RiskRecon, a SaaS provider of objective, vendor security assessments and insights, today announced it has completed a $12 million Series A financing round led by Dell Technologies Capital with additional participation from F-Prime Capital Partners and existing investor General Catalyst.
The RiskRecon platform dramatically improves third-party risk management by delivering transparent security measurements, analytics, and analyst-level insights. The funding will bolster product development and accelerate global sales growth.
With its proprietary data gathering technology, RiskRecon offers a unique depth, transparency and accuracy unavailable from security ratings services and vendor questionnaires. RiskRecon’s solution discovers a third-party vendor’s entire public IT footprint and produces actionable security assessments. RiskRecon provides not just summary information but also all supporting evidence, remediation priorities and vendor collaboration so that you can truly scale your third-party risk program. Moreover, RiskRecon’s continuous gathering of detailed IT and security data also enables clients to rapidly pinpoint third-party vendor exposure to new and emergent vulnerabilities such as Apache Struts.
“Methods for measuring and controlling third-party risk no longer address the risk realities of the increasingly interconnected organization. They often rely entirely on vendor attestation or stale databases and secondary threat intelligence measurements that do not provide an objective or accurate snapshot of an organization’s security performance,” said Kelly White, CEO of RiskRecon. “By providing timely, objective information to complement the vendor attestation process, we enable clients to better allocate resources and ensure vendor buy-in to corrective actions.”
Through the SaaS portal, RiskRecon clients continuously monitor vendor security performance across 50 unique security criteria that map directly to industry-recognized security measurement standards and frameworks. Unlike security ratings companies, RiskRecon doesn’t settle for assessing companies from a distance, re-swizzling distant banter in chatrooms and buying data from other companies. RiskRecon believes that the best measures of security performance are those that are directly observed about a company’s infrastructure and attack surface area.
“Globalization, outsourcing and cloud computing have dramatically expanded the cybersecurity attack surface of any G2000 enterprise beyond the enterprise’s traditional IT borders to the borders of its partners and vendors. A robust cybersecurity program should therefore consider the security measures and standards of these third parties,” said Deepak Jeevankumar, Managing Director of Dell Technologies Capital. “RiskRecon helps CISOs, boards of directors and security analysts to continuously evaluate the cyber-risk of the ever-changing IT environments of relevant third parties and provide actionable recommendations to safeguard those extended borders.”
The Series A funding also included existing private investors including Paul Sagan, former CEO of Akamai.
"Under regulatory scrutiny and rapid growth of third parties holding critical data, today’s security risk assessment process is characterized by large backlogs and slow, inaccurate and inefficient processes," said Gaurav Tuli, principal at F-Prime Capital Partners. "RiskRecon offers data-driven automation of vendor assessment to bring greater clarity and efficiency to the third-party assessment process.”