RiskRecon
Auto Added by WPeMatico
Mastercard acquires security assessment startup, RiskRecon
Mastercard announced today that it is acquiring RiskRecon, a Salt Lake City startup that uses publicly available data to build security assessments of organizations. The companies did not share the purchase price.
It has become increasingly important for financial services companies like Mastercard to help customers navigate cybersecurity, and RiskRecon will give customers an objective score of a company’s risk profile.
“Through a powerful combination of AI and data-driven advanced technology, RiskRecon offers an exciting opportunity to complement our existing strategy and technology to secure the cyber space,” Ajay Bhalla, president of cyber and intelligence for Mastercard, said in a statement.
RiskRecon CEO Kelly White told TechCrunch in a 2016 interview after the company’s $3 million seed round that the company looks at information that is readily available on the internet and puts it together to measure a company’s overall security risk:
RiskRecon leverages information that is available on the web from companies operating there as part of the act of doing business. “If you stand up web servers and DNS servers, these are intentionally discoverable because they are providing services on the internet. Systems reveal the software being run and version information from which you can determine security performance.”
White sees joining Mastercard as an opportunity to be a part of a larger organization and all that that entails. “By becoming part of their team, we have an opportunity to scale our solution and help companies in new industries and geographies take steps to better manage their cybersecurity risk,” he said in a statement.
RiskRecon launched in 2015 and has raised $40 million, according to Crunchbase data. Investors included Accel, Dell Technologies Capital, General Catalyst and F-Prime Capital.
It’s worth noting that the company was not alone in the space, competing with New York City-based SecurityScoreCard, which launched in 2013 and has raised over $112 million, according to Crunchbase. The last investment came in June for $50 million.
Today’s deal is subject to standard regulatory approval, but is expected to close in the first quarter in 2020.
Powered by WPeMatico
RiskRecon’s security assessment services for third-party vendors raises $25 million
In June of this year, Chinese hackers managed to install software into the networks of a contractor for the U.S. Navy and steal information on a roughly $300 million top-secret submarine program.
Two years ago, hackers infiltrated the networks of a vendor servicing the Australian military and made off with files containing a trove of information on Australian and U.S. military hardware and plans. That hacker stole roughly 30 gigabytes of data, including information on the nearly half-a-trillion dollar F-35 Joint Strike Fighter program.
Third-party vendors, contractors and suppliers to big companies have long been the targets for cyber thieves looking for access to sensitive data, and the reason is simple. Companies don’t know how secure their suppliers really are and can’t take the time to find out.
“The Department of Defense can have the best cybersecurity on the planet, but when that moves off to a subcontractor how can the DOD know how the subcontractor is going to protect that data?” says Kelly White, the chief executive of RiskRecon, a new firm that provides audits of vendors’ security profile.
The problem is one that the Salt Lake City-based executive knew well. White was a former security executive for Zion Bank Corporation after spending years in the cybersecurity industry with Ernst & Young and TrueSecure — a Washington, DC-based security vendor.
When White began work with Zion, around 2 percent of the company’s services were hosted by third parties; less than five years later and that number had climbed to over 50 percent. When White identified the problem in 2010, he immediately began developing a solution on his own time. RiskRecon’s chief executive estimates he spent 3,000 hours developing the service between 2010 and 2015, when he finally launched the business with seed capital from General Catalyst .
And White says the tools that companies use to ensure that those vendors have adequate security measures in place basically boiled down to an emailed checklist that the vendors would fill out themselves.
That’s why White built the RiskRecon service, which has just raised $25 million in a new round of funding led by Accel Partners with participation from Dell Technologies Capital, General Catalyst and F-Prime Capital, Fidelity Investments’ venture capital affiliate.
The company’s software looks at what White calls the “internet surface” of a vendor and maps the different ways in which that surface can be compromised. “We don’t require any insider information to get started,” says White. “The point of finding systems is to understand how well an organization is managing their risk.”
White says that the software does more than identify the weak points in a vendor’s security profile, it also tries to get a view into the type of information that could be exposed at different points on a network.
According to White, the company has more than 50 customers among the Fortune 500 that are already using his company’s services across industries like financial services, oil and gas and manufacturing.
The money from RiskRecon’s new round will be used to boost sales and marketing efforts as the company looks to expand into Europe, Asia and further into North America.
“Where there’s not transparency there’s often poor performance,” says White. “Cybersecurity has gone a long time without true transparency. You can’t have strong accountability without strong transparency.”
Powered by WPeMatico