Cybersecurity solutions and services provider Specter Ops Inc. today announced that it has raised $25 million in new funding to accelerate the adoption of its BloodHound Enterprise product and expand research and development initiatives.

SpectorOps, as it prefers to be called, was founded in 2017 with the belief that “only with true knowledge of how adversaries operate will organizations be able to defend themselves against the devastating effects of modern attacks.” It offers products, services and training solutions to assist in protecting against advanced attacks.

The company’s first product was BloodHound, free and open-source software that has become popular among penetration testers and cybersecurity “red teamers” to identify attack paths within on-premises Active Directory cloud environments. SpecterOps launched BloodHound Enterprise in 2021, a paid version with extensive support.

BloodHound Enterprise continuously maps and quantifies identity attack paths in Active Directory and Azure — Azure Active Directory and Azure Resource Manager — and can automatically remove attack paths within existing architecture. It can eliminate the attacker’s easiest, most reliable and most attractive targets, the company says.

“Our approach with BloodHound Enterprise is unique because rather than focusing on controlling access, we treat the identity ecosystem as a networked graph, mapping attack paths continuously in the same manner that bad actors test the soft spots of a corporate ecosystem,” said Chief Executive David McGuire.

BloodHound Enterprise is said to have experienced rapid growth through 2022, with SpecterOps seeing customer acquisition growing by 600%. Notable customers include Capital Group Companies Inc., the University of Texas at Austin and Woodside Energy Ltd.

Along with the new funding being used to drive the adoption of BloodHound Enterprise, SpecterOps is also using some of the new funding to expand its services and training solutions. SpecterOps employees have made over 400 security community contributions, created 93 open-source security tools, trained more than 6,900 students in their adversary-focused training courses and helped more than 185 customers with adversary simulation and detection assessments.

Decibel Partners led the funding round, with Kevin Mandia, founder and CEO and Mandiant, and Jon Oberheide and Dug Song, co-founders of Duo Security Inc., also investing.

In an interview with lead investor Decibel, McGuire spelled out the company’s vision for attack path and identity risk management, saying that “one thing clear to all of us — identities have become the connective tissue linking all of our computing resources and data.”

“Defending against attacks on identity systems requires a new way of thinking: defenders usually think in ‘lists,’ while attackers always think in ‘graphs,'” McGuire said. “BloodHound is the first to offer defenders a platform that operates with identity-based graph analysis and, in doing so, creates a new approach for identifying and eliminating the highest risks within an organization.”

Image: SpecterOps