IT and security teams hope that their security controls will protect them but in practice they may conflict with each other, they could be misconfigured or configurations might not have been updated.

Organisations need a way to know how prepared they really are rather than find out the hard way.
Penetration testing tends to be expensive and requires companies to have certain in-house skills – which means many SMEs aren’t able to put their preparations to the test.


Validato is a Software as a Service (SaaS) solution that simulates offensive attacks. It provides unbiased, real-time data that can validate the effectiveness of security controls against a wide range of threats. It can be used by SMEs and large enterprises alike.

In fact, a big part of the startup’s mission is being able to give SMEs the same testing capabilities as a large organisation. Part of what makes its solution more affordable is the licencing model it uses, which charges clients based on their size. And instead of carrying out complex, people-dependent and expensive red team exercises, it’s developed a common MITRE ATT&CK framework that can analyse a threat scenario.


Having spent two years developing its product, Validato is currently in stealth mode and has been quietly running pilots. It joined NCSC For Startups to get technical feedback on its product and roadmap from the NCSC. It’s particularly interested in advice on building attack simulations based on observed offensive attack methods and Tactics, Techniques and Procedures (TTPs).

The startup is also seeking funding and support with its messaging before it begins marketing activity. As it prepares for growth, Validato is open to making new connections and learning from fellow members, Plexal’s innovation team, programme partners and the NCSC alike.

“It’s actually extremely challenging to set up globally successful British technology company. We have big ambitions but we’ll be completely driven by respected external parties, whether that’s paying customers or advisers like the NCSC. Their feedback will contribute to our vision of what we think should be in the next evolutions of the product.”

– Andrew Brown, CTO, Validato