Vulcan Cyber, a company developing software to help enterprises detect vulnerabilities in their software stack, today announced that it raised $55 million in equity financing led by Maor Investments and Ten Eleven Ventures with participation from Dawn Capital and Wipro Ventures.
The investment comes at a precarious time for the cybersecurity industry. Cyber VC funding is on pace to hit a four-year low; according to Crunchbase, cybersecurity startups raised around $1.9 billion during Q3 2023, marking a 30% decline from $2.7 billion in the period a year ago.
Co-founder and CEO Yaniv Bar-Dayan attributes Vulcan’s funding success to its growth. In the 12 months leading up to Q3, the company’s revenue more than doubled, he said, while its customer base grew to over 200 companies — 60 of which are “enterprise-sized.”
“Vulcan Cyber will use funds from this round to fuel continued product innovation, expand into new markets, accelerate rapid revenue growth and build on market momentum,” Bar-Dayan told TechCrunch in an email interview — noting that the new cash brings Vulcan’s total raised to $70 million.
It probably helped Vulcan, too, that software vulnerabilities are a growing enterprise threat. As per Statista, in 2022, internet users worldwide discovered over 25,000 new common IT security vulnerabilities and exposures, the highest reported annual figure to date.
Vulcan, which Bar-Dayan co-founded in 2018 with Tal Morgenstern and Roy Horev, provides an array of tools to help address — and prioritize — risks around code vulnerabilities. The platform monitors security, IT, and DevOps software via APIs to spot possible exploits and kick off remediation, either automatically or under the supervision of a company’s security team.
Vulcan leverages a threat intelligence network to inform its suite’s alerting and detection policies, Bar-Dayan says. And it uses large language models a la OpenAI’s ChatGPT to “generate remediation intelligence” (although it’s unclear to this writer what’s meant by this exactly).
“Vulcan [models] attack paths from code to cloud to traditional network infrastructure [and] prioritizes vulnerability remediation for assets based on attack exposure [and more,] and then correlates connections between the software that needs to be fixed,” Bar-Dayan said. “The platform democratizes cyber risk remediation with automated task assignment, asset ownership management and risk exception workflows.”
Now, a growing number of startups offer tools to scan codebases, tools and software packages for security gaps, including SonarSource (which recently raised a whopping $412 million), Socket ($20 million) and BluBracket ($12 million). So what sets Vulcan apart? Bar-Dayan points to the company’s free offering, Vulcan Free, which launched last year — and which he believes is one of the only no-cost risk-based vulnerability management products on the market.
Of course, Vulcan’s in the business of making money; Vulcan Free serves as a funnel to Vulcan’s fully managed products.
“The industry doesn’t need more vulnerability management scanners and tools,” Bar-Dayan said. “We need holistic, action-oriented cyber risk management that addresses and remediates actual business risk and helps maximize investments in data-generating tools. Vulcan Cyber is on a mission to eliminate these challenges and own the cyber risk management market and change the vulnerability management market for good.”
Vulcan currently employs a team of around 90 people. Bar-Dayan wouldn’t commit to hiring plans, but said that the goal is to grow headcount “gradually” with the business.