Author: David Brumley

Onward to the Next Chapter in ForAllSecure’s Journey

Onward to the Next Chapter in ForAllSecure’s Journey

Welcome back to the second installment of the ForAllSecure Journey series. In my previous post, we took a look back at ForAllSecure’s history. In today’s piece, I’d like to share not only my vision for the future, but also an exciting announcement.

Where it all began…

In 1998, I joined Stanford as a computer security officer, a role that is called CISO today. It was me and one other person. Our job was “computer security”, which included incident response. Then, we were able to accomplish a lot with just two people:

  • Monitor for brand-new vulnerabilities. 90% of information came from simply subscribing to the securityfocus mailing list and checking CERT bulletins. The work involved wasn’t half bad.
  • Scan for known vulnerabilities. We used Nessus when it was first released as open source.
  • Tell users to update. Admittedly, this wasn’t easy. Even back then, users didn’t want to risk an update breaking their workflow.

Two years later, our team was at capacity. New vulnerabilities were released more frequently. Scanning took considerable time. Informing users was still a bottleneck. Updates only came after our users were hacked.

The worst part was the way it felt. It was a never-ending treadmill. We were reactive to whatever the attacker was doing. Security wasn’t in control of the security cycle; we were reacting to the pace set by the attacker.

It was impossible to do everything we needed to do. We needed to get ahead of the curve. Here are some of the fundamental challenges I saw:

  • We were reactively looking for vulnerabilities already discovered by attackers. We must be proactive by leveraging superior techniques and technology.
  • We were manually scanning for known vulnerabilities. We need to instantly recognize which machines are at risk every time a new vulnerability is discovered.
  • We were pleading with users to patch for security and unable to articulate other business impact. We shouldn’t be guessing; we should algorithmically determine functionality, performance, and security of all updates before they ship.

These needs gave rise to ForAllSecure’s vision:

Autonomously check and protect the world’s software.

Humans are at their best when they’re given the space to be creative. I believe that automating boring, time-consuming tasks with autonomous technology will give them that. Relieving scarce security, development, and operations engineers from mundane, manual tasks offers mental freedom to creatively tackle challenging issues. Ultimately, we wanted to build a solution that elevates human potential.

Since, we’ve aggressively executed against this mission. ForAllSecure has carried out fundamental research that top peer-revenue venues accepted. We competed in an open contest to determine how well our technology works and won. Now, we’re moving on to the next step.

The Next Stage of Growth

We believe in our vision and the need to invest in growing the business to achieve it. As part of this, we are thrilled to announce our recent close of $15M Series A, led by New Enterprise Associates (NEA). NEA’s Forest Baskett and Aaron Jacobson have proven experience scaling early stage enterprise companies. We have also brought on several strategic investors, including Lane Bess and Jim Swartz. Jacobson, Baskett, Bess, and Swartz are accomplished business-building partners, and we look forward to their guidance as we bring Mayhem to market broadly.

Today, the Mayhem solution is available as a part of our early access program. Through this program, we’re collaborating with design partners, such as the Defense Innovation Unit and Fortune 1000 companies in automotive, Internet of Things (IoT), and high-tech industries, to develop Mayhem into a scalable, enterprise-grade platform with broader architecture support, DevOps integration, and enhanced usability. Ultimately, we want to make it easy for security, operations, and development teams to bring powerful dynamic security testing, that historically has been exclusive to tech behemoths like Google, into their software lifecycle. To learn more, go to https://forallsecure.com/early-access/.

As we progress, I’ll continue to unveil more about the ForAllSecure journey and want to share my deep gratitude to our design clients, who have been strategic to Mayhem’s evolution. Thank you and looking forward to the journey ahead!