Posted on Mar 23, 2015

Security Scorecard Raises $12.5M for a New Way to Assess Security Flaws

By DEBORAH GAGE

When Aleksandr Yampolskiy headed security and compliance for Gilt Groupe Inc., a members-only online shopping site, he said he would lie awake at night worrying.

Even if he had done a good job protecting his own company by investing in vulnerability scanners and other tools, “I felt like I could lose my job any day if one of our cloud services [such as Salesforce.com or Dropbox] would get attacked,” he said.

That nagging feeling was validated when an e-commerce fraud prevention service was pressuring him to sign a contract for Gilt. Wary, he asked his team to poke around the Internet, he said, and they discovered that the service had exposed credit card information to hackers.

“That was the aha moment,” said Dr. Yampolskiy, who has a Ph.D. in cryptography from Yale University. “…Companies are so busy protecting themselves that they forget about their neighbors, partners and suppliers.”

Dr. Yampolskiy and one of his former Gilt team members, Sam Kassoumeh, have since founded a company, Security Scorecard Inc., to develop the product they say they wish they’d had at Gilt.

On Tuesday, Security Scorecard announced $12.5 million in funding led by Sequoia Capital, with current investors participating in the Series A round.

Working from outside a company, Security Scorecard uses algorithms and a variety of what Dr. Yampolskiy calls clever techniques to monitor signals from across the Internet, both as an early warning system for attacks and as a way to deduce whether a company has vulnerabilities that should be fixed.

The service, which can be used by both technical and nontechnical people, goes beyond the usual malware and botnets and spam to figure out how vulnerable employees are to social engineering, for instance, or whether they may be disgruntled, or whether their websites have been defaced. It also shows companies how they can remediate problems and how fast they fix their problems compared with their peers.

“Few security companies have been started by people who sat in the seat responsible to protect an entire organization,” Dr. Yampolskiy said. “This was the pain point that we lived and breathed every day.”

Sequoia Managing Partner Michael Goguen said he invested in Security Scorecard because it was the most automated and least intrusive way he had seen to protect companies from what has become a cybersecurity arms race, where companies worry about whether they have invested in the latest and greatest security products to protect themselves.

So far, he said, the product has practically sold itself. “Security Scorecard is on the way to becoming a great Sequoia company.”

Total funding in Security Scorecard is now $14.7 million, with Mr. Goguen joining the board. Boldstart Ventures and Evolution Equity Partners also participated in the round.

Write to Deborah Gage at deborah.gage@wsj.com. Follow her on Twitter at@deborahgage

Security Research in your Inbox

Thanks for siging up for the newsletter!

Our Platform

Learn How It Works

Find out how we use open source intelligence, proprietary and open data feeds, and deep machine learning systems to correlate, attribute, and prioritize risks.

Learn About the Platform

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 categories of risk. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!