Randori, a Boston-based startup from a former Carbon Black executive and a former red team consultant, announced its first product today. Called Randori Recon, this service is designed to act with a hacker’s mindset to surface all of your company’s external weaknesses.
Brian Hazzard, co-founder and CEO, says he had worked with his co-founder David Wolpoff when he was running a red team consulting firm. The idea behind a red team is to act as an attacker and find a company’s weaknesses. The two decided to put Wolpoff’s lucrative consulting firm out of business and develop a tool to put this kind of service in reach of any company.
“The idea is to break out of that defender’s mindset, to stop guessing at what you need to do on the defense side, but rather to inform our strategies and the way we defend our networks from the attacker’s perspective,” Hazzard explained.
Based on just a company email address, Recon begins to build a picture of all the publicly available information about that company, and from that they can find weaknesses and vulnerabilities that a hacker would typically exploit to get inside a company’s defenses.
Wolpoff says that it’s not useful or desirable for a red team to have any knowledge of the target company’s security defenses. He wants to go in there with what he calls “a black box” and discover everything he can find on his own. “We start with basic information, and then we’ll go discover everything that’s discoverable from that and then from each of those individual nuggets that we glean, we chase every thread that we can chase from those,” he said. They then continually monitor this information, so that if anything changes, they can find new vulnerabilities that could pop up over time.
While the company is starting with external vulnerabilities, the plan is to build out the service to provide internal scans, as well. “As we progress the product, we will be able to do internal reconnaissance inside of an organization as well, but for the Recon product we’re really focusing on an outside-in black box discovery of the publicly visible surface area of an organization,” Wolpoff said.
Wolpoff says the service agency he ran was lucrative, but the sales cycles were long, and because of the cost, it was really only within reach of relatively few organizations that were willing to pay for that kind of service. Over dinner in 2017, Hazzard and Wolpoff hatched the idea of developing his knowledge and expertise and packaging it as an online service.
They started developing the product and opened the company last year. They announced a $9.75 million seed round last October.