PlexTrac lands $70M to automate mundane tasks for security teams

With growing pressures and a shortage of talent, most security teams in 2022 are trying to do more with less. Cyber threats keep escalating, evolving, and growing in complexity. Meanwhile, job tracker Cyber Seek estimates that there are about 460,000 openings in cybersecurity in the U.S. alone.

This mismatch between supply and demand for cybersecurity professionals means that many companies are focusing mainly on playing defense — and putting less emphasis on proactive activities such as penetration testing, red/blue/purple teaming, and threat hunting.

But as it turns out, a lot of what proactive security professionals are spending their time on isn’t directly related to improving their company’s security posture. Much of their week is actually spent on mundane, routine tasks — such as pulling together data and writing reports, says Dan DeCloss, founder and CEO of PlexTrac.

And much of that work can be automated — which is what PlexTrac is seeking to do with its software for improving the efficiency of proactive security teams. PlexTrac’s platform collects data from proactive security tools into a central repository, automates the workflows involved in writing reports, and ultimately saves these teams an average of 30% of their time, according to the company.

The result, DeCloss told VentureBeat, is that companies expand their proactive security assessments — and thus improve their security posture. “Rather than just ad hoc assessments, or point-in-time assessments that are once a year, we’re helping people do this on a continuous basis,” he said.

And there’s another major benefit, as well: Because the platform can aggregate so much security data together, “you get a much better picture of what your biggest issues are and what you should be prioritizing,” DeCloss said.

Today, PlexTrac announced it has raised a $70 million series B funding round to further develop its proactive security management platform and expand its growth in the market. The round was led by Insight Partners, with additional backing from Madrona Venture Group, Noro-Moseley Partners, and StageDotO Ventures.

Customer traction

The funding follows PlexTrac’s growth in 2021, which saw recurring revenue expand by 3X and its customer count grow by 200%, the company said. PlexTrac reports that it now has more than 160 customers in total, including eight companies in the Fortune 100.

Among PlexTrac’s notable customers is cybersecurity firm Mandiant, which uses the platform across its teams — though with the largest adoption by its penetration testing team, DeCloss said. PlexTrac has streamlined the reporting process around assessments for Mandiant, enabling the company to deliver “better reports in less time,” said Evan Pena, managing director for the global red team at Mandiant, in a quote provided by PlexTrac.

Other customers include three of the four largest accounting firms, four large U.S. insurers, two major payment platforms, and two large asset managers, according to PlexTrac. Additional named customers include security consultants such as Herjavec Group, MegaplanIT, and Asylas Security.

Product capabilities

PlexTrac’s platform has about 20 integrations, bringing in data from tools such as vulnerability scanners, breach and attack simulation tools, and penetration testing as-a-service platforms.

The platform then collects all of the customer’s data from those tools in one place — showing the different campaigns that the customer is running in a centralized dashboard.

This speeds up the amount of time that it takes to get that data into a single spot, while the software also normalizes the data to provide a single view into “what your top issues are,” DeCloss said. The dashboard shows other important info such as who’s assigned to fix the issues and how long they’ve been open, as well.

Then, when it comes to remediation of the issues that are found, that part of the process can also be facilitated and tracked in the platform, DeCloss said.

“We’re saving people a lot of time because PlexTrac serves as that central repository for all the issues and risks,” he said. “They don’t have to be tracking that down all the time from the various systems or the different teams.”

Additionally, PlexTrac integrates with ticketing systems Jira and ServiceNow so that users don’t have to switch between tools.

In terms of writing the report itself, PlexTrac provides a repository for reusable content that can be easily used in the report—eliminating copying and pasting in Word and Excel documents, DeCloss said.

Growth funding

With its series B funding round, PlexTrac has now raised $82 million since DeCloss began focusing full-time on the company in 2019 (he says he originally began writing the code in 2016).

Prior to PlexTrac, DeCloss worked as a penetration tester at Veracode, Mayo Clinic, and Anthem. He then worked at Scentsy as director of IT security from 2016 until going full-time on PlexTrac in March 2019.

The Boise, Idaho-based company currently has 85 employees, and aims to end the year with a headcount of about 160.

Plans for the product going forward include adding the ability to schedule proactive security tests and campaigns for third-party tools inside of PlexTrac itself, along with integrating with threat intelligence feeds to be able to further enhance the prioritization of issues, DeCloss said.

All in all, PlexTrac does more than just improve security posture and the efficiency of security teams, he said.

“When they’re not having to focus on the mundane tasks, they just have a better morale across their team altogether,” DeCloss said.