REBELLION DEFENCE: AUTOMATING PENETRATION TESTING FOR THE DEFENCE SECTOR
THE CHALLENGE
The defence sector and critical national infrastructure is vulnerable to threats, including state-sponsored threats such as ransomware and malware.
Rebellion Defence believes that relying on compliance checklists and sporadic Red Team tests (where a group plays the role of a bad actor to learn about vulnerabilities) isn’t good enough to counter sophisticated attacks.
The startup believes that human intelligence needs to be augmented and supported by automation and AI.
THE INNOVATION
Rebellion Defence’s SECURE product uses machine learning, predictive analysis, sensor data and AI-powered tools to scan networks continually for vulnerabilities and to identify what could happen in real life if a security gap were exploited.
Although it is possible for human teams to exploit a network as an adversary would for security purposes, organisations often find themselves paying for this repeatedly – and it still doesn’t happen regularly enough.
“We practise transparency by default. We believe that a global ecosystem of digital defence companies will be critical to national security.”
– Oliver Lewis, co-founder, Rebellion Defence
SECURE enables organisations to gain insights into their security posture and understand what’s happening throughout the network in near real time. Its analysis helps users prioritise remediation and make more informed decisions.
The technology has been developed using known hacker toolkits and adversarial-type attacks to test networks and track vulnerabilities. It’s interoperable, so it can connect with existing hardware and software.
The software is designed to be capable of maturing as adversaries do. Recognising the need for agility, Rebellion Defence draws on machine learning to find new ways of simulating compromising networks, systems and software at scale in ways humans would overlook.
Launched in 2019, the startup has raised over $73m in investment from a Seed round followed by a Series A round. The founding team includes Chris Lynch, who established Defence Digital Services within the US Department of Defense (DoD), Nicole Camarillo, who served as the chief strategist for US Army Cyber Command, and Oliver Lewis, who served as the deputy director of Government Digital Service. Rebellion Defence’s board of directors includes Eric Schmidt, former CEO of Google.
WHY NCSC FOR STARTUPS?
Rebellion Defence believes that software superiority will provide nation states with a national security advantage. But while SECURE has gained early traction in the US market, the startup is finding it challenging to connect with the UK’s defence sector.
As SECURE is at an early stage of the product development cycle, Rebellion Defence would benefit from guidance from the UK government on adapting it to suit British defence networks. It also wants to understand the accreditation that it would need to deploy its software in a national security scenario.
The startup believes in open collaboration and is keen to learn about how SECURE could complement existing products being used in the UK’s defence sector. It also wants to play a supportive role in the UK’s cyber innovation ecosystem by sharing its knowledge with the NCSC and cyber startups that want to scale.