Crowdsourced white hat hacker platform Bugcrowd acquires Informer to strengthen its security capabilities

After raising $102 million earlier this year, Bugcrowd is following through on its promise to use some of that funding to make acquisitions to strengthen its security capabilities. The company, which brings together the skills of more than half a million hackers to find and fix security and other operational flaws in enterprise networks and applications, has acquired Informer, a specialist in assessment and maintenance of attack surface management (ASM).

ASM, which is an essential aspect of how security technologies operate today, involves the use of various techniques to continuously monitor potential attack vectors in an organization’s IT environment.

Terms of the agreement are not disclosed. But Informer was completely bootstrapped, therefore profitable. This is also Bugcrowd’s first-ever acquisition.

Informer is based in the UK and it appears that’s where its customers are located as well. These include Brandwatch and (ironically, given that it never raised any money) venture capital firm InMotion.

The deal will see Bugcrowd bring in Informer’s technology, customers and entire staff, including CEO and founder Marios Kyriacou, who himself started as a white hat hacker long ago and will become the product manager of Bugcrowd.

Bugcrowd said its goal in buying the company was to have more of the technology it regularly uses as part of its own stack.

“It was a no-brainer to integrate external attack surface management directly into the Bugcrowd portfolio,” CEO Dave Gerry – pictured above right – said in an interview.

“So far, we’ve brought in various partners for ASM technology, and then we’ve also come up with what we call ‘attack reconnaissance,’ which is basically allowing hackers to exploit ASM to then being able to say, “Hey, this is how I would do it.” Come up.’ For us, this was an important piece of technology that we wanted to have on the platform. Because one of the things we hear from customers all the time is that they still don’t understand their perimeter walls. Even in 2024.”

Indeed, ASM is currently a very hot area in the security world. In a nutshell, the migration of many services, architectures and data to the cloud, along with the explosion of remote work, has allowed organizations much more flexibility. But it also created a minefield for security operations teams.

Many IT professionals, and even security teams, do not have a complete picture of which business assets are in active use or inactive, and more services, employees, devices, and data are added over time , the more difficult the lack of visibility becomes. . Not having a complete picture of the problem usually means that companies can’t secure everything either. (And that could mean, inadvertently, that companies end up creating vulnerabilities related to how services, data, and assets overlap.)

A number of startups have raised large rounds of funding and invested in significant R&D budgets to help solve this problem. Previously, Bugcrowd could have said it was partnering with the best partners for this technology, but having an in-house team will now allow it to develop its own products (and have higher margins) in this area.

Bugcrowd is backed by General Catalyst and has raised $180 million to date. It doesn’t disclose its valuation, but for reference, one of its closest competitors, HackerOne, was valued at over $800 million in 2022.

As we see a number of security startups that once commanded huge valuations being cut down to size by investors and the market – those valuations were often too high and based on sales projections that didn’t pan out. simply not materialized – Bugcrowd is positioning itself as a potential consolidator.

This deal, Gerry said, marks the start of “what we hope will be a rapid succession of opportunities for us.” He and founder/CTO Casey Ellis say they’re approached “all the time” by companies hoping to sell before having to close their doors.