Cloud Security , Security Operations
Immersive Labs Raises $66M to Aid Cyber Workforce Resilience
Series C+ Funding to Help Firm Provide More Visibility Into Azure, Google CloudImmersive Labs completed a funding round just weeks after laying off 10% of its workforce to cover more developer languages and safeguard Azure and Google Cloud.
See Also: Webinar | Securing Cloud Architectures: Implementing Zero Standing Privileges
The Bristol, U.K.-based cyber workforce resilience vendor says the Ten Eleven Ventures-led funding will help Immersive Labs expand its coverage from frontline cybersecurity staff to development teams, C-level executives and governance, risk and compliance staff. The Series C+ round will help Immersive Labs assess how well nontechnical users respond to potential security issues, says CEO James Hadley (see: July Patch Tuesday Fixes 1 Zero-Day, 84 Flaws).
"We wanted to take advantage of the opportunity that's in front of us in terms of creating a new category," Hadley tells Information Security Media Group.
Mastering Microsoft and Google
Immersive Labs today can assess a customer's ability to identify, respond to and mitigate threats in the Amazon Web Services cloud, and Hadley plans to extend that capability to Microsoft Azure and Google Cloud. This means Immersive Labs will need to design client infrastructure from the ground up that addresses issues around security configuration, risks or threats in the other public cloud platforms.
Large enterprises typically use multiple public cloud providers, and moving into Azure and Google Cloud will ensure Immersive Labs can address the needs of the entire security team. From a programming language perspective, Hadley says Immersive Labs has up until now focused on languages used in large enterprises, such as Java and C#, but going forward wants to do more in the API and mobile security spaces.
From an API perspective, Hadley says customers want to spin up dynamic software environments and build apps on the fly, and they need help with validating, proving, fixing and remediating vulnerable code. Hadley also plans to invest in applications and languages that will help secure code in a mobile environment.
As far as personae are concerned, Immersive Labs wants to do more from a GRC perspective so that customers can assess how well their workforce understands regulatory and compliance requirements. And from a nontechnical perspective, Immersive Labs plans to conduct tests to see how users respond to scenarios such as learning from a journalist that corporate information is now on the dark web.
From Pink Slips to Big Checks
The funding round comes just six weeks after Immersive Labs disclosed it was laying off 10% of its global workforce, or 38 people. The job cuts represented a retrenchment from ill-fated expansion efforts into countries with cyber regulations that aren't as mature as those in the United States or United Kingdom, as well as an aborted push to go downmarket from the Global 2000 and serve small and midsized businesses.
Going forward, Hadley says Immersive Labs plans to focus on customers and regions with proven demand for the company's technology, as well as core capabilities such as application security, cloud security, GRC, crisis simulation and tabletop exercises. Despite the layoffs, Immersive Labs has more than 40 open roles today, including 15 in its North American headquarters in Boston.
"It's really doubling down on what we know works and identifying those parts of the product," Hadley says.
From a metrics perspective, Hadley says Immersive Labs focuses on year-over-year growth and customer retention and tracks figures such as customer net promoter score and the volume and speed of content being released. The company's goal is to create exercises around new vulnerabilities or threats within 24 hours of their disclosure.
"If you're growing and keeping customers, then you know you're doing something right," Hadley says.