We are excited to announce that Silk Security has formally exited stealth mode, with $12.5m in seed funding from Insight Partners, CrowdStrike Falcon Fund, Hetz Ventures and a bench of angel investors that includes seasoned cyber security executives and practitioners.
So who is Silk? Silk was founded by three cybersecurity professionals whose experience spans the IDF, Meta (Facebook), Goldman Sachs, Avanan, Cyvera and Palo Alto Networks, who felt first-hand the risk resolution pain that existing approaches and home-grown tools fall short in tackling. We were convinced that security practitioners deserved better - and we took the initiative out of frustration to build what we saw was lacking in the industry.
We wanted to find a way to extend and augment the tools already in place to ensure that when engineers wake up in the morning, there is a clear and easy way to communicate to them exactly what to fix - without security teams having to lift a finger. Instead of a manual, tedious and disconnected risk resolution process, we want to provide a platform for teams to collaborate on the process for resolving the security findings that put their business at risk.
More findings, less clarity on what to fix, who to ask, and how to ask
So why Silk? In short, the old way of identifying and remediating risk was always broken, but it’s taken until now for the limitations to approach a crisis.
Just as the IT environment has become more distributed and more complex through trends like digital transformation and cloud native application adoption, so too has risk responsibility and ownership become more distributed across operations and engineering teams.
At the same time, these technology shifts have generated the need for detection tools that could identify security issues, vulnerabilities and misconfigurations in code, cloud infrastructure and applications. This development is commonly referred to as ‘tool sprawl’ - but is in fact the result of security teams adopting domain-specific and overlapping tools for new sources of risk in their environments.
There are any number of statistics that we can point to how current approaches for dealing with this emerging landscape: the time spent by security teams manually sorting through alerts from multiple detection tools, on trying to identify priorities for remediation based on risk, and then trying to identify who is responsible for remediating the finding.
The lack of a consolidated, unified approach to identifying and fixing risk is further reflected in statistics about the length of time that even critical vulnerabilities go unremediated - even when security teams have managed to work through operational inefficiencies to prioritize what to fix first.
The accumulated impact of these inefficiencies, bottlenecks and gaps is that enterprises lack a systematic, centralized way to assess, resolve or track their risk posture.
Closing the Gap Between Finding and Fixing Risk
Silk’s platform is the first to address these interconnected challenges holistically, weaving together capabilities in a unified platform that address the discrete pain points which each team in the process experiences - and enabling stakeholders to create a collaborative plan of attack to tackle their cyber risk issues.
As an integral outcome of our approach, security teams can understand how a single fix in code can address multiple issues in production as well as how to operationalize a campaign at scale to address multiple instances of a common fix. This visibility from code to cloud and even to public domains, not only helps prioritization - but also allows us to identify fixes with the highest impact across the environment.
In our initial commercial engagements, we’ve seen that Silk’s flexibility allows customers to make better decisions, faster and centrally track remediation status, building a foundation that puts them on a path to a holistic risk resolution strategy.
As customers move toward a holistic risk resolution strategy, they typically start with the point in the process where their bottleneck is most acute.
For some customers, the near-term priority is being able to consolidate, normalize and de-duplicate findings from multiple, potentially overlapping, tools into a unified interface that brings order to chaos. This is especially the case for customers deploying newer tools alongside their more traditional detection tools, or are looking to execute on a platform consolidation strategy by retiring overlapping tools.
For others, Silk also transforms what is otherwise a manual, time-consuming and often frustrating prioritization process when only using static frameworks. Silk’s correlation and enrichment of asset information with vulnerability intelligence and third party threat intel, automates and refines prioritization based on the dynamics of the customer’s unique environment.
In turn, Silk’s asset-centric prioritization and automated discovery of fix owners and organizational structure mapping, addresses another major obstacle to efficient risk resolution. Security teams that may have spent weeks in the past trying to identify a fix owner, can quickly assign the task, and refine assignment over time as the Silk system learns from ongoing interactions.
And, Silk’s bidirectional workflow integration opens the door for collaboration with distributed operations teams, with the ability to scale remediation through bulk ticketing for fixes that can address multiple related findings.
To accommodate the reality of how teams often choose their own way to manage their tasks, Silk automates ticketing and task routing across multiple instances of the same workflow tools, as well as integrations to multiple types of workflow tools within the same enterprise.
Taken to the next step, Silk’s centralized visibility across all remediation tasks, team performance and risk posture status fundamentally shifts the conversation across stakeholders and simplifies reporting.
Iterative improvements in each of these facets of the risk resolution process brings tangible benefits, and provided in tandem as capabilities of a unified platform have our customers and partners excited about the potential to revolutionize how their enterprises deal with code, application and cloud security risk.
Toward a Holistic Risk Resolution Strategy
We are grateful for the support we’ve already received from customers, partners and investors. Looking ahead, our plan is to build on our initial momentum to strengthen our platform capabilities, extend the breadth and depth of our technology partnerships and deliver on our mission to revolutionize the risk resolution process.
