Vulcan Cyber launches free vulnerability management service with $21M in new funding

Vulcan Cyber, a startup developing tools to help enterprise customers detect and fix software vulnerabilities, today announced that it raised $21 million in a series B round led by Dawn Capital. CEO Yaniv Bar-Dayan says the funds will be used to support the rollout of new exploit remediation solutions for cloud and app security teams and to deliver Vulcan Free, a no-cost, risk-based vulnerability management platform for cyber risk prioritization.

More than a third of web app vulnerabilities are considered high risk, according to a report from Edgescan, and organizations with 101 to 1,000 employees see the most high-risk and critical-risk vulnerabilities. These can be expensive if left unaddressed. In recent years, the average cost of a security breach has generally hovered between $3.5 million and $4 million.

Bar-Dayan asserts that legacy vulnerability management solutions are ineffective and leave organizations exposed. By adopting a software-as-a-service delivery model, he says that Vulcan can provide better remediation capabilities that are effective for a wider, modern user base.

Toward this end, Bar-Dayan claims that the newly launched Vulcan Free is one of the industry’s first free risk-based vulnerability management products. The goal with Vulcan Free is to make the service available to the wider market and in the process improve remediation efforts industry-wide, particularly in cloud and app environments.

“The launch of Vulcan Free underscores the Vulcan Cyber philosophy that vulnerability prioritization is not an end goal, but simply one element in proper remediation,” Bar-Dayan said in a press release. “Vulcan Free changes decades-old market dynamics that traditionally focus on vulnerability identification only instead of focusing on driving remediation outcomes. Remediation orchestration is the only viable way to deliberately align vulnerability management with the needs of digital business and critical cloud and application environments.”

Vulcan’s cloud-hosted platform monitors security, IT, and DevOps tools via their respective APIs to spot exploits and kick off code remediation, either automatically (adherent to custom or predefined rules) or under the supervision of specialists. Vulcan leverages a threat intelligence network to inform its suite’s alerting and detection policies, which Bar-Dayan says most customers configure and deploy within a few minutes.

Vulcan offers dozens of connectors for environments such as Microsoft Azure, Amazon Web Services, Google Cloud Platform, and WhiteSource. Additionally, its products integrate with security testing tools and vulnerability scanners like Black Duck, Nessus, WhiteSource, SourceClear, Qualys, Puppet, Chef, Ansible, and Carbon Black.

According to Bar-Dayan, Vulcan’s security approach is somewhat novel in that it targets the vulnerability remediation gap — the time between initial discovery and a fix’s deployment — by minimizing logistical challenges in ways that don’t impact business continuity. One satisfied customer is cloud data warehouse company Snowflake, which managed to remediate more than 40% of known vulnerabilities found in one of its core environments using Vulcan’s toolset.

“With advances in vulnerability scanning and asset management tools, it’s relatively easy for security teams to collect data from a wide variety of IT assets and computing environments. This has led to increased visibility within an organization, but with the explosion of IT assets, resource-starved security teams are having trouble handling the resulting increase in vulnerabilities and alerts,” Scott Crawford, security research director for S&P-owned 451 Research, said. “Remediation becomes difficult as security and IT must work to find a balance between availability and stability and the fact that some assets must be taken offline for patching. As more vulnerabilities are discovered, teams quickly realize they cannot feasibly resolve them all, so they are left with figuring out which vulnerabilities to prioritize and remediate.”

Wipro Ventures participated in Vulcan’s latest raise along with YL Ventures and Ten Eleven Ventures, which brings Vulcan’s total raised to date to over $30 million following a $10 million series A in June 2019. Beyond bolstering the launch of Vulcan Free, the company plans to use the proceeds to enhance direct sales and grow its channel program and managed security service provider relationships.

By VentureBeat Source Link