Isreali cybersecurity startup Vulcan Cyber raises $4 million Seed Round to help enterprises eliminate vulnerability remediation gap
Israeli startup Vulcan Cyber today announced $4 million in seed funding for its mission to eliminate the Vulnerability Remediation Gap that unnecessarily exposes enterprises to massive cyber risk. Backing for the technology platform, which lets security teams gain the insight needed and take the action required to continuously eliminate exposed vulnerabilities in their production systems, comes from YL Ventures with participation from additional prominent cybersecurity and enterprise software investors, including Giora Yaron, Chairman of the Executive Council of Tel Aviv University.
Organizations today are dramatically increasing their pace of change and innovation, adopting Agile Development and DevOps processes while constantly deploying and upgrading new and innovative applications and technologies. This speed of change coupled with the ever-expanding number of vulnerabilities in today’s enterprise software stack and hackers who are constantly probing for this “low hanging fruit,” creates a reality of incessant and unrelenting risk. In fact, recent well-known breaches including Equifax, as well as the WannaCry and Petya attacks, all exploited known vulnerabilities. Vulcan Cyber was founded to eliminate this risk.
By 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year, according to Gartner Research. Dwell time, the time frame from discovery to prioritization to fix, is months or more in most organizations. According to a recent Ponemon Institute study, “Today’s State of Vulnerability Response,” the average enterprise “wastes weeks coordinating teams and manual tasks when remediating a vulnerability.” Delays in discovery and analysis, as well as planning and prioritization of remediation, adds months to dwell time. Many of these delays occur as cross-functional teams struggle to manage remediation while also ensuring business continuity.
The Vulcan Cyber Continuous Vulnerability Remediation platform eliminates the most critical risks caused by vulnerabilities while at the same time avoiding any unexpected impact to business operations. Vulcan reduces dwell time from weeks and months to hours. Vulcan Cyber’s comprehensive data collection aggregates data from dozens of scanning tools while its advanced exposure analytics deliver unprecedented insight into the true risk of existing vulnerabilities in the deployed enterprise stack. Vulcan then automatically prioritizes, plans, orchestrates and validates remediation. Vulcan is the industry’s first remediation orchestration engine that coordinates the teams, tools and tasks needed to successfully and rapidly eliminate exposure and risk.
“Enterprises today are experiencing a state of continuous risk exposure,” said Yoav Leitersdorf, managing partner at YL Ventures, who led the Vulcan Cyber funding round. “This exposure is a board level concern. The speed of change, innovation, volume of constant probes and attacks has simply outpaced the tools and skilled resources IT security teams have. For many teams, it simply feels like they’re in a never-ending storm of crisis and reactive activities.”
IT security and operations teams today rely on dozens of vulnerability assessment and patch management tools and are using manual processes and custom scripting to tie them together. By automating the collection and integration of all the relevant vulnerability data from these tools across the enterprise IT stack and correlating this information with risk exposure, Vulcan provides insight that enables continuous evaluation of exposure and prioritization of remediation. Vulcan then orchestrates patch management, IT service management tools and the teams and tasks needed to continuously remediate the most critical exposure in production environments. Lastly, Vulcan validates remediation effectiveness and feeds the new data back into the insight engine. Vulcan integrates out of the box with all popular scanning, configuration management and patching tools, as well as provides open APIs to connect new scanners, tools and feeds into the platform.
“The team at Vulcan has the right vision to deliver IT security teams unprecedented insight and the ability and confidence needed to successfully eliminate exposure and risk. Vulcan has the potential to be transformative for enterprises, taking them from a state of continuous exposure to continuous protection,” Leitersdorf added.
Andy Ellis, CSO of Akamai, concurred, “Organizations today have diverse ecosystems, from on-premise bespoke applications to cloud-deployed services. Keeping track of the state of these applications and systems — often owned by distinct engineering and operations teams — in order to ensure that system maintenance keeps up with the never-ending flow of vulnerabilities and exposures is vital. Continuous and integrated visibility into remediation is the first step to remediation orchestration for enterprises.”
“Vulcan’s approach to enable and empower both IT security teams and their operations counterparts is a leap forward, giving us a vision for a world where companies aren’t being breached everyday with exploits against vulnerabilities that have been known about for months or years,” said Ellis.
Yaniv Bar-Dayan, Vulcan Cyber CEO and co-founder explains that vulnerabilities are the “dirty” but critical work of IT security. “It has become almost impossible for CISOs and their teams to understand and manage the significant and systemic risk of vulnerabilities in their production systems, leaving them in a state of continuous exposure. It might sound more glamorous to talk about zero-day and next generation threats, but vulnerability remediation is truly where the rubber meets the road. The only way to deal with this continuous risk exposure is through continuous remediation, achieved with robust data collection, advanced analytics, automation and closed loop remediation planning, orchestration and validation. This is exactly what we are delivering to IT security teams with Vulcan Cyber.”
The Vulcan platform is currently in limited availability to qualified customers. General availability will be in late 2018.