In these uncertain economic times, the budgets for cybersecurity are facing a challenging situation. According to a survey conducted in 2023 by IANS and recruiting firm Artico Search, over a third of chief information security officers (CISOs) have kept their security spending stable or even reduced it slightly. Another report by PwC suggests that one in five organizations will see their cybersecurity budget stay stagnant or decrease this year.
So what is a CISO supposed to do? Well, according to Garrett Hamilton, they should give Reach Security a chance. Reach is Hamilton’s brainchild, a startup he co-founded with Colt Blackmore in 2021. It is technically a cybersecurity platform, but with a unique approach.
Instead of being just another layer in a company’s cybersecurity strategy, Reach connects to existing IT and security products, gathering data on attacks and recommending ways to combat them using tools that the company already has.
“The average security team only utilizes a fraction of their resources, resulting in difficulties in securing their organization,” Hamilton explained in an interview with TechCrunch. “Most companies in the industry will say that you need another security measure to solve this problem. They’re mistaken.”
Prior to Reach, Hamilton worked at Palo Alto Networks as the director of product management, while Blackmore was the head of data science at cybersecurity firm Proofpoint and previously held a technical lead position at Palo Alto. Together, they designed Reach to simplify and streamline businesses’ basic security decisions.
According to Hamilton, many organizations feel like they are just “running in place” by continuously purchasing security tools and then struggling to see results from them. In fact, a survey by security posture management vendor Panaseer found that on average, organizations manage between 64 to 76 security tools, and only a third of them are confident in the effectiveness of their security controls.
Therefore, it is not surprising that most CISOs feel like their cybersecurity budget is not being utilized efficiently. Even with numerous offensive and defensive tools, it can take days to weeks to detect threats. Hamilton believes that it is crucial for security teams to optimize their existing tools based on their specific threat profile.
“Vendors should meet the customer where they are to prove their value, and customers should focus on operating what they have deployed effectively before considering another tool or platform,” stated Hamilton.
With this in mind, Reach aims to identify attackers, their targets, and their methods of attack, and then suggest options to stop them using the company’s subscribed-to products. Reach also automates security tool configurations, prioritizing actions based on the attack’s nature. Essentially, Reach goes beyond standard best practices and compliance frameworks to analyze an organization’s security posture and tailor its recommendations accordingly.
Several companies, including Autodesk, have already implemented Reach’s tools, and the startup recently secured a $20 million funding round led by Ballistic Ventures. Other investors include Artisanal Ventures, Ridge Ventures, Webb Investment Network, Tech Operators, and former Palo Alto Networks CEO Mark McLaughlin.
With impressive backing and a unique approach, Reach is poised for success in a cybersecurity sector that has been experiencing a downturn. DataTribe, a startup incubator, reported a 37% decrease in completed cybersecurity funding deals from Q4 2022 to Q4 2023, with Series A valuations dropping significantly.
“The broader slowdown in tech has amplified the value that Reach provides,” Hamilton explained. “The demand for using existing security controls more effectively is only increasing, so Reach is positioned for growth. While the new capital raised will help scale the business, we will continue to be mindful of our spend and prioritize results.”
Geoff Belknap, LinkedIn’s CISO, believes Reach offers a solution to the common problem of having too many tools and not enough people. He stated, “It is worth considering for security leaders who want to get the most out of their current tool investments and demonstrate a steady or even increasing return to their board and executive stakeholders.”