Lexington MA-based VulnCheck, which combines vulnerability and exploit data, has made its first major move into the channel. The big news is the launch of the VulnCheck Partner Program, a new one which gives partners the tools, resources and support to address the outsized need for real-time exploit and vulnerability intelligence at scale.
“We are building the biggest dataset in the world of vulnerability and exploit data,” said Tom Bain, Chief Marketing Officer at VulnCheck. “It is all about taking two markets and putting them together, from the largest to the smallest. While there are some other commercial solutions with analysts, who build out artifacts as part of that, we provide exclusive access to Initial Access Intelligence Artifacts, including Snort and Suricata detection signatures, YARA rules, full packet capture (PCAP), and Censys, Greynoise and Shodan queries.
VulnCheck delivers the most comprehensive, real-time exploit and vulnerability intelligence, autonomously collected at the time of disclosure. This allows teams to counter emerging cyber threats with unprecedented context into threat actor activity, ransomware associations and existing exploit POCs in the wild. VulnCheck sources data from nearly 500 channels and over 450 million records across all CVEs and vulnerabilities without a CVE. The platform refreshes most of its data sources every hour and provides data output in machine-readable formats. Designed for seamless integration into security workflows and products, VulnCheck enables product, security, and response teams to track, prioritize, and remediate the most critical vulnerabilities before attackers strike.
“VulnCheck is channel-first, and our goal is to ensure our partners have the intelligence platform and mitigation services that shorten the time to remediation,” said Mike Deskewies, Head of Channels and Strategic Alliances at VulnCheck. “With the launch of our Partner Program, we’re fostering a community that not only helps supply the necessary intelligence at scale but also unlocks new opportunities for the channel to lead with intelligence-driven solutions.”
The VulnCheck Partner Program empowers its channel community with an aggressive deal registration program and an intelligence-enhanced cyber platform that enables expanded customer accounts, managed service offerings and red team services.
“We have been around, doing Exploit Intelligence for Vulnerability Prioritization, since 2021, and have been selling it commercially since 2022,” Bain said. In 2023-2024 we tripled our revenue from 2 to 6 ARR, and have more than 50 customers today. Now we are looking at tripling our ARR again.”
Before the introduction of the partner program, VulnCheck had other ways of bringing their product to market.
“We started selling it to product teams, initially to customers across large EDRs,” Bain said. “We used it for multiple products across the portfolio, including venture finance company In-Q-Tel, which played a key role here and invests in startups developing game-changing technology.
“We teamed up with In-Q-Tel around the DoD and the intelligence community in particular,” Bain noted. “We saw a demand in large financials, We got to market there by bringing a level of innovation both to the scalable and nichey when we saw there was demand here. Then this March we spent $12 Million in Series A Funding.”
In addition to the strong channel community, VulnCheck partners also receive access to proof-of-concept and request for proposal support, dedicated field sales and technical guidance, and marketing development funds (MDF) for joint events and demand generation initiatives.
“We committed from the outset this year to channel first, which is why we hired Mike Deskewies as Head of Channels and Strategic Alliances at VulnCheck,” Bain said. “This is why we have seen huge uptake from Optiv and Carahsoft. This year was actually the launch of our channel program, but as we have seen the uptick, it was time to announce it.”
“VulnCheck is channel-first, and our goal is to ensure our partners have the intelligence platform and mitigation services that shorten the time to remediation,” Deskewies said.
Bain said that the channel realizes there is a newer, faster better way to do things.
“We are committed to making our data easy to evaluate and integrate,” he indicated.
Bain indicated that VulnCheck’s channel is very focused.
“It’s very targeted,” he said. “We have them from SIs to technology providers, resellers, and MSSPs. We often partner with customers on the cybersecurity side because we can do some joint marketing with them. We sell through but not to threat intelligence companies, and they use our data as a default.”
The numbers of partners are limited by design.
“We don’t need a line out the door,” Bain said. “We have probably 50 partners all in. If we don’t grow that, we don’t really care because we have opportunities with two-thirds of partners now. Two thirds are active. We are getting a lot of opportunities in the MSSP space, so we are not in a rush to go downmarket.”
The launch of the Partner Program fosters a community that not only helps supply the necessary intelligence at scale but also unlocks new opportunities for the channel to lead with intelligence-driven solutions.”
This includes faster and differentiated Intelligence, where you can exploit intelligence up to two weeks faster than other solutions with five times more exploited vulnerabilities than CISA KEV and custom-built detection kits for high-risk vulnerabilities. Bain said this is because of their autonomous collection system with its certifications and disclosure sites. He also noted the early warning, real-time, and machine-readable intelligence as well as access to scanless integration, which is ideal for OT/IT environments, and evidence-based vulnerability prioritization
“You don’t need a scanner,” Bain said. “You won’t get the latest and greatest, but you will get what you can’t with legacy tools, and you get it faster than anyone else.”
Finally, you get exclusive access to intelligence artifacts.
Carahsoft handles VulnCheck’s distribution.
“VulnCheck is a trusted Carahsoft partner, and its exploit intelligence solutions have provided the public sector with comprehensive insights to remain a step ahead of today’s adversaries,” said Steve Jacyna, Director of Innovative Cybersecurity Solutions at Carahsoft. “As VulnCheck’s Public Sector distributor, this new program allows us to deepen our support in providing government institutions and federal agencies with real-time, machine-consumable intelligence to effectively prioritize vulnerabilities and mitigate exploit weaponization.”
“We are a growing company and a Carahsoft partner,” Bain said. “We work with them in North America, in Canada as well as the U.S. We also have international customers.”