Red Sift Acquires Attack Surface Management Vendor Hardenize

A phishing and fraud prevention vendor has bought a startup founded by Qualys’ longtime engineering leader to help organizations more effectively discover and monitor assets.

See Also: Building a Secure IoT Deployment Using 5G Wireless WAN

London-based Red Sift says its purchase of fellow British security upstart Hardenize will make it easier for customers to assess the security of their digital asset inventory as well as the domains and certificates that belong to them, says CEO Rahul Powar. Red Sift and Hardenize first partnered a year ago to focus on helping customers get ahead of the game by preventing bad things from happening, he says.

“We used their data and their capability to help our customers really understand everything on the internet that belongs to them,” Powar tells Information Security Media Group. “You can’t protect what you don’t know about. And in the process of working with them, we realized it made a lot more sense for us to really be part of the same organization.”

Terms of the deal, which was closed Monday and announced Thursday, weren’t disclosed. Hardenize, founded in 2017, didn’t raise any outside funding and employed 10 people at the time of Red Sift’s acquisition, Powar says. Hardenize was established by Ivan Ristic, who previously founded SSL Labs and spent nearly six years as director of engineering for Qualys after the cloud security and vulnerability management firm purchased SSL Labs in 2010.

Powar says there aren’t many vendors that provide proactive security solutions. “Philosophically, both myself and Ivan were excited about the idea of building solutions that help defenders get ahead of the game,” Powar says.

Ristic joined Red Sift as its chief scientist and is responsible for the future-facing strategy of the company’s products. Red Sift has tasked Ristic with providing both product and thought leadership, and he’ll work closely with analysts, customers and the industry to guide the direction of Red Sift’s solution set. Red Sift currently employs approximately 100 people.

The Power of Email and Web Protection

Customers using Red Sift’s anti-phishing or anti-fraud technology will be able to activate Hardenize’s asset monitoring and discovery capabilities from their existing dashboard by the end of October, Powar says. Hardenize’s technology will provide Red Sift customers with security ratings on internet-facing assets in their possession, according to Powar (see: CrowdStrike to Buy Reposify to Secure Attack Surface, Assets).

Powar says Red Sift and Hardenize’s technology complements Red Sift’s anti-phishing product, taking a protocol-level approach focused on enabling customers to boost their security posture so that they benefit from the email security tools they’ve already purchased. Hardenize is taking on the same issue from a web security perspective since just 1% of the top 10,000 websites use all available security tools.

“We’re really looking at the same set of problems but from different perspectives,” Powar says. “Red Sift is really about the people, and email and messaging are at the core of that. And Hardenize is about the systems that they use, which is the web browsers and services that they consume over the net.”

Hardenize does an exceptional job of finding everything on the internet that an organization actually owns, which Powar says can be challenging for security teams at organizations with more than 20,000 domain names. Monitoring digital assets over time will become more difficult for smaller organizations as infrastructure gets more complex and departments within a business stand up their own microsites.

Taking Hardenize Beyond High Tech

Red Sift is focused this year on getting existing customers to add Hardenize to their technology stack and will turn its attention next year to selling Hardenize to net new customers, Powar says. The company has already enabled a couple of sales reps to support Hardenize, and over the next few months it plans to take on the heavier lift of more broadly training its general sales organization to sell Hardenize, Powar says.

“Hardenize for the most part has built their business on the back of sophisticated customers looking for sophisticated solutions,” Powar says. “As a result, there hasn’t been a lot of focus on more general sales enablement for a larger organization.”

The company’s focus on web security monitoring is appealing to high-tech customers in the United States, who today comprise between 60% and 70% of Hardenize’s customer base. In contrast, Powar says, half of Red Sift’s customers are in the United Kingdom and are spread across a multitude of industries, including government, retail, telecommunications, law and healthcare.

As far as metrics are concerned, Powar says Red Sift wants to boost customer count and grow Hardenize product suite revenues by more than 100% on a year-over-year basis. The combination of Red Sift and Hardenize will make it easier for CISOs to address emerging challenges around digital asset inventory, according to Powar.

“We’re excited about being able to offer a best-in-class solution for this emerging threat landscape as we move forward,” Powar says. “We’re looking at redefining what external attack surface monitoring looks like as a result of this entire combined portfolio.”