Vicarius announces $24 million series 'A' funding

Vicarius developed the first fully autonomous end-to-end vulnerability remediation platform. The round was led by AllegisCyber Capital, JVP, and AlleyCorp.

Vicarius Founders (photo credit: RICKY RACHMAN)
Vicarius Founders
(photo credit: RICKY RACHMAN)

Vicarius, developers of the industry’s first fully autonomous end-to-end vulnerability remediation platform, today announced a $24 million Series A round to breathe new life into the vulnerability remediation market. AllegisCyber Capital, JVP, and AlleyCorp led the round with executives from Okta, SecurityScorecard, and Exabeam providing capital as well.

Founded by three security experts, Michael Assraf, Yossi Ze’evi and Roi Cohen, Vicarius equips IT and security teams with a fully automated and consolidated platform, TOPIA, to assess, prioritize and remediate vulnerabilities in applications, assets and operating systems. Traditional network and scanning-based tools focus exclusively on vulnerability discovery or patch management and can’t adapt to changing Work From Home infrastructure. Vicarius provides a cloud-first, integrated solution that closes the loop from discovery to remediation for today’s shift to remote work and cloud-based applications.

The vulnerability remediation process is split between two departments: 1) security, which identifies and prioritizes vulnerabilities, and 2) IT, which remediates them. Security teams are committed to reducing the risk introduced by technology, while IT teams want to keep operations running smoothly and efficiently with minimal interruption or downtime. This creates an inherent conflict of interests, which is exacerbated by the lack of product integration, one of the biggest hurdles in vulnerability remediation today.

“The misalignment and ensuing friction between security and IT is a 15-year-old problem that still hasn’t been solved. From our experience working in these roles, we understand the pain and frustration of not having a streamlined solution. By consolidating down the vulnerability remediation process to one platform and eliminating the complexity associated with siloed products and closed communication channels, we are bringing security and IT teams together under one roof to take action and reduce risk,” says Michael Assraf, CEO of Vicarius.

Vendor-dependent remediation has also remained a problem in the industry since its inception. The process from vulnerability disclosure to patch release, to deployment and testing, takes on average four to six months. During this time, software could be exposed to a Common Vulnerabilities and Exposure (CVE), putting the organization at risk of exploitation.

TOPIA, a cloud-based, cloud-first product, reverses this decades-old problem and breaks the dependence on vendor patches. Using machine-generated data prioritization to detect emerging threats according to client-specific asset properties, TOPIA analyzes proprietary and third-party applications for vulnerabilities without official CVEs, alerting customers to vulnerability often before the vendor is aware. When a vendor patch isn’t available, TOPIA autonomously applies Patchless Protection™, an in-memory protection technology that lets companies secure applications without software upgrades. By uniquely mapping software DNA and learning its structure, TOPIA detects abnormal software files to prevent supply-chain attacks.

Because Vicarius provides threat insight as well as extensive patching capabilities and prioritization, IT and security teams have a deeper understanding of what is vulnerable, how much risk is present and where patches have been applied. As a result, CISOs and IT administrators achieve safer networks and a lower likelihood of exploitation through cooperation.

“Vicarius has a strong team, clear vision, and exceptional technology. Perhaps what we like most, however, is their determination to fix a broken system. With this problem-solving spirit, they have great potential to become a market leader. We are excited to participate in Vicarius’ vision and help them execute go-to-market strategies,” says Gadi Porat, general partner of JVP.

“As a team, we have a great deal of experience in the Vulnerability Management space and have known that it has been ripe for investment for some time. Vicarius has finally cracked the nut on what’s next, building a product that actually reduces risk rather than just assessing it. We’re thrilled to be able to partner with Michael and the team as they bring their solution to the broader market – estimated to be $18 billion for vulnerability discovery, prioritization and remediation combined,” says Michael Feiertag, partner at AllegisCyber Capital.