Attack Surface Management
,
Security Operations
Acquiring Hubble Means NetSPI Can Now Manage External and Internal Attack Surfaces
NetSPI bought a startup led by a former AIG and Accenture security leader to create a consolidated platform for internal and external attack surface management.
See Also: Offensive Security: Lose That Loser’s Mindset
The Minneapolis-based proactive security vendor said the agentless approach and robust integration capabilities of Washington D.C.-area Hubble Technology align with customer demands for efficiency and consolidation, according to CEO Aaron Shilts. He said the deal will drive significant cross-selling opportunities within NetSPI’s existing client base, which spans financial services, healthcare and other regulated industries.
Existing Hubble customers will transition to NetSPI’s platform within the next four months, where Shilts said they will benefit from a comprehensive offering that fuses internal visibility with external attack surface management as well as cloud and vulnerability data. Shilts said the integration will help clients prioritize remediation efforts more effectively by providing a holistic view of their security landscape (see: The Shift to Continuous AI Model Security and Pen Testing).
“We started talking to our customer advisory board about this almost a year ago, and internal attack surface management was very high on their priority list,” Shilts told Information Security Media Group. “Existing NetSPI attack surface management customers are very excited to add the internal visibility piece.”
What Makes Hubble’s Approach to Internal Visibility Unique
Hubble, founded in July 2020, employs 13 people and closed a $9 million seed funding round led by Paladin Capital Group in May 2022. The firm has been led since inception by Tom Parker, who previously spent a year as deputy CISO at insurance firm AIG and four and a-= half years as Accenture Security CTO, where he led growth strategy and M&A. He will become NetSPI’s CTO as part of the transaction (see: NetSPI Doubles Down on Pen Testing With nVisium Acquisition).
CISOs struggle to get comprehensive visibility across their attack surface – problem driven by inadequate network visibility and exacerbated by the complexity of securing unknown systems and applications. At the same time, Shilts said, cybersecurity teams are under immense pressure to enhance efficiency and consolidate their tools due to budget constraints, which favor broad platforms over point solutions.
“Today’s CSO is really struggling with visibility into the entire attack surface,” Shilts said. “They’re just struggling to secure systems and applications that they’re not aware of.”
Hubble’s focus on doing one thing well is crucial for cybersecurity teams facing budget limitations, and Shilts said the company’s agentless approach is simplifying deployment, integration, implementation and operations. The real value of Hubble’s technologies lies in its ability to normalize and deduplicate data from various sources, which Shilts said enhances internal visibility and management.
“Agentless was a big thing,” Shilts said. “We often hear from our customers, ‘We can’t have one more sensor in the network,’ especially in large enterprise networks.”
How Hubble, NetSPI Will Tackle Attack Surface Management
The integration of Hubble’s capabilities with NetSPI’s existing platform aims to give customers end-to-end visibility, Shilts said, combining internal, external, cloud and vulnerability data for better prioritization and remediation. Bringing Hubble into the NetSPI platform involves combining assets and vulnerability data models to enhance feature sets and improve internal network visibility, according to Shilts.
“The biggest thing is synthesis of the data model on the back end,” Shilts said. “You’ve got to have a consistent data model between their asset view and our asset and vulnerability view. Then you’re able to start building these advanced features that help remediation.”
The Hubble technology will be offered as a module within NetSPI’s platform, allowing customers to choose either external or internal attack surface management or adopt both, according to Shilts. He said the company wants to maintain flexibility for customers while offering additional value to those able and willing to adopt both.
“We’ll be going out and looking for new prospects, but we’ve got an immediate opportunity to sell to several thousand existing customers,” Shilts said.
The joint NetSPI-Hubble offering will take on Axonius and JupiterOne in the attack surface management market, where Shilts said the company’s comprehensive data fusion and human expertise provide a competitive edge. Going forward, Shilts said, NetSPI plans to explore additional acquisition opportunities focused on either technological or geographic expansion, particularly in Europe or the Arab Gulf States (see: Pen Test Firm NetSPI Gets $410M Boost From KKR to Fuel M&A).
“We’re excited to bring this feature set to bear for the CISO community,” Shilts said. “We’ve had a lot of conversations with our trusted customers, and they’re excited about it.”