Cybersecurity is a hot investment area, and the French government has singled it out as a market critical for the nation's economy, defense, and sovereignty. It's also a vast and sprawling industry with new players competing fiercely to find an approach that will resonate with customers.
The co-founders of Filigran believe they have unlocked an approach that simplifies threat management and improves security. The startup is leveraging open-source tools developed by the founders and is riding the momentum they built as a free platform.
To help with that transition from side-project to startup, Filigran has raised a Seed Round of €5 million from some top-tier investors and a roster of Business Angels that includes some notable security industry insiders.
I spoke with Filigran co-founder Samuel Hassine to better understand the company's journey, mission, and potential.
"We need to be able to deliver the vision we have in mind," Hassine said. "It's a challenge for all companies, but especially for one based on open source."
What is Filigran?
Filigran is developing a suite of open-source "eXtended Threat Management" (XTM) products that are designed to help organizations understand the broad threat landscape, prepare for and detect incidents, test their infrastructure, and improve their cybersecurity strategies.
Hassine's background is in cyber threat intelligence and crisis management. His 15 years of experience includes almost 5 years at France's Agence nationale de la sécurité des systèmes d'information (ANSSI).
Richard has more than 20 years of experience managing product and engineering teams and research and development, including designing data and AI software. He was previously Director of Engineering at Axway, and more recently Vice-President of Engineering at YOOI where he led a team of 80 people.
The pair began working together developing the underlying open source technologies in their spare time. Hassine said they noticed that threat intelligence teams were tracking information about external threats using ad-hoc methods that relied on Excel and PDF documents.
"We were missing a platform able to really store all levels of this knowledge and having that in a comprehensive way that made it accessible and easy to use," he said. "We're really, really focused on the anticipation and how you can manage the whole threat knowledge."
Under The Hood
To address these issues, the pair began developing two open source tools:
● OpenCTI - This platform enables the processing and sharing of threat knowledge for cybersecurity teams. It helps them organize and store intelligence in a way that it can be leveraged quickly to drive technical and strategic decisions.
"The strategic aspect of the threat landscape means you are a company, you are in a given industry, you have a presence, for instance, in China, so are you targeted by cyber threats, like espionage?" Hassine said. "Are you targeted by cybercrime groups, and what are the campaigns and the tactics used by those groups? This is the main focus."
● OpenEx - This is a Threat Simulation Platform that uses those cybersecurity assessments to allow teams to stress-test their critical infrastructure.
Filigran takes all the other cybersecurity services a company uses and aggregates all the threat information into its knowledge platform that gives teams a full overview. Teams can also manually add information to augment that knowledge base.
"We have this holistic approach about having technical data," he said. "So when you get an alert, OpenCTI will allow you to get context about this alert."
From Open Source To Enterprise
As open-source communities developed around these tools, the founders were both excited and overwhelmed. Over two years, more than 3,000 organizations were interacting with the platforms. The includes users and contributors from New York City, Marriott, and the FBI.
"We decided to take a step after and look at how we can deliver faster, how we can build a real company around that and fulfill the expectations of our community," he said.
These are common questions on open-source projects. At some point, companies that integrate these tools want more reliable service and support, and clearer roadmaps of technical developments.
"Expectations became really, really huge," Hassine said. "And for major organizations, not having a company that is backing the project becomes a barrier to adoption."
Fortunately, there were plenty of roadmaps to follow for turning an open-source project into a company: Sell enterprise support, a SaaS offering, and an enterprise version with advanced features such as AI and automation workflows. The work advance far enough that Filigran officially launched as a company last fall.
The Full Scoop...
Subscribe to get the full co-founder video interview, the expanded investor list, the competitive outlook, and an overview of the roadmap to a Series A.