By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

SpecterOps: Unleashing BloodHound to Control Identity Risk

Today we’re excited to announce our investment in SpecterOps, the cybersecurity company behind BloodHound, the widely used open source tool for discovering attack paths and identity risk in corporate directories and access management systems.

Identity is now the new “perimeter”, and BloodHound enables enterprises to detect and monitor millions of access pathways and identify an attacker’s most impactful routes to compromise an organization. Used by some of the largest organizations in the Fortune 100 today, BloodHound gives security teams the ability to manage and control their identity risk through the lens of an advanced adversary and to protect themselves with a modern graph-based defense.

SpecterOps was founded by David McGuire, Jason Frank, and a handful of elite researchers who have collectively produced over 90 successful open source projects in the cybersecurity community. We spoke with David about the unique success behind SpecterOps and BloodHound and the company’s vision for Identity Risk Management in our founder Q&A:

What is the founding story of SpecterOps?

Our founding story is unique - there were twelve of us that came together to start SpecterOps, and all of us grew up in the cybersecurity industry as “red teamers” or penetration testers. Our job was to try and break into networks and to think like attackers in order to help build and strengthen an organization’s IT defense. We started our careers when this type of practice was relatively unusual and only existed in the defense and intelligence community - in fact, many of us had built the first elite teams at the NSA, DOJ, and ultimately DHS’s national cybersecurity program. As red teaming gained prominence in the commercial world, we were ultimately recruited to build teams for the Fortune 100 and saw how challenging it was to defend corporate networks from sophisticated attackers. When our first consulting firm was ultimately acquired, we felt there was still much to do to have an impact on the industry and in the end an elite group of twelve of us left to start SpecterOps.

The first week of SpecterOps back in 2017

Why did you embrace open source in the cybersecurity community?

At SpecterOps, we felt that the best way to help companies was not just to audit them but to help them build the best offensive and defensive capabilities within their organizations. We also felt that pushing products on people through sales would not be a part of our founding ethos, and instead chose research, education, and open source software as a means to reach prospective customers. Our reputation in the industry made this possible - Black Hat approached us years ago to help train the cybersecurity community on the unique insights we had as attackers, and our company gained early prominence by continuing to publish the best research, white papers, and open source tools for modern adversary emulation. Today we have 94 successful open source tools, many of which have become ubiquitous in the cybersecurity industry including BloodHound. To our knowledge we are the largest publisher and contributor to open source in the cybersecurity community at large.

Why focus on Attack Paths and Identity Systems?

After decades of research on the mindset of an attacker, it became clear to all of us that identity systems are the easiest, most powerful, and most reliable way to get control of anything inside a corporate network. When you read about an attack of significance on the Internet such as ransomware, consumer data theft, and cyber espionage - all of these attacks start with a breach of identity. Once attackers gain access to a network, perhaps through a phishing email or by obtaining an employee's credentials, they can use attack paths to navigate the network and secure additional access to achieve their ultimate goal. Identity systems such as Active Directory are large and vulnerable targets - every company has multiple domains containing tens of thousands of attack paths that are constantly changing within any corporate environment. We knew this was the place where we could have the most impact and hence, we built BloodHound Enterprise to help enterprises monitor and defend their identity systems from the most sophisticated attacks.

What made BloodHound’s commercial offering unique?

We first released BloodHound open source in 2016 and it has become one of the most widely used tools for penetration testers and red teamers with >8,000 stars and >1,500 forks on Github and a very active community of >11,000 members in our Slack community. Our enterprise users found both offensive and defensive use cases for the tool - one early example came from one of our largest healthcare clients that had just acquired a company and wanted to understand how many ways the subsidiary’s network could be used to “breach” the parent network. The answer, using BloodHound, was immediate and startling: there were 661 unique points of interconnection, different attack paths, between these two organizations. We almost immediately received interest in a commercial offering that would monitor and deliver continuous insights and also make recommendations on how to cut down on attack paths in order to protect an organization’s crown jewels. We got a lot of additional customer feedback, hardened the product through internal development, and launched our paid offering in Q3 of 2021. The early results have been extremely positive and we closed our first 40 enterprise accounts without a dedicated sales team.

BloodHound Enterprise: Seeing attack paths make them easier to defend

What is your vision for Attack Path and Identity Risk Management?

The emergence of hybrid networks, cloud-based applications, SSO (single sign-on), and IAM (identity and access management) systems have made one thing clear to all of us - identities have become the connective tissue linking all of our computing resources and data. Defending against attacks on identity systems requires a new way of thinking: defenders usually think in “lists”, while attackers always think in “graphs”. BloodHound is the first to offer defenders a platform that operates with identity-based graph analysis and in doing so creates a new approach for identifying and eliminating the highest risks within an organization. We call this new approach Identity Risk Management (IRM), and we believe this will be a foundational pillar of every modern cybersecurity defense. Stay tuned for more from us on this platform shift - we are excited to make this vision a reality!