Personal blog of Yzmir Ramirez

Many software vulnerabilities are already known, and vendors have even issued patches, but the problem is there are so many patches that it’s often difficult for companies to keep up. Vulcan Cyber wants to help by bringing a level of automation to the patching operation, and in the process reduce exposure to known risks.

Today, it announced a $10 million Series A round from Ten Eleven Ventures and YL Ventures .

In a typical scenario, security researchers find vulnerabilities, the vendors disclose them and patch them. From there it’s up to individual companies to take care of downloading and installing the patch, but Vulcan Cyber co-founder and CEO Yaniv Bar-Dayan says the number of patches has been growing at a furious pace with 6000 patches in 2016, 16,000 in 2017 and 18,000 last year. And that growth trajectory is continuing this year, he says.

Vulcan’s ultimate mission is to help companies remediate security vulnerabilities from their infrastructure. They do this by bringing a level of automation to the process, recognizing that humans can’t keep up with these numbers. “We automate the process of prioritization and deployment to remediate more vulnerabilities faster,” Bar-Dayan explained. What’s more, he said that Vulcan does this without risking business operations, while reducing risk and costs.

Vulcan Cyber risk prioritization view. Screenshot: Vulcan Cyber

The company raised a $4 million seed round last year, bringing the total raised to $14 million so far. As TechCrunch’s Frederic Lardinois pointed out while writing about that seed round, it’s able to achieve this level of automation, while working with the tools developers and security teams typically work with anyway.

“Vulcan Cyber plays nicely with all of the major cloud platforms, as well as tools like Puppet, Chef and Ansible, as well as GitHub and Bitbucket. It also integrates with a number of major security testing tools and vulnerability scanners, including Black Duck, Nessus, Fortify, Tripwire, Checkmarx, Rapid7 and Veracode,” Lardinois wrote.

The company was founded last year and has 25 employees. It plans to continue building its engineering team in Israel with the money from this round, as well as opening an office in San Francisco for sales, marketing and customer success.

Vulcan Cyber, a Tel Aviv-based security startup that helps enterprises quickly detect and fix vulnerabilities in their software stack and code, is coming out of stealth today and announcing a $4 million seed round led by YL Ventures with participation from a number of other cybersecurity investors.

The general idea behind Vulcan Cyber is that as businesses continue to increase the pace at which they build and adopt new software, the risk of introducing vulnerabilities only increases. But at the same time, most companies don’t have the tools in place to automatically detect and mitigate these issues, meaning that it can often take weeks before a patch rolls out.

The company argues that its position in the cybersecurity space is somewhat unique because it doesn’t just focus on detecting vulnerabilities but also helps businesses remediate them. All users have to do is give Vulcan access to the APIs of their existing vulnerability, DevOps and IT tools and the service will simply take over from there. It then watches over both the infrastructure as well as the code that runs on it.

“It might sound more glamorous to talk about zero-day and next-generation threats, but vulnerability remediation is truly where the rubber meets the road,” said Yaniv Bar-Dayan, Vulcan Cyber’s CEO and co-founder. “The only way to deal with this continuous risk exposure is through continuous remediation, achieved with robust data collection, advanced analytics, automation, and closed-loop remediation planning, orchestration and validation. This is exactly what we are delivering to IT security teams with Vulcan Cyber.”

Vulcan cyber plays nicely with all o the major cloud platforms, as well as tools like Puppet, Chef and Ansible, as well as GitHub and Bitbucket. It also integrates with a number of major security testing tools and vulnerability scanners, including Black Duck, Nessus, Fortify, Tripwire, Checkmarx, Rapid7 and Veracode.