Vulnerability Remediation in Hours, Not Months: Vulcan Cyber Is Making It Happen

Today, YL Ventures announced a seed investment in Vulcan Cyber , a company that was started in January 2018 by three remarkable Israeli entrepreneurs: Yaniv Bar-Dayan, Tal Morgenstern, and Roy Horev.

I’ve rarely seen a company move so quickly to capture the interest of its market. This early momentum is due to a combination of the founders’ incredible talent and the market’s crying need for their solution. When those two factors combine, you know you’ve got something truly amazing.

Vulcan Cyber is the industry’s first Continuous Vulnerability Remediation Solution. Vulcan integrates, automates, and orchestrates existing tools and processes to remediate security risks faster, and with less impact to business operations, than has ever been possible to date.

For companies that are worried about damage to their businesses from unpatched, unfixed vulnerabilities — which is pretty much every enterprise — Vulcan Cyber is about to make them much, much safer.

The Challenge of Vulnerability Remediation

If you know anything about IT security you know that vulnerabilities often go unfixed for weeks or even months after they’ve become known.

According to the SANS institute, over 80 percent of cybersecurity incidents exploit known vulnerabilities (as opposed to zero-day exploits), and Gartner predicts that by 2020, 99% of the vulnerabilities that hackers exploit will be ones that security and IT professionals have known about for at least a year.

The problem isn’t lack of knowledge, but the difficulty of remediating these vulnerabilities: Applying patches, upgrading operating systems, installing new software, changing configurations, etc. According to a Verizon report, it takes 100 days to patch 80% of the vulnerabilities that become known.

Vulnerability assessment solutions do exist, but they produce reports containing thousands of risks that customers need to assess and manage themselves. Also, those reports don’t include the customer’s specific business context: Is this vulnerable asset critical to my business? For the way our infrastructure is built? For the specific ways that we operate?

It’s enough to make security and IT executives tear their hair out.

Vulcan Cyber closes that “Vulnerability Remediation Gap,” making it possible for companies to fix critical vulnerabilities within hours instead of months. Vulcan does this by integrating with vulnerability assessment tools and other data sources to create prioritized, highly relevant action items. It then orchestrates the entire remediation process by integrating into patch management systems and DevOps tools, and by offering alternative courses of action.

In this way Vulcan Cyber turns the laborious and repetitive process of patching software into a centrally-controlled, easy-to-manage system.

This space may be less sexy than advanced persistent threat detection (unless you’re a CISO), but it is incredibly valuable to organizations, as we have found through many conversations with enterprise cybersecurity customers.

Think about it this way: Attacks like WannaCry and breaches like Equifax, which took advantage of unpatched vulnerabilities, could have been prevented completely if organizations had a solution like Vulcan.

High-Speed Iteration

Yaniv, Tal, and Roy founded Vulcan Cyber in January 2018, and we became aware of them in mid-January. Our Israeli office reached out right away and first talked with the founders on January 14. The next week, YLV’s U.S. team — vice president John Brennan and I — followed up with a call.

We could tell from the start that this was a company we wanted to know more about. When we get excited about something, we lean in — and that means setting up calls between the founding team and potential customers in the U.S.

We knew Vulcan Cyber’s vision was large, but we needed to understand exactly what potential customers would think of it. Putting Vulcan together with potential U.S. customers through video conferences made everything crystal clear: Those customers let Vulcan and us know that they were impressed.

This was also a chance for Vulcan to hone their vision and find the sweet spot in the market. For instance, which patch management system do you prioritize? Which vulnerability scanners should you integrate with first? Through these calls, Yaniv, Tal, and Roy collected valuable feedback on where the beachhead opportunity lay.

These meetings are where this team’s talent really started to shine. The Vulcan Cyber team demonstrated an amazing ability to absorb feedback and iterate at high speed. We could have a call with them on Monday night, and by the time we did a follow-up call on Tuesday morning it would seem as though they’d spent a week absorbing the feedback and responding to it. I’ve never seen a team synthesize feedback so quickly, so openly, and so efficiently.

Iren Reznikov, Principal at YL Ventures, played an active role in this stage of the process, providing the entrepreneurs with back-channel feedback and adding YLV’s point of view on what they should take from the calls. In this way, Vulcan Cyber was able to hone its value proposition quickly.

The Start of a Beautiful Friendship

On February 7, we set up a call with Idan Ninyo, YL Ventures’ engineer in residence, to do tech due diligence with the Vulcan Cyber team. It was 10 p.m. Israel time, and the Vulcan team gathered in Mindspace, a shared office in Tel Aviv, with a stack of pizzas. Idan grilled them for two and a half hours, digging into how they planned to do integrations, which systems they would connect with first, how exactly that would work, and so on. It was an intense and productive session, and by the time the meeting wrapped up it was well past midnight in Tel Aviv. We came away supremely confident in the technology and engineering capabilities of the team.

But there was one more piece. While the team had undeniable talent, I still felt like I needed a few more hours with Yaniv, the CEO, one-on-one. It was important for me to know him more intimately as an entrepreneur and discuss all facets of building a great company from scratch. My schedule at the time happened to take me all over the U.S. but not to Tel Aviv, so I called Yaniv and asked him how soon he could get on a plane to New York to meet me there. I believe that Yaniv was feeling a similar drive to get to know me, because within a day or so he was on a plane to JFK.

Our meeting took place at The Library at The NoMad hotel on Valentine’s Day, of all days. It was the perfect setting to discuss anything and everything that crossed our minds — from childhood dreams to investment terms and everything in between. Amazingly, the meeting lasted for 6 hours, while all around us business lunches were giving way to romantic dates. During that meeting Yaniv and I forged a true and long-lasting partnership. And we finalized it with both of our signatures on the investment term sheet right there at The Library!

The Customer Excitement Is Building

Even though they are young, the Vulcan Cyber founders bring years of hands-on experience with multiple cybersecurity products and disciplines, as well as experience across sales, marketing, product management, and cybersecurity product development. They are a truly remarkable group of founders and I couldn’t be more excited about working with them.

Yaniv Bar-Dayan (CEO) – Yaniv is an amazing CEO, a leader, and very agile. He is a man of vision but also very hands-on, and he handles customers exceptionally.

Tal Morgenstern (CPO) – Tal is an incredible product guy with deep understanding of how organizations and products work. He is the guy you want when you need to convey a complex technological idea in a simple way. Tal and Yaniv also have experience working together, at Cyberbit.

Roy Horev (CTO) – Roy is an inspiring engineering leader and entrepreneur with a terrific background of success — and it’s clear that people love him.

Since the investment closed, our mutual work with Vulcan is firing up. Together we’ve been planning the establishment of a U.S headquarters and hiring of marketing and sales staff, shaping up financial projections, and most importantly, facilitating meetings with potential U.S customers. In fact, with over 40 meetings already conducted, the positive reaction they’re getting has truly re-affirmed our belief that this is the right team for the right job. And just to give you a sense of how aggressively this team moves: Since February they’ve been traveling to the U.S. every two weeks, meeting with customers and collecting feedback. In short, they’re going all in with their engagement with the market.

Sometimes in cybersecurity it is hard to articulate the vision for a company in a way that gets enterprise customers motivated. This is not one of those cases: Even though what Vulcan Cyber is doing is so complicated — and perhaps because it is so complicated — they have had no trouble getting security executives excited about the vision.

The message is clearly resonating — and Vulcan Cyber is poised for liftoff. I can’t wait to see where they go next!