International Business Machines Corp. today announced that it plans to acquire offensive cybersecurity startup Randori Inc. for an undisclosed price.

Founded in 2018, Randori offers an attack platform with a continuous and automated red-team experience that can use to assess real-world security. The company helps clients continuously identify external facing assets, both on-premises and in the cloud, that are visible to attackers – and prioritize exposures that pose the most significant risk.

Offensive security and a red-team experience involve security professionals who are experts in attacking systems and breaking into defenses. As a self-described “hacker-led” company, Randori delivers that service by delivering an authentic attack experience at large scale. The point of simulating attacks is to help security teams zero in on previously unknown exposure points.

Randori’s unique attack surface management solution is said to take into account the logic of an adversary based on real-world attacks. It prioritizes based on the level of risk as well as the attractiveness of an asset to potential attackers using its proprietary scoring system.

The service is surprisingly easy to use. By entering a domain, Randori’s service begins mapping a customer’s attack surface, helping to identify shadow information technoogy risks and potential entry points for ransomware.

Notable Randori customers include Meijer Inc., Greenhill Inc, FirstBank Holding Co., NOV Inc. and Lionbridge Technologies LLC.

IBM plans to integrate Randori’s attack surface management software with the extended detection and response capabilities of IBM Security QRadar. By feeding insights from Randori into QRadar XDR, security teams will be able to leverage real-time attack surface visibility for intelligent alert triage, threat hunting and incident response.

Additionally, Randori’s offensive security service will be used to complement X-Force Red’s elite hacker lead offensive security services while further enriching QRadar XDR detection and response capabilities.

“Our clients today are faced with managing a complex technology landscape of accelerating cyberattacks targeted at applications running across a variety of hybrid cloud environments – from public clouds, private clouds and on-premises,” Mary O’Brien, general manager of IBM Security, said in a statement. “In this environment, it is essential for organizations to arm themselves with attacker’s perspective in order to help find their most critical blind spots and focus their efforts on areas that will minimize business disruption and damages to revenue and reputation.”

Coming into its acquisition, Randori had raised $29.8 million, according to Crunchbase. Investors include Accomplice, .406 Ventures, Harmony Partners and Legion Capital. The deal is expected to close in the next few months, subject to customary closing conditions.

Image: Randori