Tel Aviv, New York, NY—February 9, 2022— Vicarius, developers of the industry’s first fully autonomous end-to-end vulnerability remediation platform, today announced a $24M Series A round to breathe new life into the vulnerability remediation market. AllegisCyber Capital, JVP, and AlleyCorp led the round with executives from Okta, SecurityScorecard, and Exabeam providing capital as well.
Founded by three security experts, Michael Assraf, Yossi Ze’evi and Roi Cohen, Vicarius equips IT and security teams with a fully automated and consolidated platform, TOPIA, to assess, prioritize, and remediate vulnerabilities in applications, assets, and operating systems. Traditional network and scanning-based tools focus exclusively on vulnerability discovery or patch management and can’t adapt to changing WFH infrastructure. Vicarius provides a cloud-first, integrated solution that closes the loop from discovery to remediation for today’s shift to remote work and cloud-based applications.
The vulnerability remediation process is split between two departments: (1) security, who identify and prioritize vulnerabilities, and (2) IT, who remediate them. Security teams are committed to reducing the risk introduced by technology, while IT teams want to keep operations running smoothly and efficiently with minimal interruption or downtime. This creates an inherent conflict of interests, which is exacerbated by the lack of product integration, one of the biggest hurdles in vulnerability remediation today.
Current vulnerability discovery tools provide only scanning from the network with no ability to remediate or prioritize. On the other hand, patch management tools are limited in that they don’t provide any threat intelligence. The siloed nature of these tools prevents IT admins and CISOs from collaborating on important risk reduction and operational decisions.
“The misalignment and ensuing friction between security and IT is a 15-year-old problem that still hasn’t been solved. From our experience working in these roles, we understand the pain and frustration of not having a streamlined solution. By consolidating down the vulnerability remediation process to one platform and eliminating the complexity associated with siloed products and closed communication channels, we are bringing security and IT teams together under one roof to take action and reduce risk,“ says Michael Assraf, CEO, Vicarius.
Vendor-dependent remediation has also remained a problem in the industry since its inception. The process from vulnerability disclosure, to patch release, to deployment and testing takes on average four to six months. During this time, software could be exposed to a CVE, putting the organization at risk of exploitation.
TOPIA, a cloud-based, cloud-first product, reverses this decades-old problem and breaks the dependence on vendor patches. Using machine-generated data prioritization to detect emerging threats according to client-specific asset properties, TOPIA analyzes proprietary and third-party applications for vulnerabilities without official CVEs, alerting customers to a vulnerability often before the vendor is aware. When a vendor patch isn’t available, TOPIA autonomously applies Patchless Protection™—an in-memory protection technology that lets companies secure applications without software upgrades. By uniquely mapping software DNA and learning its structure, TOPIA detects abnormal software files to prevent supply-chain attacks.
Because Vicarius provides threat insight as well as extensive patching capabilities and prioritization, IT and security teams have a deeper understanding of what is vulnerable, how much risk is present, and where patches have been applied. As a result, CISOs and IT administrators achieve safer networks and lower likelihood of exploitation through cooperation.
“Vicarius has a strong team, clear vision, and exceptional technology. Perhaps what we like most, however, is their determination to fix a broken system. With this problem-solving spirit, they have great potential to become a market leader. We are excited to participate in Vicarius’ vision and help them execute go-to-market strategies,“ says Gadi Porat, General Partner, JVP.
With the investment, Vicarius will expand its team, aiming to triple the number of employees by next year. They will grow their sales, support, and engineering operations to assist over 150 customers across every vertical. CISOs from leading tech companies, Fortune 500 and others have emphasized the ease with which TOPIA centralizes and consolidates work between IT and security teams, leading to a more efficient patching workflow. Vicarius’ Research Center and community of active partners has accelerated the rapid growth and adoption of its technology as well.
“As a team, we have a great deal of experience in the Vulnerability Management space and have known that it has been ripe for investment for some time. Vicarius has finally cracked the nut on what’s next, building a product that actually reduces risk rather than just assessing it. We’re thrilled to be able to partner with Michael and the team as they bring their solution to the broader market – estimated to be $18 billion for vulnerability discovery, prioritization and remediation combined,” says Michael Feiertag, Partner, AllegisCyber Capital.
About Vicarius: Vicarius helps security teams protect their most critical apps and assets against software exploitation through TOPIA, the company’s autonomous end-to-end vulnerability remediation platform. Founded by three security experts with offices in New York and Israel, Vicarius’ mission is to provide customers with problem-solving solutions that proactively reduce risk wherever computer software resides.