Picus Security Raises $45 Million to Spearhead New Era of Adversarial Exposure Validation

SAN FRANCISCO, September 19, 2024 – Picus Security, the security validation company, today announced it has closed a $45 million growth investment round led by Riverwood Capital with the participation of existing investor Earlybird Digital East Fund, bringing Picus’ total funds raised to $80 million. Picus has over 500 enterprise customers worldwide today, and this latest investment will advance Picus’ continued product innovation and expand customer success, sales, and marketing. 

Picus offers the only Adversarial Exposure Validation solution that brings together Automated Penetration Testing, Breach and Attack Simulation (BAS), and Rule Validation capabilities in an open platform. By correlating once-siloed exposure data, Picus makes it simple for cybersecurity teams to prioritize, validate, and fix critical gaps. As a first mover, Picus is leading this newly established category of Adversarial Exposure Validation. Once disjointed tool sets and data now fuel the Picus Exposure Data Fabric™ and Picus Risk Dashboard providing a clearer picture of cyber risk.

“By taking a fresh, open approach to continuous threat exposure management, Picus’ platform empowers organizations to better understand cyber risks and be proactive against bad actors,” said Joe De Pinho, Partner, Riverwood Capital, and Picus’ newest Board Member. “Their use of automated pen-testing alongside continuous validation is not only a game-changer today but also lays the groundwork for how enterprises will safeguard themselves in the future."

Serving customers across every major industry – specializing in regulated industries such as financial services – Picus has simulated over one billion cyberattacks to help customers reduce cyber risk and harden their defenses with its Security Validation Platform. 

“Enterprises are looking for a more effective approach than their legacy vulnerability management practices, and are planning on implementing new exposure management technologies in the next 12-18 months,” said Picus CEO and co-founder Alper Memis. “We are excited to give security leaders the ability to bring together vulnerability, BAS, and attack surface data from different tool sets so they can assess and validate their exposures. As the pioneer of Breach and Attack Simulation, and now a leader in Adversarial Exposure Validation, we are very pleased to help our customers improve their security posture.”

The formation of the Adversarial Exposure Validation category stems from the widespread understanding across cybersecurity of a new framework for managing cybersecurity risk in enterprise organizations, Continuous Threat and Exposure Management (CTEM). CTEM has given rise to a more offensive view of cybersecurity. Many security teams have turned to this framework as a guide to improve their security posture, recognizing that continuous validation of cyberinfrastructure, rules and defenses is now essential. 

Francisco Alvarez-Demalde, Co-Founder & Managing Partner of Riverwood Capital, added, “Picus is reshaping cybersecurity with AI-powered and machine learning capabilities that help companies identify and address vulnerabilities more efficiently, all in a context of an acceleration in the automation, number, and complexity of cyberattacks. Their remarkable growth in the Americas, tripling in just 12 months, solidifies their position as a key innovator in the field. We are excited to partner with Alper and his team as they build a platform that equips businesses to stay ahead of evolving threats.”

Additional Resources: 

• Read the announcement blog from Picus CEO, H. Alper Memiș
• Register for the 2024 Briefing: Exposure Validation, on Wednesday, September 25, 2024, at 10:00 a.m. EDT.

About Picus

Picus Security, the leading security validation company, gives organizations a clear picture of their cyber risk based on business context. Picus transforms security practices by correlating, prioritizing, and validating exposures across siloed findings so teams can focus on critical gaps and high-impact fixes. With Picus, security teams can quickly take action with one-click mitigations to stop more threats with less effort.

The pioneer of Breach and Attack Simulation, Picus delivers award-winning threat-centric technology that allows teams to pinpoint fixes worth pursuing, offering a 95% recommendation in Gartner® Peer Insights™ Customers’ Choice for 2024 in the BAS tools category.^*

About Riverwood Capital

Riverwood Capital invests in high-growth companies in the technology and technology-enabled industries. Riverwood offers a unique combination of operational, strategic, technology, and financial insight to portfolio companies that typically need growth capital and expertise to scale on a global basis. The firm seeks to invest in established businesses with a proven technology and business model, and the proper fit in terms of culture and values. Riverwood was founded in 2008 and has had the opportunity to invest in and support over 75 companies since inception, which have grown revenues at ~40% per year on average during that period. The Firm has offices in Menlo Park, CA; Miami, FL; New York, NY; and São Paulo, Brazil. Please visit www.riverwoodcapital.com.

About Earlybird Digital East Fund

Earlybird Digital East Fund is one of the world’s leading early-stage VC investors, investing in tech startups with global ambitions and roots in Emerging Europe. The firm’s debut fund was one of the top performing VC funds globally ever, and the team has backed some of the region’s biggest successes including multi-billion dollar companies UiPath, Payhawk, and Peak Games. After operating as an independent fund within Earlybird for over a decade, the fund will be relaunching under an independent brand in Q4 2024.

* Gartner, Voice of the Customer for Breach and Attack Simulation Tools, Peer Contributors, 30 January 2024 
GARTNER is a registered trademark and service mark, and PEER INSIGHTS is a trademark and service mark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.