Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

Security Scorecard Raises $12.5M for a New Way to Assess Security Flaws

By DEBORAH GAGE

When Aleksandr Yampolskiy headed security and compliance for Gilt Groupe Inc., a members-only online shopping site, he said he would lie awake at night worrying.

Even if he had done a good job protecting his own company by investing in vulnerability scanners and other tools, “I felt like I could lose my job any day if one of our cloud services [such as Salesforce.com or Dropbox] would get attacked,” he said.

That nagging feeling was validated when an e-commerce fraud prevention service was pressuring him to sign a contract for Gilt. Wary, he asked his team to poke around the Internet, he said, and they discovered that the service had exposed credit card information to hackers.

“That was the aha moment,” said Dr. Yampolskiy, who has a Ph.D. in cryptography from Yale University. “…Companies are so busy protecting themselves that they forget about their neighbors, partners and suppliers.”

Dr. Yampolskiy and one of his former Gilt team members, Sam Kassoumeh, have since founded a company, Security Scorecard Inc., to develop the product they say they wish they’d had at Gilt.

On Tuesday, Security Scorecard announced $12.5 million in funding led by Sequoia Capital, with current investors participating in the Series A round.

Working from outside a company, Security Scorecard uses algorithms and a variety of what Dr. Yampolskiy calls clever techniques to monitor signals from across the Internet, both as an early warning system for attacks and as a way to deduce whether a company has vulnerabilities that should be fixed.

The service, which can be used by both technical and nontechnical people, goes beyond the usual malware and botnets and spam to figure out how vulnerable employees are to social engineering, for instance, or whether they may be disgruntled, or whether their websites have been defaced. It also shows companies how they can remediate problems and how fast they fix their problems compared with their peers.

“Few security companies have been started by people who sat in the seat responsible to protect an entire organization,” Dr. Yampolskiy said. “This was the pain point that we lived and breathed every day.”

Sequoia Managing Partner Michael Goguen said he invested in Security Scorecard because it was the most automated and least intrusive way he had seen to protect companies from what has become a cybersecurity arms race, where companies worry about whether they have invested in the latest and greatest security products to protect themselves.

So far, he said, the product has practically sold itself. “Security Scorecard is on the way to becoming a great Sequoia company.”

Total funding in Security Scorecard is now $14.7 million, with Mr. Goguen joining the board. Boldstart Ventures and Evolution Equity Partners also participated in the round.

Write to Deborah Gage at [email protected]. Follow her on Twitter at@deborahgage

CISOs: Pay Attention to the Cost of Lost Customers