New York, NY - August 1, 2023 -- Silk Security, the first platform for sustainable cyber risk resolution, today announced the company’s public launch and $12.5 million in seed funding. The funding was led by global software investor Insight Partners and Hetz Ventures, with participation of the CrowdStrike Falcon Fund and seasoned cybersecurity angel investors including Shlomo Kramer, Mickey Boodaei and Rakesh Loonkar.
According to Orange CyberDefense’s Security Navigator 2023 research report, organizations already struggle to remediate the vulnerabilities they know about - putting their organizations at risk. Another report based on analysis of customer trends, found that the average time for resolution of critical findings is 184 days. In turn, vulnerability exploits remained a critical tool for adversaries to use against their targets, according to the Mandiant M-Trends 2023, accounting for the largest share of intrusions at 32%.The outcome is that risks go unremediated, and enterprises can’t effectively balance cyber risk resolution and business objectives. Also, current approaches are inefficient, with security teams spending as much as 40% of their time on remediating vulnerabilities.
Silk’s holistic approach enables security and operations stakeholders to collaboratively align finding risk with fixing risk - enhancing enterprise security and compliance posture, and centralizing visibility into risk resolution status. Silk Security was founded by three security professionals with backgrounds in security operations, software engineering and product development that felt first-hand how frustrating the current process of alert remediation is for practitioners, operational teams, and business stakeholders.
“As a former CISO, my teams wasted so much time managing findings out of multiple spreadsheets and then throwing them over the fence to infrastructure and DevOps teams. It was inefficient and impossible to prioritize,” said Steve Ward, managing director at Insight Partners. “Silk gives cybersecurity teams the ability to aggregate and prioritize findings in a way that simplifies an overwhelming space for the teams that are responsible for the fix.”
For many organizations, the complexity and rate of change in their environments have amplified challenges for managing cyber risk and compliance. Security teams wade through a flood of largely duplicative alerts from multiple detection tools, often can’t sustain a strategy to prioritize findings based on risk, business impact and contextualized threat severity - and then cannot consistently determine who should be responsible for the fix, and how to communicate a fix for those findings.
Operations teams, in turn, often lack the context needed to assign and operationalize the fix, and struggle to collaborate with security teams using their existing workflows - especially when requesting exceptions or accepting risk.
Silk’s platform is the first to address these interconnected challenges holistically, weaving together capabilities in a unified platform that address the discrete pain points which each team in the process experiences - enabling stakeholders to create a collaborative plan of attack to tackle their cyber risk issues.
Silk incorporates AI technologies to consolidate and contextualize findings from multiple detection tools, automates prioritization based on severity, asset profiles and environmental factors, and predictively assigns fix ownership. By connecting findings to assets, and understanding the infrastructure used to deploy and provision these assets, Silk is able to pinpoint the root cause for related run-time or production security findings - and advise on which fix will resolve multiple findings. Silk then helps security teams and fix owners to close the loop through actionable remediation advice, and can free up security teams from chasing fixers by automating the follow up process.
Silk automates ticketing and task routing across multiple instances of the same workflow tools, as well as integrations to multiple types of workflow tools within the same enterprise.
“Silk has revolutionized how we identify and prioritize vulnerabilities. Regardless of how we discover the issue, we have full visibility across the entire lifecycle all in a single interface,” said Michael Calderin, Director, Information Security and Compliance at YAGEO Group. That lets us make smarter, faster decisions and centrally track them through to completion.”
Existing niche tools focus on an aspect of the challenge, such as automated workflows that reduce the manual steps in a vulnerability management program, improving prioritization by tying vulnerabilities to asset information, or helping to reduce the noise from multiple detection tools.
However, without effective communication and collaboration, security findings will not be resolved; leaving organizations open to cyber security threats and compliance penalties - and with no consolidated approach to resolving and auditing cyber risk.
“Coming from a large financial institution, I witnessed first hand that the way security teams approach and collaborate to resolve risk is still stuck in the past, “ said Silk CEO and Co-founder Yoav Nathaniel. “Just as the IT environment has become distributed, so too has risk responsibility and ownership become distributed across operations and engineering teams. That is what led us to launch Silk Security. We wanted to find a way to extend and augment existing tools to automate and optimize this tedious risk resolution process so that teams can collaborate on the issues that put their business at risk.”
"With significant fragmentation across the modern security estate and limited resources, security practitioners face overwhelming operational challenges from investigating and triaging an enormous backlog of overlapping alerts," said Gur Talpaz, vice president corporate development and ventures at CrowdStrike. "Silk Security enables teams to cut through the noise by consolidating alerts into a unified risk framework to streamline remediation and ensure best-in-class security posture"
“Silk’s approach to breaking down silos in how cybersecurity teams identify and tackle risk in collaboration with other stakeholders stood out to us. Yoav, Bar and Or’s ability to execute on the vision of unifying findings from disparate tools into a single platform to drive clear, actionable tasks solidified our conviction that Silk can have a significant impact on the cyber security industry,” said Pavel Livshiz, General Partner at Hetz Ventures.
