Vulcan Cyber, a startup developing tools to help enterprise customers detect and fix software vulnerabilities, today announced that it raised $21 million in a series B round led by Dawn Capital. CEO Yaniv Bar-Dayan says the funds will be used to support the rollout of new exploit remediation solutions for cloud and app security teams and to deliver Vulcan Free, a no-cost, risk-based vulnerability management platform for cyber risk prioritization.
More than a third of web app vulnerabilities are considered high risk, according to a report from Edgescan, and organizations with 101 to 1,000 employees see the most high-risk and critical-risk vulnerabilities. These can be expensive if left unaddressed. In recent years, the average cost of a security breach has generally hovered between $3.5 million and $4 million.
Bar-Dayan asserts that legacy vulnerability management solutions are ineffective and leave organizations exposed. By adopting a software-as-a-service delivery model, he says that Vulcan can provide better remediation capabilities that are effective for a wider, modern user base.
Toward this end, Bar-Dayan, who founded Vulcan Cyber in 2018 with friends Roy Horev and Tal Morgenstern, claims that the newly launched Vulcan Free is one of the industry’s first free risk-based vulnerability management products. The goal with Vulcan Free is to make the service available to the wider market and in the process improve remediation efforts industry-wide, particularly in cloud and app environments.
“The launch of Vulcan Free underscores the Vulcan Cyber philosophy that vulnerability prioritization is not an end goal, but simply one element in proper remediation,” Bar-Dayan told VentureBeat via email. “Vulcan Free changes decades-old market dynamics that traditionally focus on vulnerability identification only instead of focusing on driving remediation outcomes. Remediation orchestration is the only viable way to deliberately align vulnerability management with the needs of digital business and critical cloud and application environments.”
Vulcan’s cloud-hosted platform monitors security, IT, and DevOps tools via their respective APIs to spot exploits and kick off code remediation, either automatically (adherent to custom or predefined rules) or under the supervision of specialists. Vulcan leverages a threat intelligence network to inform its suite’s alerting and detection policies, which Bar-Dayan says most customers configure and deploy within a few minutes.
“Vulcan Cyber ships with dozens of integrations to the tools most used by IT security teams to automate various parts of a remediation campaign,” Bar-Dayan said. “We don’t typically tell teams to replace their tools with Vulcan Cyber, but we just help them get the most out of the tools and investments they’ve already made. We are also able to ingest the data generated by these tools and make sense of it all for the purpose of efficient remediation. Most of our customers will come to us with massive datasets of vulnerabilities found in their environments, but there is no way they can fix them all … and they probably don’t have to [with the Vulcan vulnerability prioritization engine.]”
Vulcan offers dozens of connectors for environments such as Microsoft Azure, Amazon Web Services, Google Cloud Platform, and WhiteSource. Additionally, its products integrate with security testing tools and vulnerability scanners like Black Duck, Nessus, WhiteSource, SourceClear, Qualys, Puppet, Chef, Ansible, and Carbon Black.
According to Bar-Dayan, Vulcan’s security approach is somewhat novel in that it targets the vulnerability remediation gap — the time between initial discovery and a fix’s deployment — by minimizing logistical challenges in ways that don’t impact business continuity. One satisfied customer of Vulcan’s dozens is cloud data warehouse company Snowflake, which managed to remediate more than 40% of known vulnerabilities found in one of its core environments using Vulcan’s toolset.
“With advances in vulnerability scanning and asset management tools, it’s relatively easy for security teams to collect data from a wide variety of IT assets and computing environments. This has led to increased visibility within an organization, but with the explosion of IT assets, resource-starved security teams are having trouble handling the resulting increase in vulnerabilities and alerts,” Scott Crawford, security research director for S&P-owned 451 Research, said. “Remediation becomes difficult as security and IT must work to find a balance between availability and stability and the fact that some assets must be taken offline for patching. As more vulnerabilities are discovered, teams quickly realize they cannot feasibly resolve them all, so they are left with figuring out which vulnerabilities to prioritize and remediate.”
Wipro Ventures participated in 40-employee Vulcan’s latest raise along with YL Ventures and Ten Eleven Ventures, which brings Vulcan’s total raised to date to $35 million following a $10 million series A in June 2019. Beyond bolstering the launch of Vulcan Free, the company plans to use the proceeds to enhance direct sales and grow its channel program and managed security service provider relationships. Vulcan Cyber’s annual recurring revenue grew more than 500% in 2020 over 2019.
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more