IBM has announced that it's acquiring Randori, a Boston-based offensive security startup that combines attack surface management (ASM) with continuous automated red teaming (CART) to help organizations bolster their cyber defenses.

The financial terms of the deal were not disclosed, but Crunchbase data shows that Randori has a valuation in the range of $50 million to $100 million. The hacker-led startup has raised almost $30 million across two funding rounds, most recently a $20 million Series A investment led by Harmony Partners in April 2020.

ASM — the continuous discovery, inventory, classification and monitoring of a company's IT infrastructure — is becoming a must-have for organizations of all sizes. The number of potential exposure points in hybrid cloud operating environments is growing exponentially as a result of the pandemic-fueled shift to remote and hybrid working, with ESG data showing that 67% of organizations saw their external attack surface expand over the past two years due to the rising use of cloud, third-party services and Internet of Things (IoT) devices. This same data shows that 69% have been compromised via unknown, unmanaged or poorly managed internet-facing assets in the past year.

Randori, which was founded in 2018 by a former Carbon Black executive and a former red team consultant, aims to help organizations continuously identify external facing assets, both on-premise or in the cloud, that are visible to attackers. Randori Recon provides organizations with a continuous assessment of their attack surface from the attacker's perspective, while the startup's Attack platform gives security teams insights into “hacker logic” — such as understanding how they plan, target and execute attacks — by automating real-world attacks to identify where security programs break down.

“We started Randori to ensure every organization has access to the attacker’s perspective,” said Brian Hazzard, co-founder and CEO of Randori. “To stay ahead of today’s threats, you need to know what’s exposed and how attackers view your environment — that’s exactly what Randori provides."