Silk Security – the first platform for sustainable cyber risk resolution – recently announced the company’s public launch and $12.5 million in seed funding. The funding round was led by Insight Partners and Hetz Ventures, with the participation of the CrowdStrike Falcon Fund and seasoned cybersecurity angel investors, including Shlomo Kramer, Mickey Boodaei, and Rakesh Loonkar.
Organizations are constantly dealing with vulnerabilities, which could take months to resolve critical findings. These vulnerabilities have become tools for adversaries. As a result, enterprises cannot effectively balance cyber risk resolution and business objectives. Plus, the current approaches are inefficient, with security teams spending as much as 40% of their time fixing vulnerabilities.
Silk’s enables security and operations stakeholders to collaboratively align finding risk with fixing risk, enhancing enterprise security and compliance posture and centralizing visibility into risk resolution status. And Silk Security was founded by three security professionals with backgrounds in security operations, software engineering, and product development who saw first-hand how frustrating the current process of alert remediation is for practitioners, operational teams, and business stakeholders.
For many organizations, the complexity and rate of change in their environments have significant challenges in managing cyber risk and compliance. And security teams wade through a flood of largely duplicative alerts from multiple detection tools, often cannot sustain a strategy to prioritize findings based on risk, business impact, and contextualized threat severity, and then cannot consistently determine who should be responsible for the fix, and how to communicate a fix for those findings.
Silk’s platform is the first to address these interconnected challenges holistically, weaving together capabilities in a unified platform that addresses the discrete pain points that each team in the process experiences, enabling stakeholders to create a collaborative plan of attack to tackle their cyber risk issues. And Silk integrates AI technologies to consolidate and contextualize findings from multiple detection tools, automates prioritization based on severity, asset profiles, and environmental factors, and predictively assigns fix ownership.
By linking findings to assets and understanding the infrastructure used to deploy and provision these assets, Silk is able to pinpoint the root cause for related run-time or production security findings and advise on which fix will resolve multiple findings. Then the company helps security teams and fix owners to close the loop through actionable remediation advice and can free up security teams from chasing fixers by automating the follow up process.
Silk Security automates ticketing and task routing across multiple instances of the same workflow tools and integrations to multiple types of workflow tools within the same enterprise. The existing niche tools focus on an aspect of the challenge like automated workflows that reduce the manual steps in a vulnerability management program, improving prioritization by tying vulnerabilities to asset information, or helping to reduce the noise from multiple detection tools. But without effective communication and collaboration, security findings will not be resolved, leaving organizations open to cyber security threats and compliance penalties and with no consolidated approach to resolving and auditing cyber risk.
KEY QUOTES:
“As a former CISO, my teams wasted so much time managing findings out of multiple spreadsheets and then throwing them over the fence to infrastructure and DevOps teams. It was inefficient and impossible to prioritize. Silk gives cybersecurity teams the ability to aggregate and prioritize findings in a way that simplifies an overwhelming space for the teams that are responsible for the fix.”
— Steve Ward, managing director at Insight Partners
“Silk has revolutionized how we identify and prioritize vulnerabilities. Regardless of how we discover the issue, we have full visibility across the entire lifecycle all in a single interface. That lets us make smarter, faster decisions and centrally track them through to completion.”
— Michael Calderin, Director, Information Security and Compliance, YAGEO Group
“Coming from a large financial institution, I witnessed first hand that the way security teams approach and collaborate to resolve risk is still stuck in the past. Just as the IT environment has become distributed, so too has risk responsibility and ownership become distributed across operations and engineering teams. That is what led us to launch Silk Security. We wanted to find a way to extend and augment existing tools to automate and optimize this tedious risk resolution process so that teams can collaborate on the issues that put their business at risk.”
— Silk CEO and Co-founder Yoav Nathaniel
“With significant fragmentation across the modern security estate and limited resources, security practitioners face overwhelming operational challenges from investigating and triaging an enormous backlog of overlapping alerts. Silk Security enables teams to cut through the noise by consolidating alerts into a unified risk framework to streamline remediation and ensure best-in-class security posture.”
— Gur Talpaz, vice president corporate development and ventures at CrowdStrike
“Silk’s approach to breaking down silos in how cybersecurity teams identify and tackle risk in collaboration with other stakeholders stood out to us. Yoav, Bar and Or’s ability to execute on the vision of unifying findings from disparate tools into a single platform to drive clear, actionable tasks solidified our conviction that Silk can have a significant impact on the cyber security industry.”
— Pavel Livshiz, General Partner at Hetz Ventures