Security startup Intrigue.io has raised $2 million from LiveOak Venture partners to accelerate product development for its attack surface management (ASM) platform. Intrigue developed an open source approach for discovering and investigating vulnerabilities across mobile, work-from-home, and cloud infrastructures.

With even the best-equipped organizations struggling to consistently and automatically identify assets, find exposures, assess security risks, and address problems quickly, attack surface management has become an important area of concern for security teams. The massive adoption of cloud, SaaS, and mobile across a distributed workforce means organizations have an expanding, evolving, and changing attack surface.

“We see attack surface management as a continuous process that security teams perform to discover intelligence about assets and exposures, direct that intelligence to the right owner in the business, and enable the business owner to mitigate the risk,” Intrigue founder and CEO Jonathan Cran told VentureBeat in an email.

From a technical perspective, attack surface management involves scanning, exploring, and inventorying assets across the enterprise, partner, and third-party infrastructure to map the attack surface and then monitoring the assets to detect any changes to the configuration and exposure to known threats. The final component involves mitigating risks by addressing the vulnerability or fixing the configuration error.

Parts of Intrigue’s platform

Traditional security tools were designed for fixed assets and have trouble tracking software-defined assets that are constantly changing. The Intrigue platform uses various open and customer-configured data sources to find assets across hosts, apps, cloud services, and user accounts. Intrigue relies on a graph database to capture assets and their security properties with more precision than would be possible with a traditional configuration management database.

Intrigue Enterprise relies on non-linear mapping technology for asset discovery, workflows for automatic scoping and vulnerability control, and integrations with other network tools. Intrigue Core, an open source asset discovery project that serves as the backbone for the company’s enterprise offering, relies on discoveries by community members. For example, this week one community member introduced a capability to find a device’s internal IP address from F5 load balancers.

“This kind of pivot, in combination with the multitude of vulnerability checks driven by threat [intelligence], helps our customers gain an edge on attackers,” Cran said.

If the enterprise has a tool that’s good at finding open network ports, Intrigue can incorporate that technology as a data source to enrich the asset inventory. The Intrigue team is also building out integrations into various threat management tools, including CMDB, SOAR, incident management, and ticketing solutions to speed incident resolution in response to the discovery of new security threats. The new investment would help Intrigue expand beyond existing integrations such as BGP routing tables, on-demand DNS lookups, cloud providers, cloud asset repositories, historical DNS, historical Passive DNS, internet-wide scanning, reverse Whois, historical reverse Whois, social media account lookups, GitHub and GitLab repositories, and threat indicator of compromise (IoC) repositories. The latest round of funding will also help support the security and developer communities contributing to Intrigue Core.

“You can’t secure what you can’t see. Intrigue goes far beyond current offerings to give enterprises visibility into their entire public-facing footprint so they can both monitor it and secure it,” said LiveOak Venture Partners principal Creighton Hicks.