DeepSurface Security today announced $1 Million in seed funding to launch the industry’s first automated Predictive Vulnerability Management suite of tools. The company, which has been in beta for the past year with several large healthcare, SaaS, and financial services businesses, allows cybersecurity teams to automate the stubbornly manual and imprecise process of analyzing and prioritizing vulnerabilities on enterprise networks. Led by Cascade Seed Fund and joined by SeaChange Fund and Voyager Capital, the company will use the funds to publicly release their product in Q4 and to expand their team in the Portland area.
As networks have become more complex with the addition of cloud computing, mobile devices, and IoT, published software vulnerabilities have accelerated roughly 12% year over year, with over 22,000 security vulnerabilities published in 2019 alone. These vulnerabilities affect product integrity, stability and reliability. While vulnerability scanners can identify the thousands of vulnerabilities that may exist on an enterprise network, cybersecurity staff must still manually sort through the flagged vulnerabilities and identify which are the most important to patch first and which are false positives. At the same time, global demand for cybersecurity professionals has outstripped supply, creating a critical cybersecurity skills gap and talent shortage.
DeepSurface’s Predictive Vulnerability Management platform helps to solve this problem by automating the discovery, accurate prioritization, and research for remediation of vulnerabilities leading to real risk reduction on their networks. Not meant to replace vulnerability scanners, but to pick up where they leave off, DeepSurface automatically collects deep knowledge of user permissions and activity, application permissions, host configurations, and the location of sensitive data to create a detailed threat model and map of all exploitation pathways through a network caused by unpatched software. Most importantly, DeepSurface computes the risk of each vulnerability and risk pathway based on potential impact to critical assets. By arming teams with actionable intelligence and the contextual analysis they need to measure and prioritize risk, teams can objectively prove where they should spend their time to reduce the most risk.
“With essential information stored on networks and the cloud, it’s critical that companies patch the vulnerabilities most dangerous to them promptly before they cost a company damage to their brand and revenue” said DeepSurface CEO James Dirksen. “With Deep Surface’s unique mapping, wayfinding capabilities and actionable intelligence, security teams are finally able to attack the most dangerous vulnerabilities first with precision allowing teams to optimize the time spent on the areas of greatest risk.”
According to Gartner, “end-user spending for the information security and risk management market is estimated to grow at a compound annual growth rate of 8.2% from 2019 through 2024 to reach $207.7 billion in constant currency.”1
“Despite the large investments many companies are making in risk management solutions, choosing which vulnerabilities to address first remains a stubbornly manual and imprecise process,” said Robert Pease, Managing Director of Cascade Seed Fund. “As more and more companies look to improve their risk reduction systems, automation is a natural next step. We found that DeepSurface has built a compelling solution for predictive vulnerability management and are excited to see where this investment takes them.”
Founded in 2017 the Portland-based company is led by CEO James Dirksen, a veteran Portland entrepreneur who bought and grew web categorization company RuleSpace, LLC and sold it to Symantec, and Tim Morgan, a leading penetration and application security tester. They are joined by a strong bench of advisors that includes Dwayne Melancon, former Chief Technology Officer at Tripwire; Dave Cole, former Chief Product Officer at Tenable; John Ewert, former Chief Operating Officer at Palo Alto Networks; and Rob Wiltbank, Chief Executive Officer of Galois, Inc.
“Finally a vulnerability tool that will identify exactly what to fix and the patch to deploy in priority of risk to the enterprise” said Diane Fraiman, Managing Director Voyager Capital.”This is hard to do and positions DeepSurface in a great position to gain market leadership. Voyager Capital is excited to be part of this growth opportunity.”
The beta version of DeepSurface is in use by large enterprise healthcare, SaaS, and financial companies. General availability will be available in Q4, 2020, and the company is scheduling preview tours of the product to vulnerability management teams and CISOs now.