Below is a Q&A session with Yaniv Bar-Dayan CEO and cofounder of Vulcan Cyber, which he founded in 2018 with friends and fellow cyber experts Roy Horev, CTO, and Tal Morgenstern, CPO. Yaniv has deep experience in technology, having started his career as an Intelligence and Cyber Analyst for the IDF. He applied these skills later on in the private sector for several years before founding Vulcan as the world’s first continuous vulnerability remediation platform.
What is Vulcan Cyber and what inspired its founders to build the Vulcan Cyber Remediation Orchestration Platform?
Vulcan Cyber is the world’s first SaaS platform for vulnerability remediation orchestration that can be used to address a major gap in the cybersecurity market – known yet unremediated application, cloud and IT vulnerabilities continue to be the leading cause of enterprise security breaches and hacks. Vulnerability management tools used for scanning and prioritization have been around for decades but IT security teams still struggle to actually fix vulnerabilities in a way that prevents future risk and can stay ahead of new vulnerabilities at web scale.
CEO & Co-Founder at Vulcan Cyber
The company was founded in 2018 by cyber experts and friends Yaniv Bar-Dayan, CEO, Roy Horev, CTO, and Tal Morgenstern, CPO. After each founder gained experience in Israeli military intelligence, they sought to apply lessons-learned around cybersecurity to help the enterprise community at large. One of the issues they immediately saw was that vulnerability management practices, where the rubber meets the road in cybersecurity, were failing and leaving organizations exposed. While zero-day threats and next-gen attacks were receiving significant attention, companies needed a way to mitigate the state of continuous exposure. To them, the only way that made sense was through continuous remediation. And so they built the Vulcan Cyber Remediation Orchestration Platform to fill this gap.
The Vulcan Cyber Remediation Orchestration Platform is used by enterprise application, DevOps, ITOps and security teams to address this precise issue – to get fix done at scale and reduce business risk by reducing vulnerability dwell time and automating the most-tedious, yet critical vulnerability management tasks from scan to fix.
What is vulnerability remediation? Is it different from vulnerability management?
On paper, vulnerability remediation is a simple concept to explain: it’s the process of finding the weak spots in your network – areas that are exploitable by malicious actors – and then finding and applying remedies to them. However, over 14,7000 new vulnerabilities were reported over two years in 2017 and 2018. The result is an unhealthy animosity between security and IT teams, and overworked IT organizations being stretched beyond capacity, a situation that’s ideal for neither IT teams nor the companies they work for.
Vulnerability management, on the other hand, is generally understood to be an organized effort to identify vulnerabilities and planning an appropriate response. Remediation, by comparison, is the desired outcome of a vulnerability management beginning, focused on fixing vulnerabilities once they’re identified and prioritized for the business.
Within the risk-based vulnerability management and prioritization market, which is only a single element of a mature vulnerability remediation program, we have been competitive with vendors like Kenna Security and Brinqa. But with the release of Vulcan Free we are conceding that end of the market as commoditized, and we are now offering the Vulcan vulnerability prioritization engine for free. The conversation in our market needs to evolve beyond vulnerability scan and prioritize and move aggressively towards remediation orchestration and analytics so security and IT teams can work to get fix done and reduce business risk.
Why are vulnerabilities such a critical security issue? What challenges and risks do they create for businesses?
With the emergence of cloud and changes in enterprise infrastructure, company networks are more exposed than ever to external threats. Companies started to use more third-party cloud services, such as AWS and Azure, as well as open-source software, all of which effectively expose new attack vectors to hackers and other malicious actors. The massive growth in the number of vendors and multi-platform solutions has also forced companies to expose their networks to more use cases. While solutions have generally kept pace with this greater exposure, these changes have resulted in businesses, especially SaaS suppliers, to face greater risks from the additional software interacting with their networks.
Adding fuel to the fire, the switch to agile development has increased this risk because of the new approach’s preference for rapid releases, which has resulted in more moving parts, and more software entering the public arena without being adequately tested.
In addition, the emergence of SaaS demands that software be available 24×7, eliminating the ability for sites to shut down as they did 10 years ago to perform maintenance, which included patching vulnerabilities. The combination of agile development and the demand for continuous availability has resulted in companies’ core, mission-critical software constantly changing, making it continuously, potentially vulnerable.
These factors have caused a veritable flood of vulnerabilities that are simply too much for teams to handle. With too many vulnerabilities out there, too little time to fix them all, and too much at stake, vulnerability remediation is more important than ever.
How does Vulcan Cyber help businesses combat the threat of vulnerabilities?
The Vulcan Cyber remediation automation platform enables security teams, for the first time ever, to actually have line of sight, and some semblance of control, into affecting remediation outcomes. Our platform pinpoints the most business-critical threats, according to the unique risk they pose to the environment, and offers a range of options to fix them. Then, the platform enables the user to orchestrate and automate the solutions, scaling up the process of remediation through automation and orchestration.
We offer both off-the-shelf and customizable playbooks to ensure that threats are addressed in the most efficient and impactful way possible. Our customers use our platform to prioritize threats based on the subjective risk they pose to their environments, which is assessed by incorporating security data extracted from vulnerability scanners, service relationship data derived from CMDBs, network architecture and configuration data from integrations across asset inventories, and threat intelligence gathered from dozens of feeds. Based on this, security teams can rest assured that they’re working the right vulnerability at the right time. Further, our proprietary remediation intelligence database contains thousands of curated solutions and fixes to help IT security teams efficiently remediate.
What kinds of companies are using Vulcan Cyber?
We have dozens of enterprise customers using the full Vulcan Cyber remediation orchestration platform, and thousands of freemium users of Vulcan Free for risk-based vulnerability management and prioritization, and Remedy Cloud for remediation intelligence.
What are some best practices to get started creating a vulnerability remediation program?
There are a few critical components of an effective vulnerability remediation program. Of course there are a variety of tools that can augment a team’s capacity to automate and implement the program, especially at scale. But the most important part is to ensure all contributing members of involved teams across IT, engineering and security are aligned on an objective to get fix done. These objectives should include:
- Increasing company visibility into cyber hygiene status and remediation outcomes. Communication with decision makers in the C-suite, as well as among IT security managers about the importance of remediation, their particular stake in remediation efforts, and how they can make the most of the shared effort is key to deploying a successful remediation program.
- Guard your CI/CD pipeline. Too many vulnerabilities are being pushed to production unknowingly as a result of sloppy CI/CD practices. Safeguarding this pipeline from open source code vulnerabilities by using any of several free and open source scanning tools is an essential first step.
- Maintain a complete inventory of your IT assets from endpoints, to network and infrastructure, storage and cloud services. In order to accurately assess risk posed by particular vulnerabilities, you must have complete visibility into your network, including what assets are on it and how they interact.
- Know which vulnerabilities are out there, and prioritize according to risk. It’s easy to find a list of vulnerabilities with “objective” ratings such as the CVSS, but it’s essential that security teams prioritize vulnerabilities based on the potential impact on your specific network.
- Think twice before you patch. There’s no doubt that in many cases, applying a patch is the best way to remediate a vulnerability. However, patches can still be risky and cause downtime, especially if they are not properly tested which takes time and increases exposure windows. Sometimes a configuration change is enough, or a workaround or compensating control. That’s why Vulcan Cyber developed its proprietary remediation intelligence database that informs security teams of the most efficient solution to any vulnerability, many of which can be deployed automatically at scale using preferred patch management, endpoint mitigation, or configuration automation tools.
What are the types of remediation tools teams need to establish such a program?
There’s an abundance of tools that can help establish such a program; the key is to leverage them all within a cohesive and structured framework.
But as the scale of vulnerabilities increases, it becomes essential to automate as much of the remediation process as possible. Scanning tools alone will only reveal potential problems; addressing them requires more resources. Automation is essentially the only practical way to implement remediation, simply due to the size and complexity of the networks and components involved.
What are some of the pitfalls companies fall into in this process?
While the challenges each organization encounters will depend largely on the unique elements of that organization, there are several common traps we’ve seen companies fall into when implementing a remediation program.
First, don’t just default topatching everything. Sometimes a patch is like bringing a flamethrower to a knife fight. This is an understandable impulse, but with tens of thousands of vulnerabilities being discovered each year, keeping pace is simply impossible right now. Moreover, patching carries its own risks, so this strategy doesn’t leave room to implement the most efficient course of action when, for example, a workaround would work better. Further, many vulnerabilities won’t pose any threat to your network at all. It’s crucial, given the scale of the task, to focus on the critical problems.
This leads to the second trap we see frequently: focusing on the wrong threats. How does one identify the most important threats? There’s the Common Vulnerability Scoring Systems (CVSS) that ranks vulnerabilities by severity. However, the score doesn’t tell the whole story. Many of the higher-ranked vulnerabilities are extremely difficult or totally inaccessible for most threat actors to exploit, while many lower-ranked threats have active exploits. Relying on CVSS alone can lead to ignoring some of the threats that pose the greatest risk. It’s important to evaluate vulnerabilities based on how they relate to your organization’s network in particular.
How does Vulcan Cyber help avoid these pitfalls?
Our platform pinpoints the most business-critical threats, according to the unique risk they pose to the environment rather than simply a CVSS score, and offers a range of options to handle them ranging from patches to configuration changes and other solutions. Then, the platform enables the user to drive remediation outcomes, scaling the process of remediation through automation and orchestration. Finally, cyber security organizations need the ability to measure and analyze the effectiveness of their efforts.
Essentially, Vulcan Cyber centralizes the entire process under one framework, allowing security and IT teams to measure and iterate at the pace and scale they need to in order to effectively guard against the modern threat environment.
What is unique about Vulcan Cyber that will help companies address critical security concerns both now and in the future?
Vulcan Cyber ships with dozens of integrations to the tools most used by IT security teams to automate various parts of a remediation campaign. We don’t typically tell teams to replace their tools with Vulcan Cyber, but we just help them get the most out of the tools and investments they’ve already made. We are also able to ingest the data generated by these tools and make sense of it all for the purpose of efficient remediation.
Most of our customers will come to us with massive datasets of vulnerabilities found in their environments, but there is no way they can fix them all…and they probably don’t have to. The Vulcan Cyber risk-based vulnerability management engine applies intelligent risk algorithms to massive datasets comprising vulnerability scan data, threat intelligence, IT asset data, and customizable risk weightings, to generate prioritized, actionable remediation campaigns that target risk to the customer’s unique business.
Related Categories