Vulcan Cyber, an Israeli vulnerability remediation startup, launched on Wednesday with $4 million in seed funding in hand. The funding primarily comes from cybersecurity investing company YL Ventures, with participation from a few other investors.
The problem the Tel Aviv-based company wants to solve is that, as organizations expand their IT infrastructures, so does their attack surface. But that doesn’t mean their visibility into new vulnerabilities increases in kind.
“This speed of change coupled with the ever-expanding number of vulnerabilities in today’s enterprise software stack and hackers who are constantly probing for this ‘low hanging fruit,’ creates a reality of incessant and unrelenting risk,” the company said in its announcement.
Vulcan’s main offering is its Continuous Vulnerability Remediation platform. The product uses “dozens of scanning tools” to aggregate data from a customer’s network and analyzes it to identify vulnerabilities. It then “prioritizes, plans, orchestrates and validates remediation.”
The platform works “out of the box” with popular scanning, configuration and patching tools, the company says, and comes with open APIs in order to integrate easily with newer tools. The product works with existing platforms such as Qualys, Rapid7, Amazon Web Services, Google Cloud, GitHub and others.
The company says that part of the problem is that even if security professionals discover a vulnerability on their networks, it may be a while before they remediate it because of the growing infrastructure and attack surface. Vulcan points to last year’s Equifax breach and the NotPetya and Wannacry ransomware incidents as examples of when attackers exploiting well-known vulnerabilities.
“Delays in discovery and analysis, as well as planning and prioritization of remediation, adds months to dwell time. Many of these delays occur as cross-functional teams struggle to manage remediation while also ensuring business continuity,” the press release reads.
The company boasts that its platform can reduce dwell time — the time between when administrators learn of a vulnerability or breach and when they actually fix it — “from weeks and months to hours.”
“It has become almost impossible for CISOs and their teams to understand and manage the significant and systemic risk of vulnerabilities in their production systems, leaving them in a state of continuous exposure,” said Vulcan Cyber CEO and co-founder Yaniv Bar Dayan in a statement. “It might sound more glamorous to talk about zero-day and next generation threats, but vulnerability remediation is truly where the rubber meets the road.”