Home / News & Analysis / RiskRecon’s security assessment services for third-party vendors raises $25 million

RiskRecon’s security assessment services for third-party vendors raises $25 million

In June of this year, Chinese hackers managed to install software into the networks of a contractor for the U.S. Navy and steal information on a roughly $300 million top-secret submarine program.

Two years ago, hackers infiltrated the networks of a vendor servicing the Australian military and made off with files containing a trove of information on Australian and U.S. military hardware and plans. That hacker stole roughly 30 gigabytes of data, including information on the nearly half-a-trillion dollar F-35 Joint Strike Fighter program.

Third-party vendors, contractors and suppliers to big companies have long been the targets for cyber thieves looking for access to sensitive data, and the reason is simple. Companies don’t know how secure their suppliers really are and can’t take the time to find out.

“The Department of Defense can have the best cybersecurity on the planet, but when that moves off to a subcontractor how can the DOD know how the subcontractor is going to protect that data?” says Kelly White, the chief executive of RiskRecon, a new firm that provides audits of vendors’ security profile.

The problem is one that the Salt Lake City-based executive knew well. White was a former security executive for Zion Bank Corporation after spending years in the cybersecurity industry with Ernst & Young and TrueSecure — a Washington, DC-based security vendor.

When White began work with Zion, around 2 percent of the company’s services were hosted by third parties; less than five years later and that number had climbed to over 50 percent. When White identified the problem in 2010, he immediately began developing a solution on his own time. RiskRecon’s chief executive estimates he spent 3,000 hours developing the service between 2010 and 2015, when he finally launched the business with seed capital from General Catalyst .

And White says the tools that companies use to ensure that those vendors have adequate security measures in place basically boiled down to an emailed checklist that the vendors would fill out themselves.

That’s why White built the RiskRecon service, which has just raised $25 million in a new round of funding led by Accel Partners with participation from Dell Technologies Capital, General Catalyst and F-Prime Capital, Fidelity Investments’ venture capital affiliate.

The company’s software looks at what White calls the “internet surface” of a vendor and maps the different ways in which that surface can be compromised. “We don’t require any insider information to get started,” says White. “The point of finding systems is to understand how well an organization is managing their risk.”

White says that the software does more than identify the weak points in a vendor’s security profile, it also tries to get a view into the type of information that could be exposed at different points on a network.

According to White, the company has more than 50 customers among the Fortune 500 that are already using his company’s services across industries like financial services, oil and gas and manufacturing.

The money from RiskRecon’s new round will be used to boost sales and marketing efforts as the company looks to expand into Europe, Asia and further into North America.

“Where there’s not transparency there’s often poor performance,” says White. “Cybersecurity has gone a long time without true transparency. You can’t have strong accountability without strong transparency.”

Check Also

Y Combinator is launching a startup program in China

U.S. accelerator Y Combinator is expanding to China after it announced the hiring of former Microsoft and Baidu Qi Lu who will develop a standalone startup program that runs on Chinese soil. Shanghai-born Lu spent 11 years with Yahoo and eight years with Microsoft before a short spell with Baidu, where he was COO and head of the firm’s AI research division. Now he becomes founding CEO of YC China while he’s also stepping into the role of Head of YC Research. YC will also expand its research team with an office in Seattle, where Lu has plenty of links. There’s no immediate timeframe for when YC will launch its China program, which represents its first global expansion, but YC President Sam Altman told TechCrunch in an interview that the program will be based in Beijing once it is up and running. Altman said Lu will use his network and YC’s growing presence in China — it ran its first ‘Startup School’ event in Beijing earlier this year — to recruit prospects who will be put into the upcoming winter program in the U.S.. Following that, YC will work to launch the China-based program as soon as possible. It appears that the details are still being sketched out, although Altman did confirm it will run independently but may lean on local partners for help. The YC President he envisages batch programming in the U.S. and China overlapping to a point with visitors, shared mentors and potentially other interaction between the two. China’s startup scene has grown massively in recent years, numerous reports peg it close to that of the U.S., so it makes sense that YC, as an ‘ecosystem builder,’ wants to in. But Altman believes that the benefits extend beyond YC and will strengthen its network of founders, which spans more than 1,700 startups. “The number one asset YC has is a very special founder community,” he told TechCrunch. “The opportunity to include a lot more Chinese founders seems super valuable to everyone. Over the next decade, a significant portion of the tech companies started will be from the U.S. or China [so operating a] network across both is a huge deal.” Altman said he’s also banking on Lu being the man to make YC China happen. He revealed that he’s spent a decade trying to hire Lu, who he described as “one of the most impressive technologists I know.” Y Combinator President Sam Altman has often spoken of his desire to get into the Chinese market Entering China as a foreign entity is never easy, and in the venture world it is particularly tricky because China already has an advanced ecosystem of firms with their own networks for founders, particularly in the early-stage space. But Altman is confident that YC’s global reach and roster of founders and mentors appeals to startups in China. YC has been working to add Chinese startups to its U.S.-based programs for some time. Altman has long been keen on an expansion to China, as he discussed at our Disrupt event last year, and partner Eric Migicovsky — who co-founder Pebble — has been busy developing networks and arranging events like the Beijing one to raise its profile. That’s seen some progress with more teams from China — and other parts of the world — taking part in YC batches, which have never been more diverse. But YC is still missing out on global talent. According to its own data, fewer than 10 Chinese companies have passed through its corridors but that list looks like it is missing some names so the number may be higher. Clearly, though, admission are skewed towards the U.S. — the question is whether Qi Lu and creation of YC China can significantly alter that.

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.