DeepSurface Security emerges from stealth with $1 million in funding to launch the first automated tool to help cybersecurity teams analyze and prioritize risks
As networks have become more complex with the addition of cloud computing, mobile devices, and IoT, published software vulnerabilities have accelerated roughly 12% year over year, with over 22,000 security vulnerabilities published in 2019 alone. These vulnerabilities affect product integrity, stability, and reliability. While vulnerability scanners can identify the thousands of vulnerabilities that may exist on an enterprise network, cybersecurity staff must still manually sort through the flagged vulnerabilities and identify which are the most important to patch first and which are false positives. At the same time, global demand for cybersecurity professionals has outstripped supply, creating a critical cybersecurity skills gap and talent shortage.
Enter DeepSurface Security, a Portland, Oregon-based cybersecurity startup that provides a Predictive Vulnerability Management platform helps to solve this problem by automating the discovery, accurate prioritization, and research for remediation of vulnerabilities leading to real risk reduction on their networks.
Not meant to replace vulnerability scanners, but to pick up where they left off, DeepSurface automatically collects deep knowledge of user permissions and activity, application permissions, host configurations, and the location of sensitive data to create a detailed threat model and map of all exploitation pathways through a network caused by unpatched software. Most importantly, DeepSurface computes the risk of each vulnerability and risk pathway based on the potential impact on critical assets. By arming teams with actionable intelligence and the contextual analysis, they need to measure and prioritize risk, teams can objectively prove where they should spend their time to reduce the most risk.
Today, DeepSurface Security emerges from stealth with $1 million in funding to automate how cybersecurity teams analyze and prioritize risks. The round, which was led by Cascade Seed Fund and joined by SeaChange Fund and Voyager Capital, will be used to publicly release its flagship product in Q4 and to expand its team in the Portland area.
Founded in 2017 the Portland-based company is led by CEO James Dirksen, a veteran Portland entrepreneur who bought and grew web categorization company RuleSpace, LLC, and sold it to Symantec, and Tim Morgan, a leading penetration and application security tester. They are joined by a strong bench of advisors that includes Dwayne Melancon, former Chief Technology Officer at Tripwire; Dave Cole, former Chief Product Officer at Tenable; John Ewert, former Chief Operating Officer at Palo Alto Networks; and Rob Wiltbank, Chief Executive Officer of Galois, Inc.
“With essential information stored on networks and the cloud, it’s critical that companies patch the vulnerabilities most dangerous to them promptly before they cost company damage to their brand and revenue,” said DeepSurface CEO James Dirksen. “With Deep Surface’s unique mapping, wayfinding capabilities and actionable intelligence, security teams are finally able to attack the most dangerous vulnerabilities first with precision allowing teams to optimize the time spent on the areas of greatest risk.”
According to Gartner, “end-user spending for the information security and risk management market is estimated to grow at a compound annual growth rate of 8.2% from 2019 through 2024 to reach $207.7 billion in constant currency.”
“Despite the large investments many companies are making in risk management solutions, choosing which vulnerabilities to address first remains a stubbornly manual and imprecise process,” said Robert Pease, Managing Director of Cascade Seed Fund. “As more and more companies look to improve their risk reduction systems, automation is a natural next step. We found that DeepSurface has built a compelling solution for predictive vulnerability management and are excited to see where this investment takes them.”
The beta version of DeepSurface is in use by large enterprise healthcare, SaaS, and financial companies. General availability will be available in Q4, 2020, and the company is scheduling preview tours of the product to vulnerability management teams and CISOs now.