VISO Trust lands $11 million to automate third-party cyber risk management


Join today’s top leaders online at the Data Summit on March 9. Register here.

In the world of 2022, cybersecurity risk from third parties is undoubtedly a huge problem.

In the 2013 Target breach, for example, attackers gained their initial access by hacking into a third-party vendor who had worked at retailers. For a more current example, Microsoft said last fall that it observed attackers attempting to break into companies’ systems by breaching their managed service providers, who had administrative access.

But for many companies, solving the problem of assessing and managing third-party risk has proven to be a challenge in itself: reading documents and carrying out investigations is a laborious, slow and frustrating process. – both for the companies that have to compile the information and for their third parties.

For the founders of the San Francisco-based startup VISO Confidence, this seemed like an ideal use of artificial intelligence (AI). And today, the company announced it has raised $11 million in Series A funding to expand its AI-powered security due diligence platform, which automates the process of compiling cyber data. third-party risk using document heuristics, natural language processing, and machine learning.

“We use advanced automation on our SaaS platform to deliver risk insights – giving people everything they need to know, truly without having to lift a finger,” said Paul Valente, CEO and co-founder of VISO Trust. “So more investigations, more reading of documents – and they can really understand their full risk position and be able to do whatever they need to do to manage that.”

VISO Trust reports that it currently has 15 companies among its clients and is aiming for “exponential” growth this year with the new funding in hand and a strong base of client examples, Valente said. Clients to date include Cruise, Gusto, Instacart, Upwork, Commonwealth Financial, BainCapital and Illumio.

The startup currently employs 25 people and expects to more than double this year with the new funding in hand.

The Series A funding was led by Bain Capital Ventures, with backing from Work-Bench, Sierra Ventures and Lytical Ventures. Crowdstrike CEO George Kurtz, Mandiant CEO Kevin Mandia, and former Splunk CEO Doug Merritt also participated in the round. VISO Trust previously raised $3 million in seed funding.

“No fuss”

Enrique Salem, a partner at Bain Capital Ventures, joins VISO Trust’s board of directors and told VentureBeat that the company is the first to truly apply AI/ML in this area of ​​the market.

“I would say it’s the biggest obvious company anyone should be using,” said Salem, former CEO of Symantec. “They have the basic technology. That works. It’s reliable, it’s scalable. And we have to make everyone know about VISO. »

Valente is formerly LendingClub’s CISO and chief information security officer at Restoration Hardware, and co-founded the company with CTO Russell Sherman, formerly of LendingClub and Dell SecureWorks. VISO Trust was launched in 2020 and provides its platform as a software-as-a-service offering.

The platform provides businesses with a comprehensive database of their third-party relationships, and in an automated way, it highlights all necessary actions over time, Valente said.

It is important to note that the platform continues to monitor the situation in a user’s third-party risk picture for them. Users are notified of changes in their risk, which they can quickly see on the platform, Valente said.

Ultimately, clients can “easily see where in the organization they pose the most risk – and be continually informed throughout the life of the relationship of any changes in risk posture and any actions they take.” they have to take,” he said.

Speed ​​up the process

Salem said that whenever he discussed the subject of third-party risk with anyone, he heard that “onboarding a new vendor frustrates my business endlessly.”

“And by the way, the person with the black eye is unfortunately either the risk management team or the CISO. And people always say ‘why are you so slow?’ said Salem.

Salem said he’s heard a number of arguments from people trying to simplify this process, but Valente and Sherman’s solution stood out by breaking the process down into a few key questions that “would let you say, are you actually going to do with this vendor? What type of data is going to be used by the vendor?”

“And by really synthesizing it into the few things that matter, they can automate that process way beyond anything I’ve ever seen,” Salem said. “And so the reason we’re really excited to partner with Paul and Russ is because everyone needs it. It’s just a must-have – not just for big business, but for everyone. anyone. And second, they took an innovative leap forward using AI and machine learning on how to feed back accurate results to the risk management team or the security team.”

To validate this, Salem said his team went to CISOs and asked them how they onboard vendors, and were guided through all the many steps.

“And then we said, what if you had a tool like VISO – would you rate it? And we got a 100% response saying yes,” he said.

“But the most telling thing was that people who used it, when they checked the results and validated the results, said, ‘This is amazing,'” Salem said. “And so we felt, given the frustration with existing solutions and the frustration of users, that the world really needed the innovation that VISO is bringing to market.”

VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more


About Author

Comments are closed.