Governance & Risk Management , IT Risk Management , Vulnerability Assessment & Penetration Testing (VA/PT)
Vulcan Cyber Raises $34M to Safeguard Attack Path Management
Series B Extension Will Help Vulcan Cyber Go Beyond Legacy Vulnerability ManagementA breakthrough star in Forrester's latest vulnerability risk management rankings hauled in $34 million to expand into the cyber risk and attack path management markets.
See Also: August Spotlight | Automated Threat Intelligence Correlation
The Tel Aviv, Israel-based cyber risk management vendor said the Series B extension funding will allow Vulcan Cyber to go beyond legacy vulnerability management and take on application security posture management, cyber asset attack surface management, and exposure and risk analytics. The latest investment in Vulcan Cyber was led by venture capital firms Maor Investments and Ten Eleven Ventures (see: Tenable, Vulcan Cyber Lead Vulnerability Management Rankings).
"Customers are feeling the pain, and this leads to just more demand and more growth," Vulcan co-founder and CEO Yaniv Bar-Dayan told Information Security Media Group. "It's the right time to continue and push not only on sales and marketing but also on innovation."
Getting Into Emerging Areas of Risk Governance
Expanding from vulnerability management to exposure management has become vital as security teams must manage more findings across multiple asset types and adapt to new attack surfaces in an efficient and automated manner, Bar-Dayan said. Vulcan connects to the APIs from existing scanning tools and extracts data from them, creating a broad story with added context that helps clients prioritize findings.
As a result, Bar-Dayan said, customers can more accurately assess their risk and come up with a more effective process for remediating that risk. Unlike other exposure management vendors such as Tenable, Bar-Dayan said, Vulcan Cyber isn't locked into a particular set of sensor data and is open to working with best-of-breed information regardless of its source.
"When you are a vendor that scans, your incentive is to go and get your customer to use as many of your sensing capabilities as possible," Bar-Dayan said. "The reality is: This just doesn't happen. Enterprises and companies are buying best of breed; they want to buy the best product that serves them for a particular purpose."
Vulcan's use of third-party sensor data allows the company to invest more in its processing and analysis engines, which Bar-Dayan said ultimately leads to better vulnerability and risk management for clients. The company's strong data processing engine and vendor-agnostic approach allows Vulcan to support and add context around a broad spectrum of use cases related to vulnerability and risk management.
"Enterprises and customers are buying best of breed."
– Yaniv Bar-Dayan, co-founder and CEO, Vulcan Cyber
Going forward, Bar-Dayan said, Vulcan wants to integrate more data from third-party sensors to spot vulnerabilities in software assets as well as build out integrations with additional technology vendors. The company also will extend its approach to other areas of risk governance, such as IoT and identity, according to Bar-Dayan.
"All these different programs and all these different sensors eventually live under the same governance processes and the same enterprise workflows that lead to remediation," Bar-Dayan said.
Expanding in Europe
From a go-to-market perspective, Bar-Dayan said Vulcan wants to expand its presence in Europe, grow its customer success and support teams, and enhance its self-service product for smaller enterprises. Just 20% of Vulcan's business comes to regions outside North America today, and Bar-Dayan would like to increase that figure to 35% a year from now by building on the company's existing strength in Western Europe.
As far as metrics are concerned, Bar-Dayan said, Vulcan wants to keep doubling revenue on a year-over-year basis and increase its user footprint with existing customers while maintaining a strong cash position and financial stability. The typical Vulcan Cyber customer has more than 1,000 employees and $1 billion in revenue. Customers span the gamut of industry verticals.
The new funding comes less than two months after Vulcan Cyber joined established competitor Tenable atop the Forrester Wave for vulnerability risk management. That's a dramatic shift from fall 2019, when legacy players Tenable, Rapid7 and Qualys led the vulnerability risk management Forrester Wave and Vulcan Cyber - which had only gotten Series A funding a few months earlier - was nowhere to be found.
Vulcan Cyber, founded in 2018, employs 126 people and has now brought in $70 million of outside funding. The company most recently completed a $21 million Series B funding round in March 2021 led by Dawn Ventures. Vulcan was founded by ex-Cyberbit Marketing Director Bar-Dayan, ex-Cyberbit Chief Architect Tal Morgenstern - now Vulcan's CPO, and ex-BackBox R&D head Roy Horev - now Vulcan's CTO.
"As the threat landscape and attack surfaces grow in complexity and scale, Vulcan Cyber increasingly resonates with cybersecurity executives," Maor Investments Managing Partner Eric Elalouf said. "With a flexible architecture allowing integration to virtually any security tool in the market and adaptive risk prioritization, Vulcan Cyber is ideally positioned to lead the enterprise cyber risk management market."
Nearly 60% of Vulcan's workforce is based in Israel, approximately one-third is in the United States and the rest are spread across the United Kingdom, Canada, France and Australia, according to IT-Harvest. Roughly 45% of Vulcan Cyber's workforce is in the engineering department, and approximately 35% are in sales, 15% are in operations and the remaining 5% are in human resources, according to IT-Harvest.
IT-Harvest estimates Vulcan's annual recurring revenue is $14.6 million - or more than $113,000 per employee - with a valuation between $40 million and $54 million. Vulcan Cyber maintained the same valuation from when it closed the first tranche of its Series B funding in March 2021, but it didn't disclose the size of its valuation.