Group. "Businesses providing red teaming have really seen the demand for their services grow."
Under the deal, which closed Thursday, all nine Outflank employees will join HelpSystems, Grancarich says. Outflank has extensive experience in the financial services sector, and its experience in securing core infrastructure - including energy systems and power grids - will benefit existing HelpSystems customers tremendously, he says.
"This has been a really well-run organization," says HelpSystems Chief Marketing Officer Mike Devine. "They are really senior experts in this space, and we don't want to get in their way."
Exposing the Latest Vulnerabilities
The combination of Outflank and Cobalt Strike will help HelpSystems customers test for a broader range of vulnerabilities and leverage advanced approaches to spot weaknesses and address them over time, Grancarich says. Organizations have increasingly turned to red teaming and advanced security assessment to prepare for sophisticated threats.
For Outflank customers, integrating red-teaming technology into HelpSystems will allow them to get a broader range of security services and solutions from a single provider, Grancarich says. Red teaming is just one piece of a broader security strategy, and Grancarich says HelpSystems has red teaming capabilities to offer existing customers.
The red-teaming integration between Outflank and HelpSystems is already in place thanks to Outflank's existing relationship with Cobalt Strike, but Grancarich sees additional opportunities to increase the interoperability between the two product sets. From a go-to-market perspective, HelpSystems will focus on getting Outflank into the hands of its 30,000 customers.
"They have a relatively limited geographic presence and a relatively limited customer base," Grancarich says. "What this is really going to offer Outflank is the ability to take their already-well-regarded services and products and offer them as part of a broader platform. We're going to be able to extend their reach across many more customers than what they're able to reach today."
Reducing the Vendor Footprint
Grancarich says red teaming is one of three pillars of HelpSystems' offensive security practice and has been stood up alongside vulnerability management and penetration testing. HelpSystems has turned to acquisitions to obtain more strategic capabilities in each pillar, purchasing Core Security for penetration testing, Beyond Security for vulnerability management, and Cobalt Strike's parent firm, Strategic Cyber.
Vendor consolidation will allow customers to move away from narrow point products and accomplish more through a single vendor, as well as reduce waste and inefficiency, Grancarich says. The string of 10 acquisitions since January 2021 has allowed the company to build up capabilities in fields such as offensive security, data loss prevention and digital risk protection, Grancarich says.
"We increasingly see HelpSystems as a powerful overall toolbox for the security community," he says.
From a metrics standpoint, Devine says HelpSystems plans to track how much revenue Outflank is generating as well as the adoption of the product among existing HelpSystems customers. HelpSystems specifically hopes to bundle Outflank with Core Security and Cobalt Strike as part of a bundle focused on penetration testing, according to Devine.
"We think that, really, the core problem across security today is inefficiency and waste," Grancarich says. "Anything that we can do to remove and eliminate that wherever possible is going to make it easier for today's CISOs to think holistically about how to run an effective security organization."