Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Earlier this week, bug bounty and vulnerability disclosure platform Intigriti announced that it had raised over €21 million ($22 million) as part of a series B funding round.
The organization’s solution provides enterprises with access to over 50,000 ethical hackers, who can continuously test the security of their environments through bug bounty programs and crowdsourced techniques.
As part of this approach, an organization can pay an external researcher to search for vulnerabilities bad actors could exploit and report them to the organization through the Intigriti platform to remediate them.
For enterprises, crowdsourced security has the potential to detect vulnerabilities that commercial scanners miss, and upscales the capabilities of onsite security teams who may not have the time or expertise to spot potential entry points themselves.
Keeping up with hackers
The announcement comes as organizations continuously struggle to allocate the resources necessary to effectively balance cybersecurity concerns alongside other strategic business objectives.
Research shows that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity or other goals.
However, Integriti’s head of hackers, Inti De Ceukelaire, argues that bug bounty solutions have a critical role to play in providing overstretched security teams with access to external support from “adversarial-minded” security researchers.
“Our bug bounty platform enables companies to overcome several common cybersecurity challenges. For example, clients can overcome cybersecurity skills gaps by leveraging thousands of security experts’ skills, expertise and creativity. They can also more easily stay on top of cyberthreats by tapping into this network,” said Ceukelaire.
“Like a malicious hacker, bug bounty hunters are wired to spot what your team might miss. With a bug bounty program, organizations are also investing in their internal talent by allowing them to learn from incoming submissions and interactions with researchers,” Ceukelaire said.
By providing organizations with a centralized security-testing solution, internal teams can proactively test their security defenses and scale the capabilities of their human analysts in a way that’s cost effective.
The bug bounty market
Since the organization’s initial funding round in 2020, Intigriti has grown by 650%, making it the fastest-growing crowdsource security platform globally. This has coincided with the growth of the global bug bounty market, which researchers valued at $223.1 million in 2020, and anticipate will reach a value $5.46 billion by 2027.
Other companies embracing the crowdsource security approach include crowdsource security provider BugCrowd, which offers a platform for managing vulnerabilities with vulnerability rating taxonomy (VRT) and common vulnerability scoring system (CVSS) ratings, alongside remediation guidance; and integrations for JIRA, Slack, ServiceNow, Trello and Github.
BugCrowd raised $30 million in funding in 2020.
Another big competitor in the market is HackerOne, which provides organizations with access to continuous vulnerability testing from external researchers, who can prioritize vulnerabilities to enable internal security teams to follow up more effectively.
HackerOne most recently announced that it had raised $49 million as part of a series E funding round earlier this year, bringing its total funding to date to $160 million.
In terms of differentiation, Intigriti aims to stand out from other providers with triaging. “Unlike most other leading bug bounty platforms, our programs also offer triage services by default and without an additional fee. Triage plays a significant role in managing incoming reports and will make sure the program’s internal team only receives unique, actionable and valid reports, meaning they can keep their focus on business-as-usual activities,” Ceukelaire said.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.