runZero: Finding What’s Hiding in Your Networks and Clouds

We’re excited to announce our new investment in runZero, a rapidly growing network and asset discovery company which enables organizations of any size to find all of their networked devices in both cloud and physical environments. runZero is fast, easy to use, and creates an accurate view of what is known and unknown in any company without requiring credentials, agents, or access to SPAN ports. We were struck by how simple it was for users to build a comprehensive view of their local  and cloud assets–one of the most important initiatives for protecting and managing a dynamically changing workforce and computing environment.

runZero was founded by serial entrepreneur HD Moore, a renowned security researcher who previously started the open-source project Metasploit, the most widely used platform for penetration testing and exploit development today. In 2009, Metasploit was acquired by Rapid7 where he built out the Metasploit Pro product line, opened the Austin office of Rapid7, and served as the company’s Chief Research Officer. During his tenure there, he met Chris Kirsch, now his co-founder and runZero's Chief Revenue Officer. We are excited to share our Q&A with the founders here:

HD, you’ve been recognized as a prolific researcher and have been finding vulnerabilities since high school. When did you first discover you had this kind of talent?

HD: I fell in love with computers in elementary school. I used to sneak into the computer lab before school started and teach myself how to code on the Apple IIe systems. By high school, most of my friends were on IRC and I had developed a reputation for building security tools and finding vulnerabilities.

You started Metasploit almost 18 years ago and it became one of the most widely used open-source security tools since. What was the inspiration behind Metasploit?

HD: Exploits started to become commercially important in the early 2000s. This had two effects; first that the community stopped sharing quite as much, and second that the software industry rallied to make publishing exploits and vulnerability research as difficult as possible. Metasploit was my response to that; I needed high-quality exploits to use at work and the industry push-back only motivated me to do more, faster, to ensure that exploits were regarded as legitimate security tools. Open-source was the best way to collaborate with the wider security community and make sure folks could trust our exploit code.

You and Chris, your co-founder, met at Rapid7 after the acquisition of Metasploit. What did you guys learn about commercializing an open-source project?

Chris: It was clear from the beginning that Metasploit was a movement, and HD had done an amazing job of putting the community first. Our users were nervous that Rapid7 would close-source the product. We were fortunate that Rapid7 was committed to an open core strategy with a lot of community involvement. During the four years we worked together, we grew contributors by 20x and cost-effectively scaled revenue 50x through a freemium model.

What was the inspiration for starting runZero? Why is the product unique?

HD: A recurring challenge with security assessments and security product development is identifying what to test in the first place. The most vulnerable assets tend to be the ones that you don’t know about or can’t see. When you are defending an organization, you are almost always relying on out-of-date information. Most of the tools used for asset discovery are based on protocols that are decades old and rely on enterprise-wide implementation. Some of these tools actually hand attackers credentials as part of how they work. These approaches are out of date and we wanted to create a modern solution that is easy to use and simple to deploy so everyone can see what is on the network in real-time. To do this, we had to rethink the entire discovery stack from scratch to make it scalable, fast, and accurate.

runZero was bootstrapped and got purchase orders from over 100 customers with no sales reps. What are the ingredients of great product-led growth for the company?

Chris: I have to give HD a lot of credit - from the beginning he was focused on how to make trying and using runZero simple and frictionless for the end user. Similarly to Metasploit, our go-to-market model is driven by free tiers and self-driven trials. Most people we talk to have already deployed runZero before we even start a sales conversation. We haven’t had to do any sales outbounding so far, and have customers around the globe, from small family-owned businesses to a Fortune 5 company. The way people use runZero changes a little depending on their size, but the product scales both up and down very well. For example, larger companies will feed the data into Splunk and ServiceNow, while smaller ones work directly within the console. We have scale to more than 100 customers without hiring a single sales rep or spending any money on marketing. We are focusing on widespread adoption and user success and will continue to invest most of our energy in having the best product in this space.

What’s your long-term vision for the company?

HD: Our world is getting more connected through cloud services, and we’re adding more networked devices to our homes, offices, stores, factories than ever before. Knowing what you are connected to, and what is connecting to you, is the single most important question for every IT and security organization large or small. We want to be the best at answering these questions, no matter who or where you are in the world. This problem will never grow old and will only get harder as things become more complex – we’re excited to share more from runZero soon.

‍