Vulcan Cyber, which scans software for security vulnerabilities, lands $55M cash infusion

Image credit: Gorodenkoff/Getty Images

Vulcan Cyber, a company that develops software to help companies detect vulnerabilities in their software stack, today announced that it raised $55 million in equity funding led by Maor Investments and Ten Eleven Ventures, with participation from Dawn Capital and Wipro Ventures.

The investment comes at an uncertain time for the cybersecurity industry. Cyber ​​VC funding on track to hit four-year low; according to Crunchbase, cybersecurity startups raised about $1.9 billion during Q3 2023, marking a 30% decrease from $2.7 billion in the year-ago period.

Co-founder and CEO Yaniv Bar-Dayan attributes Vulcan’s funding success to its growth. In the 12 months to the third quarter, the company’s revenue more than doubled, he said, while its customer base grew to over 200 companies — 60 of which are “enterprise-sized.”

“Vulcan Cyber ​​will use funds from this round to drive continued product innovation, expand into new markets, accelerate rapid revenue growth and build on market momentum,” Bar-Dayan told TechCrunch in an email interview — noting that the new cash brings Vulcan’s total raised. to 70 million dollars.

It probably also helped Vulcan that software vulnerabilities are a growing enterprise threat. According to Statista, in 2022 internet users worldwide discovered over 25,000 new common IT security vulnerabilities and exposures, the highest reported annual number to date.

Vulcan, which Bar-Dayan founded in 2018 with Tal Morgenstern and Roy Horev, provides a set of tools to help address – and prioritize – risks around code vulnerabilities. The platform monitors security, IT and DevOps software via APIs to spot potential exploits and trigger remediation, either automatically or under the supervision of a company’s security team.

Vulcan Cyber’s user interface.

Vulcan leverages a threat intelligence network to inform its suite’s alert and detection policies, Bar-Dayan says. And it uses large language models a la OpenAI’s ChatGPT to “generate remedial intelligence” (although it’s unclear to this writer what exactly is meant by this).

“Vulcan [models] attack paths from code to cloud to traditional network infrastructure [and] prioritizes vulnerability remediation for assets based on attack exposure [and more,] and then correlating connections between the software to be fixed,” Bar-Dayan said. “The platform democratizes cyber risk mitigation with automated task assignment, asset ownership management and risk exception workflows.”

Now, a growing number of startups offer tools to scan codebases, tools, and software packages for security holes, including SonarSource (which recently raised a whopping $412 million), Socket ($20 million), and BluBracket ($12 million). So what sets Vulcan apart? Bar-Dayan points to the company’s free offering, Vulcan Free, which launched last year — and which he believes is one of the only free risk-based vulnerability management products on the market.

Of course, Vulcan is in the business of making money; Vulcan Free acts as a funnel to Vulcan’s fully managed products.

“The industry does not need more vulnerability management scanners and tools,” Bar-Dayan said. “We need holistic, actionable cyber risk management that addresses and mitigates actual business risks and helps maximize investments in data generating tools. Vulcan Cyber ​​is on a mission to eliminate these challenges and own the cyber risk management market and change the vulnerability management market forever.”

Vulcan currently employs a team of around 90 people. Bar-Dayan would not commit to hiring plans, but said the goal is to grow the workforce “gradually” with the company.