Expert-driven offensive security platform startup Sprocket Security Inc. today announced that it has raised $8 million in new funding to accelerate platform developments and expand sales and marketing initiatives.

Founded in 2017, Sprocket Security offers continuous penetration testing services that detect changes in an organization’s network, with human-driven testing to identify security risks. The company’s services include attack surface management and red and purple team exercises.

At its core, Sprocket enables security teams to validate their security posture continuously, understand their most complex risks and mitigate threat exposure with support from an expert team. Security teams use the service to monitor attack surfaces with advanced change detection. Upon changes being detected, testers and systems perform security testing and security teams are alerted and assisted in remediation efforts through the Sprocket Platform.

Sprocket’s continuous penetration testing also includes the ability to engage with testers using chat and status management. Users can generate report requests with a click of a button and monitor continuous testing activity across their attack surface.

Tracking includes the ability to monitor exposed hosts and services across a perimeter, revealing gaps in defenses that could be targeted by attackers. Users can audit their domains, subdomains and DNS infrastructure to reveal misconfigured or stale records that could make an organization vulnerable to common attacks like subdomain takeovers.

The company also offers attack narratives, allowing users to browse attack paths expert testers are taking and any resulting findings, allowing them to identify patterns in perimeter weaknesses. Users can validate their posture against real-world threat actors using expert testers targeting their organization with modern tactics, techniques and procedures.

Sprocket says its platform differs from existing automatic solutions through a hybrid approach. “We believe in the hybrid approach of human-driven testing supported by automation… it’s the only way to ensure comprehensive and up-to-date testing,” founder and Chief Executive Casey Cammilleri said. “This continuous approach is being increasingly understood and appreciated by our customers who have witnessed that fully automated solutions can’t fulfill all their pentesting needs.”

The Series A was led by Blueprint Equity LLC, with Capital Midwest Fund also participating. Blueprint Equity’s Vice President John Bonhard is joining Sprocket’s board. “Within an ever-changing cybersecurity landscape, the only constant is the presence of threat actors,” Bonhard said. “Constant vigilance, or penetration testing, is critical in understanding how and the extent to which vulnerabilities can be exploited by sophisticated hacker techniques.”

Photo: Sprocket Security