Latest news with #KevinMandia
Forbes
04-08-2025
- Business
- Forbes
Cybersecurity Incident Response Needs A War Room, Not A Playbook
When Kevin Mandia got the call in 2020 that his cybersecurity company Mandiant (then a division of FireEye) had been breached, the details raised alarms immediately. 'It smelled like the SVR to me right out of the gates,' he said, referring to Russia's foreign intelligence service. 'They had a smart way of getting past our two-factor authentication and were targeting us in a way that showed professionalism.' Instead of grabbing everything they could, the intruders selectively searched and minimized what they took – a telltale sign of a cunning foreign intelligence operation. It was the start of what became SolarWinds cyberattack, which ultimately impacted over 18,000 organizations. But for Mandia, who has been responding to breaches since the 1990s, the real lesson wasn't just about attribution. It was about preparedness. Most companies, he said, respond to incidents with improvised command centers and ad hoc decision-making. In an era of escalating regulatory pressure and reputational risk, that's no longer enough. Cybersecurity incident response requires speed, structure and coordination across legal, technical, and executive teams, a structure that is more effectively built before a crisis, not during. Static Plans vs. Dynamic Cybersecurity Incident Response Andy Lunsford, CEO of cybersecurity incident response company BeachRx, saw the same shortcomings from a different vantage point. After years litigating privacy and commercial cases, he observed a troubling pattern: attackers often operate with more discipline and coordination than the organizations they target. 'You can defend 99,000 attacks,' he said. 'They just have to get in one time to take you down.' According to Lunsford, most companies still approach incident response reactively. 'They've got the people they want to call,' he said, 'but they don't necessarily have a systematic approach.' That lack of structure becomes a liability when companies must manage not just the breach itself but the fallout: regulatory disclosures, legal exposure, customer notifications, and board communication. 'The ramifications within the business, including regulators and auditors, can be a lot more complicated' than addressing the breach itself, Lunsford said. Real-World Cybersecurity Incident Response Beats Tabletop Exercises Traditional tabletop exercises don't cut it, according to both leaders. 'They're a thought exercise in a room,' said Lunsford. 'But that's not how you're going to execute the real incident. People are going to be scattered. Some won't be available.' Instead, he advocates for role-based training that mimics real-world complexity, where responses unfold over time, across functions, and under pressure. Mandia, who serves on the board of BreachRx and whose company is now part of Google Cloud, said one of the most overlooked failures is how few companies have clarified what kinds of incidents should be elevated to the CEO or board. 'You'd be shocked how often those answers are vague or inconsistent,' he said. Mandia didn't learn that his cybersecurity incident response team was responding to his own breach until four or five days in, because the internal bar for elevation had been set so high and the team was more focused on response than communication. A Dynamic Cybersecurity Incident Response Strategy Conventional breach response plans often consist of static documents stored in compliance binders. By contrast, BreachRx automates tailored action steps based on the nature and jurisdiction of the incident, coordinates communication across legal, risk, and executive leadership, and provides an out-of-band, privileged communication environment that would otherwise be discoverable in legal cases. This matters not just for operational efficiency, but for protecting the company – and its executives – from regulatory penalties and litigation. The approach prevents silos within technical teams and provides real-time communication with boards, security, risk, and legal counsel. With over 200 global regulations, tighter timelines, and increasing personal liability, cybersecurity incident response is now a governance issue and a strategic imperative. Cybersecurity Incident Response Is Now a Leadership Imperative The evolution from seeing breaches as rare 'black swan' events to treating them as inevitable business risks is long overdue. 'All companies have incidents happen all the time,' Lunsford said. 'It's just a normal part of operating a business in the modern era.' That makes it imperative for executives to get ahead of the crisis rather than wait until it unfolds. Mandia emphasized that when breaches happen, CEOs aren't just thinking about compliance. 'They're thinking, how do I maintain trust in my business? How do I get up and running?' The ability to respond quickly, with coordination and confidence, is what separates a stumble from a scandal. 'Many incidents have unique aspects to them and there's nothing wrong with a certain level of ad hoc decision-making to manage the uniqueness,' Mandia said. 'But anything that clarifies that process systematically and ensures consistency is critical. Every hour counts.' From Defense to Discipline There's a saying in the military: you don't rise to the occasion – you fall to your level of training. The same applies to cybersecurity incident response. In today's threat environment, the companies that succeed won't be the ones with the longest policies or the biggest budgets. They'll be the ones who rehearse regularly under realistic conditions, coordinate across departments, and treat cybersecurity not as a tech issue, but as a leadership discipline. Did you enjoy this story on cybersecurity incident response? Don't miss my next one: se the blue 'follow' button at the top of the article near my byline to follow my work, and check out my other columns here.
Business Wire
04-06-2025
- Business
- Business Wire
BreachRx Honored as a Top Rising in Cyber 2025 Company by Notable Capital
SAN FRANCISCO--(BUSINESS WIRE)-- BreachRx, provider of the first intelligent incident response management platform designed for the entire enterprise, announced today that it has been named to Rising in Cyber 2025 by Notable Capital. The independent list spotlights the 30 most promising companies solving the most urgent challenges facing today's security teams. 'We built our platform on the belief that incident response should be systematic, orchestrated, and intelligent, not the chaos companies experience today," said Andy Lunsford, CEO and co-founder at BreachRx. Unlike traditional rankings, Rising in Cyber 2025 honorees were selected through a multi-stage process grounded in real-world practitioner validation. Leading cybersecurity venture firms, including HSBC, Morgan Stanley, and Hitch submitted nominations, and nearly 150 Chief Information Security Officers (CISOs) and senior security executives from organizations such as Adobe, Chime, and Kaiser Permanente voted on the final list. BreachRx is part of a peer group that has collectively raised over $7.8 billion according to Pitchbook as of May 2025, and is defining the next era of cybersecurity across key areas like identity, application security, agentic AI, and security operations. In celebration, winners are being recognized today at the New York Stock Exchange. 'Earning a place on Notable Capital's Rising in Cyber list is a powerful endorsement from some of the most influential decision makers in cybersecurity,' said Andy Lunsford, CEO and co-founder at BreachRx. 'We built our platform on the belief that incident response should be systematic, orchestrated, and intelligent, not the chaos companies experience today. This recognition validates our mission to give organizations not just a playbook, but a true command center for navigating today's relentless threat landscape. We're proud to help organizations take control, move faster, collaborate better, and turn every incident into an opportunity for resilience.' The BreachRx platform is a secure, central workspace for every stakeholder across an organization to coordinate and streamline cybersecurity incident response management. It enables real-time, cross-functional collaboration by clearly defining roles, responsibilities, and timelines, ensuring every team member knows exactly what to do and when to do it. The platform reduces costs and increases efficiency by automating the creation of tailored playbooks for any type of incident and reports to track and measure response outcomes for Boards, auditors, and regulators. The Notable Capital led achievement follows a year in which BreachRx achieved more than 3x year-over-year annual recurring revenue (ARR) growth for the second consecutive year. Most recently in May, the company announced the closing of an oversubscribed $15 million Series A funding round, along with the appointment of Ballistic Ventures General Partner and former Mandiant CEO Kevin Mandia to the Board of Directors. BreachRx now serves more than 100 customers, including numerous publicly traded and Fortune 500 companies across financial services, technology, healthcare, and critical infrastructure markets. 'The demand for cybersecurity innovation has never been greater. As the underlying technologies evolve and agentic AI reshapes everything from threat detection to team workflows, we're witnessing a shift from reactive defense to proactive, intelligence-driven operations,' said Oren Yunger, Managing Partner at Notable Capital. 'What makes this list special is that it reflects real-world validation—honorees were chosen by CISOs who face these challenges every day. Congratulations to this year's Rising in Cyber companies for building the solutions that modern security leaders truly want and need.' For more information on BreachRx or to schedule a demo, please visit About BreachRx BreachRx is the first intelligent incident response platform that provides operational resilience for the entire enterprise. Its patented technology brings order to the chaos before, during, and after incidents by automatically generating tailored incident response plans and providing targeted guidance to relevant stakeholders through every step of the process. Integrated privileged communication channels and audit trails ensure compliance with rapidly evolving standards and proactively protect CISOs and executive leadership from personal liability. BreachRx is based in San Francisco and is backed by Ballistic Ventures and SYN Ventures. About Rising in Cyber Rising in Cyber is an annual list recognizing the most innovative startups in cybersecurity as determined by nearly 150 leading CISOs and cybersecurity executives. Nomination criteria included private, venture-backed companies with a primary product focus on cybersecurity and the U.S. as a primary market. For more information about the honorees, participating investors, and methodology, visit
Yahoo
20-05-2025
- Business
- Yahoo
BreachRx raises $15m to advance incident response platform
BreachRx, a provider of incident response platform for enterprises, has closed a $15m Series A funding round to enhance its incident response platform. The oversubscribed funding round was led by Ballistic Ventures. It also saw participation from Overline, SYN Ventures, and Silver Buckshot Ventures. BreachRx plans to use the proceeds for expanding its go-to-market and engineering teams. The BreachRx platform is designed to offer a secure, central workspace for stakeholders across an organisation to coordinate cybersecurity incident response management. It fosters real-time collaboration, clearly defines roles and responsibilities, and automates the creation of customised playbooks for various incidents. This streamlining of the incident response process is designed to reduce costs and increase efficiency for enterprises, BreachRx said. Currently, the company serves more than 100 clients, including publicly traded and Fortune 500 companies in sectors such as financial services, technology, healthcare, and critical infrastructure. The company's total funding has now surpassed $23m. BreachRx has also added new members to its leadership team. Ballistic Ventures General Partner and former Mandiant CEO Kevin Mandia joined the board of directors, while former New York Times lead cybersecurity reporter Nicole Perlroth took on the role of board observer. Mandia said: 'Every company should consider how to prepare for and manage through a cyber incident – and BreachRx empowers companies to both plan and execute through cyber events in a manner that promotes far more effectiveness and resilience.' BreachRx CEO and co-founder Andy Lunsford said: 'From founding the company that the Fortune 500 have on speed-dial when they have a breach to expertly leading his own company through one of the most high-profile breaches in history, Kevin knows better than anyone the importance of transparency, speed and precision in the response process. 'His experience and knowledge of how organisations should prepare for and operate cross-functionally in response to cyber events, coupled with Nicole's perspective from reporting on major cyberattacks, are invaluable as we execute our next phase of growth.' "BreachRx raises $15m to advance incident response platform" was originally created and published by Verdict, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Business Wire
19-05-2025
- Business
- Business Wire
BreachRx Closes $15M Series A Funding to End the Chaos of Cybersecurity Incident Response
SAN FRANCISCO--(BUSINESS WIRE)-- BreachRx, provider of the first intelligent incident response platform designed for the entire enterprise, today announced the closing of an oversubscribed $15 million Series A funding round led by Ballistic Ventures, with participation from SYN Ventures, Overline, and Silver Buckshot Ventures. The company also announced the appointments of Ballistic Ventures General Partner and former Mandiant CEO Kevin Mandia to the Board of Directors, and best-selling author and former New York Times lead cybersecurity reporter Nicole Perlroth as Board Observer. The investment brings the company's total funding raised to over $23 million. 'Every company should consider how to prepare for and manage through a cyber incident – and BreachRx empowers companies to both plan and execute through cyber events in a manner that promotes far more effectiveness and resilience,' said Kevin Mandia. The BreachRx platform is a secure, central workspace for every stakeholder across an organization to coordinate and streamline cybersecurity incident response management. It enables real-time, cross-functional collaboration by clearly defining roles, responsibilities, and timelines, ensuring every team member knows exactly what to do and when to do it. The platform reduces costs and increases efficiency by automating the creation of tailored playbooks for any type of incident and reports to track and measure response outcomes for Boards, auditors, and regulators. 'The most forward-thinking CISOs understand that cyberattacks and breaches are events that companies must manage with effective command and control,' said Kevin Mandia. 'Every company should consider how to prepare for and manage through a cyber incident – and BreachRx empowers companies to both plan and execute through cyber events in a manner that promotes far more effectiveness and resilience.' The oversubscribed round follows a year in which BreachRx achieved more than 3x year-over-year annual recurring revenue (ARR) growth for the second consecutive year. The company currently has more than 100 customers, including numerous publicly traded and Fortune 500 companies in the financial services, technology, healthcare, and critical infrastructure markets. It plans to use the new funding to scale its go-to-market and engineering teams to accelerate adoption and innovation. 'From founding the company that the Fortune 500 have on speed-dial when they have a breach to expertly leading his own company through one of the most high-profile breaches in history, Kevin knows better than anyone the importance of transparency, speed and precision in the response process,' said Andy Lunsford, CEO and co-founder at BreachRx. 'His experience and knowledge of how organizations should prepare for and operate cross-functionally in response to cyber events, coupled with Nicole's perspective from reporting on major cyberattacks, are invaluable as we execute our next phase of growth.' 'I can tell you firsthand: breached organizations aren't judged by how well they managed their security defenses — they're judged by their customers on how they managed the communications around their security incident," said Nicole Perlroth. "BreachRx is the first incident response platform built for the messy, high-stakes reality of cyber incidents today. It delivers clarity, cross-functional coordination, privileged communication channels and audit trails. With dynamic playbooks and streamlined tasking, BreachRx enables teams to focus on the real threat — advancing adversaries — instead of scrambling over internal liability and confusion. It's a privilege to work with the BreachRx team.' For more insight on what this funding means for BreachRx and the industry, please read the blog post by the BreachRx co-founders, Andy Lunsford and Matt Hartley. For more information on BreachRx or to schedule a demo, please visit About BreachRx BreachRx is the first intelligent incident response platform that provides operational resilience for the entire enterprise. Its patented technology brings order to the chaos before, during, and after incidents by automatically generating tailored incident response plans and providing targeted guidance to relevant stakeholders through every step of the process. Integrated privileged communication channels and audit trails ensure compliance with rapidly evolving standards and proactively protect CISOs and executive leadership from personal liability. BreachRx is based in San Francisco and is backed by Ballistic Ventures and SYN Ventures.
Axios
13-05-2025
- Business
- Axios
Mandiant founder warns of AI-powered cyberattacks
Kevin Mandia, one of the most prolific cyber entrepreneurs and investors, predicts the world is only a year away from an AI-agent-enabled cyberattack. Why it matters: Mandia warned that chances are the world won't even know an AI tool was the perpetrator. "Everybody's going to look at that, wonder how that got done, and it's probably AI behind it," he told Axios on the sidelines of the RSA Conference last month. The big picture: AI doomsday scenarios have haunted cyber pros for decades, but the introduction of generative AI hypercharged their fears. Some have predicted we'll see autonomous cyber weapons that can evade security tools in the wild by 2027. Others predict that one day the robots will be fighting robots. Catch up quick: Mandia founded famed cybersecurity incident response company Mandiant in the early 2000s. Although he stepped down as CEO last year, his company has been at the frontlines of major nation-state attacks and cybercriminal investigations. Mandia is also now a founder and general partner at Ballistic Ventures. Zoom in: The type of attack Mandia is predicting will likely come from the cybercriminal side of the world, rather than nation-states, he said. Mandia added that the first iteration of any new attack style is typically "a bit sloppy" and that foreign adversaries like China are more likely to take their time before rushing to follow suit. "There is enough R&D happening right now on how to use AI [at legitimate organizations] that the criminal element is doing that R&D as well," he said. Yes, but: Models from OpenAI, Anthropic and other popular AI companies aren't likely to be involved in the attack that Mandia is predicting. Those models are "pretty darn good" at blocking such blatant violations of their safety parameters. "It's going to come from some model that's somewhere out there that's less controlled," he said. Reality check: Chester Wisniewski, global field CISO at Sophos, told Axios that cybercriminals may already have the capabilities — but many of them don't have a real incentive to tap into them yet. "Fortunately today, cybercriminals are really lazy, and because we keep leaving our wallets open with large sums of cash in them, they're happy to just steal the money and move on and not do anything fancy," Wisniewski said. Flashback: Mandia pointed to a 2001 case where the FBI arrested two Russian hackers who had programmed scripts to automate eBay purchases using stolen credit cards. "If they would automate all these eBay selling motions" in the early 2000s, he said, "trust me, there's already an AI agent doing this." What to watch: Cyber defenders have been bullish on the promise of AI to help them better protect their networks and datasets.
