Vicarius, a New York-based startup that has developed an autonomous vulnerability remediation platform, has raised $24 million in Series A funding to protect organizations from the next major supply-chain attack.
The current vulnerability remediation situation isn’t working, Vicarius tells TechCrunch. It’s a process split between two departments — security teams, which identify and prioritize vulnerabilities, and IT, which remediate them while focusing on keeping operations running smoothly, creating an inherent conflict of interests. It’s also a process that remains “super vendor dependent,” according to Michael Assraf, CEO of Vicarius.
The process from vulnerability disclosure to patch release, to deployment and testing takes on average four to six months, he says, and during this time new vulnerabilities could be introduced, putting the organization at risk of a SolarWinds-style intrusion or Log4j attack.
That’s what Vicarius wants to change. The startup’s cloud-based platform consolidates down the vulnerability remediation process, and analyses proprietary and third-party applications for vulnerabilities.
Vicarius has visions greater than preventing the next big supply-chain cybersecurity fallout. The company — which currently has 150 customers including the UK’s National Health Service and Ingram Micro — tells TechCrunch that it ultimately wants to build a machine that creates value to community security. The startup’s research center, for example, makes information about vulnerable software available to the general public, and its next plan is to create a social platform to assist security engineers – even if they’re not a Vicarius customer.
“If someone is searching how to fix a CVE, for example, we will offer it completely for free,” Assraf said. “I think this is something that is missing today in the security community – you don’t have a lot of free resources and everything is proprietary.”
These plans will be fueled by the company’s $24 million Series A raise, which was led by AllegisCyber Capital, JVP and AlleyCorp, with executives from Okta, SecurityScorecard, and Exabeam also providing capital. With the funds, which have been raised two years after the startup’s $5 million seed round, it’s also aiming to triple its number of employees and expand its go-to-market strategy.
“A lot of the time you will find startups are trying to fix very specific, niche problems,” Assraf said. “We’re going after a very big problem in the world of cybersecurity.