Why we invested in Resonance Security: A path towards complete, community-driven cybersecurity on-chain

Cyberattacks in web3 continue to increase in volume and sophistication at an exponential scale, with protocols alone losing $3.9bn in 2022. There was a 314% increase in overall attacks from the first half of 2022 to the first half of 2023. In some industries, however, that growth was over 1,300%. These statistics highlight a dramatic surge in attack volume and sophistication. More and more projects are keen to extend their cybersecurity protection beyond what an audit offers, and are eager to implement other tools into their full spectrum cybersecurity strategy. But how do projects know how to insource the right expertise, which tools to choose, and how to avoid their cybersecurity posture becoming a collection of stand alone solutions without a holistic defense?

Unfortunately, many web3 companies today primarily rely on a few offensive security services in isolation. The reality is, that it is precisely web3 projects that are most at risk (because of their unique composable and open practices) by settling for a checkbox offensive audit and forgetting the rest.

Fabric believes that the increasing severity and sophistication of cyberattacks witnessed will push these organizations to utilize a broader range of tools and services AND in an ongoing manner rather than one-off audit. This is effectively a bet on a shift towards more holistic software-centric solutions as opposed to the dominant audit service-driven model today in web3.

In order to execute this strategy a team needs to focus on the development of a platform/concierge suite to improve the efficiency of individual offensive security services and tools, as well as unify much of the insights across offerings. To complement any go-to-market in the relatively immature cybersecurity space of web3, education and training will also be required right now.

Such an aggregation play rests fundamentally on data collection and analysis with great visualization on a dashboard. With this, the platform can drive notifications, monitoring and overall security scoring across a number of point tools. Resonance Security (“Resonance”), Fabric’s new investment, is first to market in web3 with exactly such a platform — unifying point tools across data leak detection, report parsing, vulnerability detection, auditing and other areas. Curating and connecting specialist partners from across the industry with proprietary tools and making cybersecurity more inclusive for the broader market. Resonance’s founder, Charles Dray, has all the credibilities for this initiative. While he was leading sales and business development at Halborn, as their first full-time hire, he built a portfolio of thousands of companies from cold outreach, and took the company from six figures to eight figures in revenue in less than 18 months. To build out the core Resonance team, Charles recruited three of the top engineers he could find that worked for web3 security companies like Halborn, but also previously covering large web2 companies such as Loreal, ING, Siemens, Nokia, Cisco, and more. The Resonance team worked to eliminate barriers they experienced in their previous roles to respectively build a seamless process and lead cybersecurity coverage teams for Solidity, Rust, Move, and Cadence including EVM, Cosmos, Near, Substrate, Solana, Flow, Aptos and Sui ecosystems. They also built strong practice areas covering traditional cybersecurity disciplines including penetration testing, phishing, red teaming, asset monitoring, cloud security, and more.

While Resonance deploys automation, driven by real time data and AI insights, to drive more inclusive and effective cybersecurity ,this does not mean Resonance’s tools and full platform is just for non-technical, non-developers: Resonance already has several highly technical users from the cybersecurity industry itself who use the tool to save time and effort because it consolidates multiple tools (e.g. scans that would have to be done separately) and saves them time dissecting and analyzing logs by having everything in one place. Think Splunk for web3 but across many more attack vectors vs Splunk’s reliance on mainly server logs of resources inside an on-premise information organization. More technically inclined users can even go past the Resonance dashboard to dive deep into findings across various attack vectors, how the findings arose, how to fix them, and how it impacts the rest of the architecture stack and its dependencies. They can importantly keep a record of it and have a report to share/market to the world at their disposal (if they want to). So this makes it more effortless for the techie user, and takes away a big headache of counting on layers of IT admins. For non techie users they can identify these issues and if they can’t address everything they have an easy way to share with external technical resources, or get help from Resonance’s support concierge of expert security engineers.

At Fabric, we are excited about themes that grow the web3 pie and making cybersecurity second nature for our portfolio companies and for the developer community at large which encourages more activity and funds on-chain. We also imagine a paradigm of collective cybersecurity / cyber insurance amongst the community where there are incentives for customers to achieve higher levels of security (higher security scores) and to create a friendly competitive environment where customers can see other project’s security scores (anonymously) in the platform as a comparison metric to encourage them improve their own security. This can lead to a community driven standardization metric of what “end to end” web3 security means and what end customers, you and I, should expect in safety and trustworthiness from projects whose products we use. What will be interesting is to see what security data / content ends up being community generated and shared (educational, tips, best practices, relative scores, references, best product recommendations). We encourage all our portfolio companies to explore what Resonance has to offer to help shape this community of cybersecurity.