Remedy Cloud will be offered on a freemium model, with the company seeing the freemium version as an effective presale tool for channel partners to demonstrate the remediation capabilities of the platform.
Vulcan Cyber, a Tel Aviv-based startup that offers a platform that brings what they consider to be a unique combination of automation and remediation to vulnerability management, has announced a new offering, Vulcan Remedy Cloud. It’s a service with a freemium model, with a free community version and a paid enterprise version. Remedy Cloud utilizes a large database of vulnerability fixes to help teams identify and align on the best remedies for a task, streamlining remediation by enabling security and IT teams to align on a remediation strategy.
Yaniv Bar-Dayan, Vulcan Cyber co-founder and CEO, is a 12-year cybersecurity veteran, with a background in the Israeli IDF and several years at Cyberbit, a spinoff of the Israeli defense giant Elbit Systems.
“There are many broken parts in how vulnerability management is being done today,” Bar-Dayan said. “It’s just impossible to succeed, and the customer is bound to fail.”
That’s the case, he noted, even though 99% of vulnerabilities exploited are not Zero Day threats or APTs, but are ones which are known and well-disclosed, generally for over a year. He also noted that 60% of the breaches from a recent Verizon report were from a vulnerability. And the late 2017 data breach to Equifax, which was the result of an unpatched vulnerability, was the catalyst for the present explosion in the market.
“We realized a key problem in the vulnerability management market is focused on detection,” Bar Dayan stated. “There are good tools out there, but what they do is detect vulnerabilities and this is where it ends. So everything that is done is manual, from top to bottom. The average enterprise in the US spends 450 hours a week on vulnerability patch management.”
Another problem, he said, is that it is incredibly hard to answer the simple question of what remediation possibilities exist, particularly since security engineers work in a different language from DevOps.
“The third point of friction is these tasks being thrown over the fence by security to DevOps,” Bar Dayan indicated. “There are hundreds a day. They can’t do it manually.”
Vulcan Cyber consolidates data and provides a list of vulnerabilities across siloes and routes and automates the response in a scalable manner.
“We reduce about 85% of manual workforce activity – and we are planning to reduce more,” Bar Dayan said.
He emphasized that Vulcan’s solution here is unique.
“No one else drives all the way to remediation like we do,” Bar Dayan indicated. “There are other vendors who consolidate and prioritize vulnerabilities. The automation and patching capabilities are unique to Vulcan. We do see Do-it-yourself work taking place in larger enterprises, but these are expensive to maintain.”
The new offering, Remedy Cloud is a standalone, freemium version of existing Vulcan Cyber functionality within the Vulcan platform called Remediation Intelligence. It automates and orchestrates vulnerability remediation from “found-to-fixed,” which facilitates a much more collaborative, automated and efficient transition of remediation tasks between security and IT operations teams.
“Remedy Cloud uses a database compiled from hundreds of sources, which then connects to tools of other teams and distributes to the right person,” Bar Dayan said. “It is a composition of two engines. One corrals from different vendor databases. This involves a very significant data problem – the relationship between vulnerabilities and patches. The other part knows how to translate the knowledge into something actionable for automating scripts for software like Ansible or Chef.” All of this, he added, was done in a single pane of glass for security, and so the data can be democratized so DevOps and engineers can remain in their own platforms.
Remedy Cloud’s freemium model has both a free community version and an Enterprise version that costs money.
“The community version is for DevOps, patch and vulnerability management,” Bar Dayan said.
Vulcan Cyber has a hybrid Go-to-Market model, with the channel model consisting of both VARs and MSSPs.
Bar Dayan said that the freemium version will be useful to partners as a customer presales tool.
“It will let everyone understand the value of the Remedy platform, and our ‘ Remediation First’ focus,” he said. “Partners can use this to show value very quickly to customers.
In 2021, Vulcan Cyber will be expanding its partner program, Bar Dayan indicated.