Software vulnerability management leader Spektion announced the general availability of its purpose-built solution (Spektion), enabling vulnerability management teams to address software risks based on their runtime behavior proactively. The company also revealed that it was backed with a $5 million seed funding round led by LiveOak Ventures. The funding round also included participation from Tau Ventures and Dauntless Ventures.
And this launch marks Spektion’s emergence from stealth mode after months of research and development, in collaboration with early customers, to create a robust solution, built by practitioners for practitioners, that leverages runtime data and software behavior analytics.
Spektion is a solution created for security teams by security experts to tackle a massive gap in software security:
1.) CEO and Co-founder Joe Silva previously served as the Global CISO of Jones Lang LaSalle (JLL) and the Senior VP of Cybersecurity and Fraud at TransUnion.
2.) CTO and Co-founder Josh Skorich founded the Dolos Group, a premier boutique consulting practice specializing in red teaming and vulnerability research, and previously led Red Team at TransUnion.
3.) R&D Head and Co-founder Julien Maladrie held senior roles in offensive security and malware research with JLL, TransUnion, Symantec, and the European Commission.
During their time, Silva, Skorich, and Maladrie identified a persistent flaw in legacy software vulnerability management: the critical lack of real insights, beyond CVE disclosures, into how software can be exploited and the impact of exploitation based on its system access and behavior. And they saw this problem worsening with AI-generated software proliferating, particularly internally developed software used within organizations and outside the typical scope of CVE discovery. They also concluded that legacy solutions relying primarily on CVEs offer teams outdated, inadequate, and low-quality data that fail to prioritize patching and enable mitigation solutions sufficiently.
With Spektion, security teams can measure software security risks and continuously monitor for new exploitable risks that have not yet been disclosed as CVEs. They can then understand the potential impact of exploits to prioritize remediation and, via integrations with leading threat detection and response solutions, implement controls to detect and prevent risks that can’t be immediately remediated.
Spektion does not depend on static data or predefined vulnerabilities like traditional legacy vulnerability management tools. Its unique technology provides actionable insights into software’s runtime vulnerabilities, allowing organizations to identify and mitigate risks before they escalate into critical issues.
KEY QUOTES:
“We founded Spektion to break the cycle of ineffective vulnerability management. The current approach is reactive, inefficient, and fails to significantly reduce risk, despite considerable resource investments. Today’s software vulnerability management for commercial, open source, and homegrown applications is stuck in the same paradigm as early antivirus solutions — relying on static data points that can’t keep pace with the dynamic nature of vulnerabilities and lacking the insights that runtime solutions offer. This outdated approach leaves organizations perpetually vulnerable, just as traditional antivirus eventually proved inadequate against evolving threats such as zero days and sophisticated malware.”
- Joe Silva
“Vulnerability management – one of the critical functions of every cybersecurity team – is fundamentally broken. It’s stuck in a never-ending, reactive struggle with backlogs that continue to grow. We are excited to partner with the Spektion team to solve one of today’s biggest challenges in cybersecurity. Their deep operational and domain expertise has led them to a revolutionary approach that enables security teams to be proactive and stay ahead of the problem. Spektion has hit the ground running, signing up blue-chip customers less than a year since its founding—a testament to both the unmet demand for such a solution and the Spektion team’s ability to capture it.”
- Creighton Hicks, Partner at LiveOak Ventures
“Spektion’s entire basis comes from a red teaming perspective. In a perfect world with unlimited resources, organizations would continuously red team their software to model risks and identify mitigations. We built Spektion as a solution to continuously purple team all of your software, ensuring your risk visibility and threat defenses stay on par with the evolving risks in your environment. All baked into one solution. There are no other solutions, currently, that do what we do.”
- Spektion CTO and Co-founder Josh Skorich
