XM Cyber raises $17 million to simulate and remediate cyberattacks

XM Cyber, a startup developing a simulation and remediation platform to expose cyberattack vectors, today announced it raised $17 million. The company plans to use the proceeds to grow its R&D division while expanding its sales and marketing presence worldwide, according to cofounder and CEO Noam Erez.

Juniper Research expects the cost of a data breach in late 2020 to exceed $150 million — which is unfortunate news for the small businesses that experience 43% of cyber attacks, Symantec estimates. That’s one of the reasons Erez cofounded XM Cyber, which combats cyberthreats with AI, four years ago with Tamir Pardo — who served as director of Mossad, Israel’s elite security intelligence service, between 2011 and 2016 — and former intelligence officer Boaz Gorodissky.

XM Cyber developed its HaXM platform with a team of more than 30 cybersecurity researchers from Mossad, the Israel Security Agency, and the Israeli Intelligence Corps’ elite Unit 8200, and it leverages a swath of offensive methods to expose a network’s blind spots and autonomously recommend ways they might be fixed. It effectively performs the role of so-called red teams, corporate hackers hired to find system exploits and vulnerabilities. But unlike most human red teams, HaXM performs audits continuously, finding holes in enterprise networks as they’re rearchitected and updated over time.

HaXM’s cloud dashboard enables IT teams to “replay” penetration tests in a timeline and see the theoretical damage they caused, such as credentials and data that would have been exposed. And last December, XM introduced a solution that can simulate attacks on Amazon Web Services (AWS). The plugin audits AWS configurations via AWS APIs and uses that information to calculate different attack vectors, enabling security teams to identify misconfigurations that lead to risks including privilege escalations and access token theft.

XM Cyber claims to have dozens of customers in Europe, Israel, and the United States across a number of industries, including banking, insurance, manufacturing, government, and critical infrastructure. It attributes the growth in part to its pandemic response program, which offers extended trial use of its products for large enterprises.

Macquarie Capital, Nasdaq Ventures, Our Innovation Fund, and Swarth Group contributed to XM Cyber’s $17 million series B funding round. The company has raised a total of $49 million to date, from this current round as well as a $22 million series A round and a seed investment from Swarth Group.

Approximately $6 trillion will be spent globally on cybersecurity by 2021, according to Juniper Research, and XM Cyber isn’t without competitors in the cyberthreat detection space. Ironscales employs AI and machine learning to defeat organization-wide phishing attacks in real time, and France- and Boston-based Vade recently raised $79 million to further develop its filtering stack that protects against compromise, malware, and spam. There’s also Tessian, which uses machine learning for securing enterprise mail, and Valimail, which nabbed $45 million last year to thwart email phishing attacks.