Immersive Labs, a platform that seeks to improve and measure the skills of cybersecurity personnel through gamification, has raised $40 million in a round of funding led by Summit Partners, with participation from Goldman Sachs.
Founded out of Bristol, U.K., in 2017, the core premise behind Immersive Labs is that it enables companies to engage their cybersecurity workforce in practical exercises inside a browser, which may involve threat-hunting or reverse-engineering malware. It essentially puts “theory” into practice through immersive online experiences tailored to specific scenarios.
Immersive Labs was founded by James Hadley, who has previously served as cybersecurity instructor for Government Communications Headquarters (GCHQ), the U.K.’s intelligence and security unit.
“At Immersive Labs, we’re focused on applying game mechanics to build a dynamic and customizable environment that takes learning out of the classroom, and into our own worlds, so that we can learn at our own pace and in our own way,” Hadley told VentureBeat. “And organizations can be better prepared to defend against cyber attacks.”
The platform offers what it calls “labs,” each of which are “story-driven exercises” spanning myriad cybersecurity skills, each mapped against industry frameworks including Mitre Att&ck, which is a global knowledge base of tactics and techniques used by cyber criminals in the real world, and NIST NICE, a collaboration between government, academia, and the private sector designed to support cybersecurity education through creating standards and best practices.
It’s worth noting here that Immersive Labs strives to use actual real-world examples in its training exercises to keep things relevant and relatable — it’s ultimately about ensuring knowledge is current.
“Gaps in cybersecurity knowledge meaningfully increase risk to an organization, creating vulnerability and presenting opportunity for attackers,” Hadley said. “The rapid, constantly evolving threat landscape has made traditional classroom training for cyber skills obsolete.”
Rogue hacker group Magecart, for example, has wreaked havoc at several major companies, including Ticketmaster and British Airways, by deploying malware that skims customers’ personal payment information at the online checkout. As such, Immersive Labs has a specific exercise covering Magecart, challenging the user to complete tasks including locating the Magecart skimmer in an imaginary online store.
Immersive Labs claims around 100 organizations globally are using its platform, including the U.K.’s National Health Service (NHS), London Metropolitan Police, Citigroup, British Telecom, Bank of Montreal, its investor Goldman Sachs, and Hadley’s former employer — GCHQ.
Prior to now, the company had raised $8 million via its series A round of funding back in January, and with another $40 million in the bank it said that it plans to double down on its push to increase its adoption by major banks, defense contractors, and governmental organizations. More specifically, Immersive Labs will expand its platform across North America, where it recently opened its new U.S. headquarters in Boston.
A day barely goes by without some kind of data breach or hack hitting the headlines, which explains why the global cybersecurity market is expected to grow from $152 billion today to $250 billion within a few years.
As with many facets of the technology industry, the global cybersecurity workforce is facing a growing shortfall, which makes automated, AI-powered security smarts all the more appealing — such startups have attracted significant investment from venture capitalists in recent times, while established technology companies such as BlackBerry are investing heavily in automating security too.
Immersive Labs is taking a different approach. In effect, it acknowledges that humans are still an integral part of the cybersecurity picture — it’s not about promoting a “humans vs. machines” agenda, though. It’s about highlighting that skilled people, plus whatever automated tools a company wishes to use, are a good mix.
“AI is indeed playing a bigger role in the security field, as it is in many others, but it’s categorically not a binary choice between human and machine,” Hadley told VentureBeat. “In simple terms, AI can lift, push, pull and calculate, but it takes people to invent, contextualize, and make decisions based on morals. Businesses have the greatest success when professionals and technologies operate cohesively. AI can enhance security, just as it can be weaponized, but we must never lose sight of the need to upskill ourselves.”
In addition to plugging knowledge gaps in the existing workforce, Hadley hopes that companies that encourage and promote upskilling will be better positioned to attract fresh talent in an already competitive landscape. “The Immersive Labs platform up-levels the skillsets of security professionals and all other knowledge workers to strengthen the cyber health of the whole organization,” he said. “By incorporating new learning techniques, we believe it will also draw more talented professionals to this critical arena.”
Immersive Labs isn’t the only platform that promotes cybersecurity learning through interactive exercises. Countless companies run hackathons, for example, while tech giants such as Facebook use capture-the-flag (CTF) competitions to encourage developers to learn about online security and bugs through completing challenges. In fact, Immersive Labs incorporates CTF competitions into its own platform.
It’s also worth looking at its lead investor, Summit Partners, which has invested in a number of notable cybersecurity companies in its 35-year history, including McAfee and Avast, two of the biggest brands in the consumer security software sphere. More recently, Summit has invested in younger cybersecurity upstarts including Darktrace, a newly hatched unicorn as of last year’s $1.65 billion valuation.
Put simply, Immersive Labs is in good company.
“Cybersecurity has been a core investment theme for Summit for many years,” said Summit Partners principal Antony Clavel. “We recognize in Immersive Labs many of the same qualities that we’ve seen in other cybersecurity leaders: a technically strong and strategically thoughtful management team; a differentiated product addressing a large and urgent market need; and a rapidly growing base of blue-chip customers. We believe Immersive Labs is well-positioned to become a global category leader in cyber skills development.”