“In an ideal world, a security vulnerability is flagged, then resolved as quickly as possible by the relevant security, IT or DevOps teams.”
We couldn’t disagree more. The problem–solution structure of the traditional security paradigm goes like this:
Commercial software is plagued by vulnerabilities, and IT and security departments, already flooded with potential risks, are being sent new alerts by old system scanners capable of merely flagging critical vulnerabilities, without offering any recommendations on how to deal with them — let alone remediate.
Businesses are operating across a patchwork of different platforms, all with their own unique risks and weaknesses, which adds enormously to the complexity of the task at hand. Then, to remedy any single system’s vulnerability typically requires several different expertises across multiple departments, which takes valuable time and effort to coordinate. And this lack of coordination can be significantly detrimental.
A security alert may well be on an IT team’s radar, thrown over from a security team. But a lack of action — premised on a dearth of workflows around how to deal with alerts — throws open weaknesses. It’s no good being aware of 99 percent of vulnerabilities if you don’t know which to prioritise.
The pandemic hasn’t helped. The near-overnight move to work-from-home in 2020 led, according to research from Carbon Black, to 91 percent of firms across the globe seeing an overall increase in cyber attacks.
All this is time and money, too. On average, medium-to-large businesses spend 415 hours every week tackling breaches, leading to an average annual cost of $1.6m.
This is an outdated, ineffective, costly, bureaucratic and vulnerable world.
But what businesses really want is a system that identifies and prioritises the vulnerabilities that are going to hurt. And then for that system to offer remediation — ideally, automatically. What’s needed is a new security standard: a first-principles, proactive approach to cyber risk.
This is why we are so excited to be investing in Vulcan, partnering with its incredible team as they revolutionise businesses’ ability to prioritise and eliminate vulnerabilities — before there’s even a problem.
A new security standard
Combining orchestration and automation with fixing the root cause places Vulcan in a new stratum of security solutions. Its platform provides a unified and cost-effective process for all departments responsible for weeding out system weaknesses and, in doing so, it brings a culture of security to IT, and vice versa, harmonising these so often-siloed teams.
While traditional players typically focus on covering a narrow set of vulnerabilities, and stop short of providing an actual solution beyond mere insight, Vulcan blankets an entire spectrum of security aspects, and makes significant steps towards the holy grail of fully automated remediation.
It does this by acting as the glue that seamlessly meshes together the multiple tools and workflows already in place across a company’s digital assets. It integrates with the likes of Snyk, Checkmarx, Tenable and Qualys to identify vulnerabilities across applications, assets and infrastructure — as well as with collaboration and automation tools such as Servicenow, Slack, Jira or Puppet, to support an ultra-efficient remediation workflow.
Vulcan then helps companies prioritise ruthlessly across the entire stack. Firstly, it targets the 2 percent of vulnerabilities discovered each week that are truly critical to an organisation, then it reduces the number of fixes that are flagged as urgent, followed by automatically identifying the best fix for each. And it automates up to 90 percent of remediation solutions, via its established solutions playbook.
A system like this can slash the time spent detecting, remedying and reporting vulnerabilities by 85–90 percent, saving firms as much as $1.5m each year.
The feedback from Vulcan customers stands as testimony to how transformative the platform is. Snowflake’s head of cybersecurity strategy, Omer Singer, says that Vulcan’s platform enabled his team to “quickly” close a third of server vulnerabilities in a “key environment”.
“This is the vulnerability management solution we’ve been waiting for,” Singer said.
Introducing Vulcan Free
Alongside a fantastic fundraise, we’re delighted that the team is also introducing its latest product to the world. Vulcan Free is the first ever — free — risk-based vulnerability management platform for prioritising vulnerabilities, available to individuals in any business.
A free version of Vulcan’s core product, it embodies the company’s philosophy that prioritising risks is not an end goal, but just one strand of comprehensive remediation. It also underlines the team’s reinvention of security: placing emphasis and value with the main users, at the coalface. Anyone within an organisation can sign up to Free, and this heavily complements Remedy Cloud, Vulcan’s community product — think Stack Overflow for vulnerability remediation, another ground-up, and groundbreaking, approach.
The tantalising thing about security is that it’s not a competitive advantage: collaboration helps everyone. While Vulcan Free will quickly democratise security, Remedy Cloud (which was launched just four months ago) is on track to become the world’s most complete set of vulnerability fixes. Vulcan is working to foster collaboration within the industry and bring together security and IT teams, closing the circle of knowledge, and make the world a safer place.
We could not be more proud to back them.
With the team to match
The Vulcan product set is matched only in impressiveness by the team itself.
Vulcan was founded in 2018 by Yaniv Bar-Dayan, Tal Morgenstern and Roy Horev. These cyber security veterans (both Yaniv and Tal served in the elite technology units of the Israel Defence Forces) have built an incredibly well-rounded team around them. Over the past year, the company has seen an explosive growth rate, signing landmark logos — like Snowflake and Informatica — across every type of vertical.
Dawn has worked with several founders and teams that embody the standard associated with Israeli tech startups: inimitable products and approaches. We first invested in Minute Media in 2014, Access Fintech last year, and Granulate this year, too.
We knew instantly that we’d love to work with the Vulcan team. Their deep domain experience, understanding of the real pain points in the industry (the world does not need another vulnerability scanner, but something to actually help them fix those vulnerabilities); and drive and determination was immediately apparent — even over Zoom!
We can’t wait to meet them properly but know that, in the meantime, they’ll be redefining security for enterprises across the globe.