Filigran and the future of open source cybersecurity

‘At the beginning, it was really about two guys that would like to solve a problem faced by cybersecurity practitioners,’ says Samuel Hassine, Co-founder and CEO of Filigran.

The problem? How to build open source tooling capable of handling all kinds of cybersecurity threats at a strategic level within an organisation, whatever your size and level, whether CISO or analyst.

Then Head of Cyber Threat Intelligence at the French Cybersecurity Agency (ANSSI), Samuel knew there were plenty of tools to help businesses detect and combat threats – but there were none to manage and properly handle your overall threat landscape. He saw the need for infrastructure that allowed for better understanding and more efficient sharing of security threat data.

In part, it was a personal challenge: to prove you could create a great open source cybersecurity platform. But it was also from a desire to democratise threat intelligence, bringing transparency and interoperability to an industry where it’s sorely needed. By allowing everyone to see and work with the source code, Filigran could foster a more robust ecosystem where each user helps improve the product and the strength of the network.

‘Five years ago, the threat intelligence field was still young with too few mature teams and organisations, and we thought we could really add to it by bringing something to the table that could help people to learn, share and raise the maturity level of the whole community,’ says Samuel.

Building in the open

Samuel brought his long-time friend Julien Richard (Co-founder and CTO of Filigran) onboard – and they started building. ‘We’ve known each other for more than 12 years,’ recalls Samuel. ‘We met while building another side project, and we just never stopped creating. So when I was thinking about creating new platforms for threat intelligence and adversary simulation, I knew we had to create this together.’

Together, they developed the two open source threat intelligence tools that would become Filigran: OpenCTI, designed to help cybersecurity teams organise, store and operationalise threat intelligence information at a technical and strategic level; and OpenEx (now OpenBAS), which uses the intelligence gathered in OpenCTI to simulate relevant and realistic attacks against and stress test the resilience of critical infrastructure.

This is what sets Filigran apart – what they call “eXtended Threat Management” (XTM). It takes a threat-driven approach to security, with a database of threat intelligence at the centre that can be leveraged to create new data-driven security tools. Customers can integrate various data sources – internal, external, feed providers, threat intelligence providers – into their platform, and create and consume public feeds. It promotes a robust, open-source network of threat intelligence, sharing data and best practices.

They both had full-time jobs – Samuel at ANSSI then Tanium, and Julien VP of Engineering at data and AI SaaS platform Yooi – so they worked on it in their spare time, moonlighting as open source cybersecurity pioneers over evenings, weekends, and long nights.

They needed that grit to build the early open source community around it. ‘The secret to building that kind of community is quite simple. You have to be there 24/7. If you let one person wait for six hours on an answer to a question when they’re trying to deploy or use your product, you will never build that community.’

But they loved it, and still do. ‘Even right now with 40 people and a company to run, we’re still working until late in the evening because we think it’s essential to be hands-on and committed in bringing game changing features, content or help to the table. It’s really part of who we are.’

And it shows. Launched in September 2022, in 18 months Filigran’s grown from two to 40 people and has more than 4,200 customers globally using their product, including Marriott, Hermès, Airbus, Novartis, the FBI, and the European Commission.

Open season

When Samuel and Julien first released OpenCTI and OpenBAS as open source products, the community exploded.

‘We didn’t expect this huge traction at the beginning as our products were not mature yet. We knew the community was pretty large, but we didn’t realise the willingness and scale of the community. We had a few big accounts that asked us desperately to create a company, because they need to put it into a product, they need insurance, they need SaaS – all that.’

It was a nice problem to have.

All startups look for early user data to nail product market fit – ‘Open-source is a way to shorten that path, but it was not the original intention,’ says Samuel. ‘People give you feedback, telling you about their problems on a daily basis on all channels.’

They leveraged the demand to launch enterprise versions of their products and expand their presence internationally. Filigran was born. ‘From day one, we knew we could make something important and that actually solves multiple challenges in our industry,’ says Samuel.

Human + machine

We at Moonfire thought so too.

Filigran first appeared on our radar in October 2022, soon after its founding. Our data-driven sourcing pipeline picked up the opportunity, matching Filigran with the parts of our thesis talking about the importance of open source and cybersecurity tools, and automatically bringing it to our attention. At the same time, Akshat heard about the founders through our network, adding a valuable human perspective.

But it wasn’t just this combination of machine intelligence and human insight that made it clear we needed to double down. It was the strength of Samuel and Julien as founders, their pace of execution, and the comprehensiveness of what they were building. This was a young, raw company – but one with outstanding performance.

Getting to know Samuel and Julien over Zoom, and eventually meeting them in Paris in March 2023, we were blown away. Fearless, immense grit, relentless energy, and just smart on all levels, these were two people absolutely passionate about what they were doing – and having fun doing it. Sam running and hustling, and Julien building, questioning and ensuring the robustness of their execution. A dreamer and a pragmatist.

They genuinely plan for every scenario and then quickly execute on the best path forward. It’s rare to have that kind of clarity of thought and speed of action when you’re scaling fast, building a vast community, and serving big enterprise customers. They think five years ahead but still have an intimate understanding of every aspect of the business.

From scepticism to partnership

But they were reluctant to raise. ‘We already had a three-year plan that was going as planned in terms of customers, products and revenue. Speeding up was definitely in our minds, but not right now,’ recalls Samuel.

They preferred bootstrapping, sceptical of investors who didn’t get it. Everyone we spoke to told us about the strength of the OpenCTI product, but also the limited scope of threat intelligence as a market. But Samuel and Julien envisioned a broader future from day one – and we shared it.

‘What really triggered something in our relationship was that Moonfire was the first VC to actually download OpenCTI, reading the source code and understanding the nature of our community. They even started to plan using it and asked a lot of questions! They were the first to really get the quality and the scope of what we are trying to achieve.’

Our portfolio includes open source ventures like Fleet and Lightdash, and Mike’s been deep in open source software and information security for much of his career. He started as a professional hacker, assessing secure protocols and cryptographic standards; created and open sourced the osquery project, now a foundational tool in the information security and monitoring industries; and built systems to detect and respond to anomalies and fraud at Facebook, Etsy, and Kolide. This background gave us a deep understanding of the business model and the objectives Filigran was pursuing. We recognised and saw the potential of their vision for a new era of open source security.

We could bring our expertise in open source and security to the table and build a real partnership with the team. We closed in April 2023.

From Seed to Series A

They didn’t need a big technical push. Samuel and Julien had all their attention on delivery, and being open source radically shortened the sales cycle and gave them global reach from day one. Anyone, wherever they are, can download OpenCTI and OpenBAS and start working with it immediately with all the features, and easily move it from job to job – a freemium model without constraints. This also allowed them to rapidly expand into other markets, securing a substantial user base in the US, EMEA, Australia, Africa, and South America from the outset.

So it was about building together; giving them the capital to expand faster and working with them to think a few steps ahead. We encouraged them to bundle their offering and build towards quality ARR, and helped them build their brand as a French security firm in the US market.

‘We thought, it’s a young fund, but we knew Mattias’s background and the connections the team had, and we were impressed by the way they were thinking about the venture process. They were the right partner to get us going in the right direction. We needed a firm that was well connected in the VC and tech world and could actually help us by giving advice on structuring the company,’ says Samuel.

‘They helped us make connections with some great angels for our seed round, helped with sales motions, reporting, advising on evolutions of the business model. They helped us reach a level where, at the end of the year, we were sending something like an investor update on a quarterly basis, and we started to get really great feedback from all of our investors. It was also just being able to consult them on anything – what’s your opinion about this and that?’ says Samuel.

With that initial round, the company funded a 10-month acceleration focused on engineering, customer success and commercial growth in Europe and North America, support for their on-prem customers, and development of their subscription-based, multi-cloud SaaS offering.

Securing the future

Having backed them from the start, we’re proud to be participating in Filigran’s €15m Series A, joining Accel and existing investor Motier Ventures in an open source future for cybersecurity.

This is a big and growing market. Cybersecurity is the fastest growing software category in the public markets. Security companies average 29% expected revenue growth in 2024, compared to 23% for data companies – with fintech and SaaS averaging ten percentage points fewer expected growth.

With Sam and Julien’s deep sector expertise and an impressive roster of government and enterprise customers already using Filigran, there’s a significant global opportunity ahead for the company.

They plan to use the Series A to open offices in the US and Australia, launch a new enterprise risk management tool to create an ecosystem of tools that all interact for more comprehensive threat management, and build up their data and AI capabilities – throughout the product suite and within the company. We can’t wait to help them in this next phase, supporting with our expertise in data and machine learning as they build out their AI infrastructure.

Given the amount of raw data in threat intelligence, this is an area ripe for AI. Users could query OpenCTI’s knowledge graph database in natural language to get insights quicker, and generative AI could enable OpenBAS to simulate scenarios for non-technical people – like writing malicious emails or testing media pressure simulations by writing articles. There’s also all the anonymised telemetry data from the more than 4,500 users of Filigran’s products to enhance the products with AI and data science.

And, while the focus now is on enterprise markets and the public sector, longer term they also want to expand the market, creating a more out-of-box product for smaller businesses who don’t have the time or technical expertise to deploy open source projects.

Congratulations to Samuel, Julien, and the team. This is a team that can’t help but think big, and we can’t wait to see what comes next.

– – –

If you’re an early-stage founder in the cybersecurity space, we’d love to hear from you.