Xeol – a New York City-based cybersecurity company – recently announced that it raised $3.2 million in Seed funding led by Shield Capital, with Y Combinator and 468 Capital also participating.
Cyber attacks against private enterprises’ software supply chains have been multiplying rapidly. And software supply chains must be secured just as industrial supply chains are secured from components to assembly to delivery. This is becoming even more of a pressing issue as open-source software use and attack surfaces widen.
Xeol’s focus is securing software throughout its lifecycle, beginning at the code repository and continuing through delivery to customers. And the team starts by managing enterprises’ end-of-life software whose publishers no longer provide security patches.
Attackers usually gain access to vulnerable systems by phishing and then exploiting unpatched software. And PCI 4.0, a security standard for handling payment card data, will mandate that companies have a program to manage end-of-life software, highlighting the growing threat surface.
Since launching the company four months ago, Xeol signed its first Fortune 500 customer. And for this customer, the team was able to identify more than 2,000 end-of-life software components and reduce the company’s exposure by 60%.
ShiHan Wan is the co-founder and CEO of Xeol. And he helped build 2 startups (Ada and Electric) from early stages to unicorn. Wan was also previously Director of Platform Engineering at Electric responsible for application security, infrastructure security, SRE, and frontend and backend platforms. Prior to that Wan was the founding engineer at Ada building out the messaging and bot platform that handled 100 million of messages a day.
Benji Visser is the co-founder and CTO of Xeol. And Visser was the first infrastructure and security engineer at AI unicorn Ada responsible for all things security, compliance, and infrastructure. Afterwards, he helped develop SRE best practices at Datadog and develop their service catalog product. His open-source tools are used by engineers at Google, Apache, and Red Hat every day.
KEY QUOTES:
“Now is the right time to come out of stealth mode to tackle the software supply chain problem with foundational standards like Software Bill of Materials (SBOM) and Supply-chain Levels for Software Artifacts (SLSA) gaining traction. These standards allow us to go much deeper and be much more accurate with supply chain risks like outdated software”
- Xeol CEO ShiHan Wan
“Xeol is building the next generation of protection for the software we rely on every day to run our businesses. This software makes up a part of our national critical infrastructure and must be protected.”
- Mike Brown, SHIELD partner and former Symantec CEO
