BlueVoyant

It's 3 a.m. somewhere, which means it's the middle of the workday at a BlueVoyant security operations center. An analyst in Manila flags an odd login. A colleague in London cross-references it against a credential dump that surfaced on a cybercrime forum hours earlier. By the time the client's staff pour their first coffee, the threat is already contained. This is the quiet business BlueVoyant is in: stopping the breach that never makes the news.

01 - WHO THEY ARE NOWThe watchers

A cyber defense company built for a world where the perimeter disappeared.

BlueVoyant is a cybersecurity company headquartered at 335 Madison Avenue in New York, with roughly 650 employees and a network of security operations centers that hand off work as the sun moves - New York to London to Tel Aviv to Manila to Melbourne. It calls itself a "cyber defense" company rather than a security vendor, and the distinction matters. Vendors sell tools. BlueVoyant sells outcomes: someone is watching, someone will respond, and the response will be fast.

The company defends clients on two fronts at once - inside their network, where attackers move once they're in, and outside it, where attacks are planned, brands are impersonated, and supplier weaknesses become someone else's problem. Most firms pick one. BlueVoyant decided the split was artificial, because attackers never respected it in the first place.

"BlueVoyant defends clients both inside and outside their network, combining a cloud-native platform with a 24x7 global security operations team."- BlueVoyant company description

02 - THE PROBLEM THEY SAWThe breach nobody owns

Security got expensive. It did not get simpler.

Here is the awkward truth the industry rarely says out loud: most organizations already own excellent security tools. They have Microsoft Defender, Sentinel, Splunk, an endpoint agent or three. What they lack is the people to run them at 3 a.m., the intelligence to know which alert actually matters, and any visibility at all into the dozens of vendors whose systems touch their data.

That last gap is the dangerous one. A company can harden every server it owns and still be undone by a supplier with a forgotten, unpatched server. The breach arrives through a door the victim didn't know existed and technically doesn't own. It's an elegant problem, in the way that all expensive problems are elegant.

"Your weakest link isn't your firewall. It's your supplier's - and until recently, almost nobody was watching it."- The third-party risk problem, in one sentence

03 - THE FOUNDERS' BETTwo finance veterans, one wager

That elite cyber defense could be delivered as a service - to anyone, not just nation-states.

BlueVoyant was founded in 2017 by James Rosenthal, a former Chief Operating Officer of Morgan Stanley, and Thomas Glocer, the former CEO of Thomson Reuters. Neither came from a hoodie-and-energy-drinks hacking background. They came from the boardrooms that get the 6 a.m. call when something has gone badly wrong, and they had watched the cost of that call climb every year.

The company began life under the decidedly less elegant name "BlueteamGlobal," and was assembled by merging three cybersecurity businesses - BitVoyant, K2 Cyber Defense, and K2G - into one platform. The bet was straightforward: combine real technology with real human expertise, then sell the combination as an ongoing service. Software alone misses context. Humans alone don't scale. The answer was both, on purpose.

"We combine clients' existing security products with our advanced technology and human-led expertise to determine the entire arc of an attack."- BlueVoyant on its MDR approach

04 - THE PRODUCTOne platform, three blind spots covered

Detection and response, digital risk, and the supply chain - stitched together.

BlueVoyant's platform is best understood as three answers to three questions. Who's already inside? Who's coming for us next? And which of our partners is about to let them in?

MDR & MXDR

24x7 managed detection and response built on the security stack a client already owns - with deep specialization in Microsoft Defender, Sentinel, and Splunk.

Digital Risk Protection

Continuous open-source and dark web monitoring, phishing detection, and brand impersonation defense across the clear, deep, and dark web.

Supply Chain Defense

Finds and drives remediation of critical vulnerabilities across a client's third-party vendor ecosystem - including zero-days.

DFIR & Services

Expert-led digital forensics, incident response, and attack remediation when prevention runs out of road.

What ties it together is data most companies can't get on their own: global DNS data sets, instant-messaging channels, breach data, and access to exclusive cybercrime forums. BlueVoyant doesn't just read the threat report - in many cases it's standing in the room where the threat is being discussed.

Fig. A - Four products, one stubborn idea: an attacker doesn't care which department owns the gap.

The short, fast history

FROM "BLUETEAMGLOBAL" TO A BILLION-DOLLAR DEFENSE PLATFORM

2017

Founded & rebrandedThree security businesses merge; BlueteamGlobal becomes BlueVoyant. Series A: ~$125M.

2018

Global build-out beginsOffices and SOC capacity expand beyond New York, including College Park, Maryland.

2019

Series B~$82.5M raised; operations extend to the Philippines and a true follow-the-sun model.

2022

Unicorn$250M Series D values the company at over $1 billion.

2023

Series E + acquisition$140M+ raised; acquires Conquest Cyber to deepen its defense capabilities.

2025

Microsoft milestonesLaunches COMS for Microsoft Security; wins Security Trailblazer at the Microsoft Security Excellence Awards.

05 - THE PROOFReceipts, not adjectives

Awards are nice. Being Microsoft's design partner is better.

Skeptics are right to be skeptical of cybersecurity marketing, which tends to confuse buzzwords with evidence. So here is the evidence. BlueVoyant was named Microsoft's Worldwide Security Partner of the Year - a title Microsoft does not hand out for enthusiasm. It was selected as a design partner for Microsoft's MXDR portfolio, meaning Microsoft helped shape the product with BlueVoyant in the room. In 2025 it won the Security Trailblazer award at the Microsoft Security Excellence Awards and earned a 5-Star rating in the CRN Partner Program Guide.

Funding, round by round

DISCLOSED RAISES (USD) · TOTAL ≈ $695.5M

Series A '17

$125M

Series B '19

$82.5M

Series D '22

$250M

Series E '23

$140M

Fig. B - The 2022 Series D didn't just raise money. It crossed the billion-dollar line. Bars scaled to the largest disclosed round.

100+

Countries served

24/7

Global SOC coverage

$1B+

Valuation (2022)

~650

Employees

Fig. C - The numbers a CISO actually asks about, before the demo even starts.

The client base skews toward the organizations that get targeted hardest - enterprises and governments, with a particular footprint in financial services, where Rosenthal and Glocer's instincts run deep. These are customers who measure a security partner not by slide decks but by the breaches that didn't happen.

"Microsoft helped design the product with us in the room. You don't get there by being a reseller."- On the BlueVoyant–Microsoft design partnership

06 - THE MISSIONNation-state defense, for the rest of us

The premise is almost democratic.

The uncomfortable reality of modern security is that the best defense has always been available - if you could afford a team of former intelligence analysts on permanent retainer. Most organizations can't. BlueVoyant's mission is to take that grade of defense and deliver it as a managed service, continuously, to companies that could never staff it themselves.

It's a mission with a built-in tension, which is what makes it interesting. To defend everyone everywhere, you need enormous data and scale. But to defend any one client well, you need human judgment that doesn't scale at all. BlueVoyant's entire architecture is an attempt to hold both at once - automation for the volume, people for the verdicts.

"Software alone misses context. Humans alone don't scale. BlueVoyant's bet is that you need both - on purpose."- The thesis, restated

07 - WHY IT MATTERS TOMORROWThe attacks are getting cheaper

AI didn't just help the defenders.

The same tools that let BlueVoyant analyze threats at scale are available, in cheaper form, to the people building those threats. Phishing is more convincing. Reconnaissance is automated. Supply chains keep getting longer, which means everyone's attack surface keeps getting larger whether they like it or not. The volume of attacks is going up; the cost of launching them is going down. That math only points one direction.

Which is why a company built on the idea that defense should be continuous, managed, and everywhere looks less like a 2017 startup bet and more like a description of where the whole industry is heading. The question for the next decade isn't whether organizations will be attacked. It's whether someone is awake when it happens.

Back at that operations center, the analyst who flagged the 3 a.m. login closes the ticket and moves to the next one. The client never knew. That's the entire point - the best day in cyber defense is the one where nothing happens, and somebody made sure of it.

The file: links & sources

↗ Website - bluevoyant.com ↗ LinkedIn ↗ Twitter / X ↗ Facebook ↗ About / Company ↗ Awards ↗ Press kit ↗ MDR platform

▶ YouTube channel ▶ MDR with DFIR - product video ▶ Interviews & talks

Sources: bluevoyant.com, AlleyWatch, Crunchbase, Tracxn, PR Newswire, Gartner Peer Insights, CRN. Funding figures are as publicly disclosed and approximate.