Posted on Mar 23, 2015
When Aleksandr Yampolskiy headed security and compliance for Gilt Groupe Inc., a members-only online shopping site, he said he would lie awake at night worrying.
Even if he had done a good job protecting his own company by investing in vulnerability scanners and other tools, “I felt like I could lose my job any day if one of our cloud services [such as Salesforce.com or Dropbox] would get attacked,” he said.
That nagging feeling was validated when an e-commerce fraud prevention service was pressuring him to sign a contract for Gilt. Wary, he asked his team to poke around the Internet, he said, and they discovered that the service had exposed credit card information to hackers.
“That was the aha moment,” said Dr. Yampolskiy, who has a Ph.D. in cryptography from Yale University. “…Companies are so busy protecting themselves that they forget about their neighbors, partners and suppliers.”
Dr. Yampolskiy and one of his former Gilt team members, Sam Kassoumeh, have since founded a company, Security Scorecard Inc., to develop the product they say they wish they’d had at Gilt.
On Tuesday, Security Scorecard announced $12.5 million in funding led by Sequoia Capital, with current investors participating in the Series A round.
Working from outside a company, Security Scorecard uses algorithms and a variety of what Dr. Yampolskiy calls clever techniques to monitor signals from across the Internet, both as an early warning system for attacks and as a way to deduce whether a company has vulnerabilities that should be fixed.
The service, which can be used by both technical and nontechnical people, goes beyond the usual malware and botnets and spam to figure out how vulnerable employees are to social engineering, for instance, or whether they may be disgruntled, or whether their websites have been defaced. It also shows companies how they can remediate problems and how fast they fix their problems compared with their peers.
“Few security companies have been started by people who sat in the seat responsible to protect an entire organization,” Dr. Yampolskiy said. “This was the pain point that we lived and breathed every day.”
Sequoia Managing Partner Michael Goguen said he invested in Security Scorecard because it was the most automated and least intrusive way he had seen to protect companies from what has become a cybersecurity arms race, where companies worry about whether they have invested in the latest and greatest security products to protect themselves.
So far, he said, the product has practically sold itself. “Security Scorecard is on the way to becoming a great Sequoia company.”
Total funding in Security Scorecard is now $14.7 million, with Mr. Goguen joining the board. Boldstart Ventures and Evolution Equity Partners also participated in the round.
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.