Our investment in Trickest and automation of offensive cybersecurity
We at Earlybird Digital East are excited to announce that we have invested in Serbia-based cybersecurity startup Trickest, the automated offensive cybersecurity platform. We have joined the €1.4m seed round together with lead investor Credo Ventures and UiPath founders.
Trickest’s cloud-based platform provides offensive security professionals (aka “ethical hackers”) with powerful automation and workflow-building capabilities, allowing them to harness the power of hundreds of open-source tools from a single platform. Using the platform, both external offensive security experts (pentesters, bug bounty hunters) and internal enterprise users will save time and improve the efficacy of their operations.
Our confidence in the founders Nenad Zarić and Mihailo Tomić was one of the most important reasons behind our investment in Trickest. They came up with the idea for Trickest from Nenad’s several years of first-hand experience of participating in bug bounty programs of global companies such as Uber, Paypal, Snapchat on the popular bug bounty platform HackerOne.
With this post, we intend to share our learnings on the space, the current major challenges faced by individual pentesters and enterprise users, and our take on the future of offensive cybersecurity.
We believe Trickest’s automation capabilities, simplicity and cost-effectiveness will position the platform to lead the transformation in the offensive cybersecurity market.
What is Offensive Cybersecurity?
Cybersecurity has become a fact of life for every organization worldwide. Organizations need to ensure their networks, websites, hardware, applications, and data are secured against cyberattacks — and to do that, they need to find and fix security weaknesses that a cybercriminal could otherwise exploit. This becomes even a more pressing need, as the number of endpoints and attack surfaces of companies grow rapidly, and new & smarter attack methods are introduced by cybercriminals.
Companies can do this in two ways. First, they use a defensive security team (known as a blue team) to detect and protect against threats using a wide array of tools such as firewall, EDR and forensics tools (e.g. see our investment Binalyze), IPS, SIEM, or Breach and Attack Simulation platforms (e.g. see our portfolio company Picus Security). Second, they might use an internal or external offensive security team (known as a red team) to proactively search for vulnerabilities in the organization’s security posture. An effective cybersecurity program employs both defensive and offensive security, as neither is sufficient in isolation.
Offensive cybersecurity is the use of dedicated security testing and hacking tools and techniques to find and verify security vulnerabilities that someone outside the organization could exploit. What makes it offensive is the attempt to simulate malicious real-world techniques that a cybercriminal might employ to gain unauthorized access, cause damage, or steal sensitive information.
In addition to completing their regular offensive security testing, most organizations also engage external pentesters through bug bounty programs. There are two main reasons for this:
- To get an impartial assessment of their security posture
- To comply with regulatory frameworks, best practice guidelines, and customer requirements
Since practically every security regulation and framework requires it, there is a constant and growing need for external security testing.
The #1 Challenge in Offensive Security
As crucial as it is, offensive security isn’t without challenges.
Offensive cybersecurity in itself is not a new practice. However, the tool stack used by the pentesters is still in its early days. For the most part, internal red teams and external pentesters rely on a broad array of commercial and open-source hacking and security research tools, which are still in the early days of their automation lifecycle.
In particular, most offensive security techniques require a lot of manual and repetitive work. Pentesters use a huge number of different tools, manually configuring, deploying, and testing each in turn. Pentesters even have to manually build their pipeline (a chained series of events or actions), iterate over it, and rebuild them from scratch for each new project. Naturally, all of this can take a huge amount of time, and the complexity involved makes it hard for beginner and intermediate pentesters to apply their skills effectively.
Worse still, individual pentesters must keep up with the development of thousands of separate tools, maintaining their development environment to ensure all tools are updated and working correctly. Not only is this cumbersome and time-consuming, but it’s also expensive because most pentesters have to pay for a remote server to host all these tools on.
And this issue doesn’t only affect individual pentesters. Enterprise red teams also face similar challenges:
- Manual pentesting is usually ‘one and done,’ with little (if any) chance of being automated for continuous testing
- Enterprise security teams usually don’t have the testing expertise of external pentesters and experts, so they struggle to create their own testing workflows
- Existing ‘black box’ pentest automation tools don’t solve these challenges because they lack the flexibility to create new workflows to address the latest cyberattacks
The need for automation becomes more obvious, as the offensive cybersecurity market is growing rapidly each year. The world’s largest ethical hacking community HackerOne has doubled in size since 2019 to over a million hackers.
Trickest: The Automated Offensive Cybersecurity Platform
To address their challenges, offensive security practitioners mainly need two things:
- Easy access to a broad range of offensive security tools — always fully updated and ready to use
- Reusable workflow development and automation capabilities to save time, reduce manual effort, and eliminate human errors
Trickest is a cloud-based platform for automated offensive cybersecurity, designed to serve the needs of individual pentesters, security researchers, and enterprise users.
Trickest provides a comprehensive platform for building and automating offensive cybersecurity workflows with no coding required. While the platform supports custom scripting, it also offers an ultra-simple drag-and-drop workflow builder. This enables pentesters to chain together capabilities from 100+ tools into powerful, reusable pipelines that can be deployed with a single click.
Trickest aggregates 100+ open-source offensive cybersecurity tools and ensures all of them are kept up to date and with full documentation. Because the platform is ‘white box’ — meaning users can see exactly what goes on inside — it gives pentesters complete visibility and configurability over their testing process. Trickest also handles the infrastructure management under the hood. Users can easily deploy their testing workflows on the Cloud with one click, configure and run automated processes, without worrying about scaling of resources and Cloud costs.
For enterprise users, Trickest offers an easier and more effective way of pentesting compared to existing blackbox pentest tools and scanners as it provides periodic/continuous pentesting capabilities, superior DevOps automation, infrastructure cost savings, and an easy on-ramp to upskill new team members. Ultimately, internal security teams would spend more of their time on high-value tasks instead of tedious manual work and gain access to complex security capabilities that are otherwise reserved only to highly advanced enterprise red teams today.
We believe Trickest’s key differentiators (automation, time savings, cost-effectiveness, simplicity and transparency, and more effective security testing) position the platform to lead the transformation in the offensive cybersecurity market.
Recognizing this potential along with the lead investor Credo Ventures in the round, we are excited to partner with Trickest and support Nenad, Mihailo, and the rest of the team to establish their platform as the market leader.
…
Learn more at Trickest
Written by Mehmet Atici, Baturay Kaya and Can Gemici
