Back

VulnCheck

Company Overview

VulnCheck is a cyber intelligence platform that delivers threat intelligence services to government organizations and cybersecurity vendors. The company is based in the United States and was founded in 2021.

VulnCheck’s platform provides unprecedented visibility into the vulnerability ecosystem, allowing organizations to prioritize their response and take action before attacks occur. The company aims to help organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Products Overview

VulnCheck offers several key products and services:

  1. Exploit & Vulnerability Intelligence - Provides detailed information on vulnerabilities and associated exploits to help prioritize remediation efforts.

  2. Initial Access Intelligence - Delivers intelligence on initial access vectors and techniques used by threat actors.

  3. IP Intelligence - Tracks attacker command & control infrastructure and potentially vulnerable internet-facing systems.

  4. VulnCheck Community - A free service that provides timely vulnerability intelligence.

  5. VulnCheck KEV - A tool for exploring and analyzing vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog.

  6. NVD++ - An enhanced version of the National Vulnerability Database (NVD) with improved reliability and performance.

The company also develops and maintains open-source tools like go-exploit, an exploit development framework.

Founding Team

The leadership team includes:

  • Anthony Bettini - CEO and Founder
  • Jacob Baines - Chief Technology Officer
  • Thomas Bain - Chief Marketing Officer
  • David Munson - Vice President, Engineering
  • Jay Wallace - Vice President, Sales

Problem and Market Fit

VulnCheck addresses the growing challenge of managing and prioritizing vulnerabilities in an increasingly complex threat landscape. With exploit development times decreasing dramatically (from nearly a year in 2018 to just 8 days in 2023 for weaponized exploits), organizations need better intelligence to stay ahead of threats.

The company’s products fit into the vulnerability management and threat intelligence markets, providing actionable data to help security teams focus on the most critical issues. By combining exploit intelligence, initial access information, and IP intelligence, VulnCheck offers a comprehensive view of the threat landscape.

Business Model

VulnCheck operates on a software-as-a-service (SaaS) model, providing access to its intelligence platform and tools via subscription. The company also offers some free community resources and open-source tools, likely as part of a freemium strategy to drive adoption and upsell to paid services.

Funding and Runway

While specific funding amounts are not provided, the company lists several notable investors:

  • In-Q-Tel
  • Sorenson Capital
  • Lux Capital
  • Aviso Ventures

The involvement of these venture capital firms suggests VulnCheck has secured significant funding to support its growth and product development.

Competitive Landscape

VulnCheck operates in the crowded cybersecurity and threat intelligence market. While specific competitors are not named, the company likely competes with other vulnerability intelligence providers, threat intelligence platforms, and vulnerability management solutions.

VulnCheck differentiates itself through its focus on predicting attack vectors, comprehensive intelligence offerings, and novel approaches like its “scanless” vulnerability assessment capabilities.

Customers

Specific customers are not mentioned, but the company states that it serves government organizations and cybersecurity vendors. The nature of its products suggests that its target customers are likely large enterprises, managed security service providers, and government agencies with significant cybersecurity needs.

Relevant News

  1. July 25, 2024 - VulnCheck announced a new “scanless” feature for its go-exploit framework, allowing for asset detection and version scanning without directly connecting to target systems.

  2. July 19, 2024 - The company released its Initial Access Intelligence update for June 2024, covering 15 new CVEs across 13 vendors and products.

  3. March 14, 2024 - VulnCheck launched NVD++, an enhanced version of the National Vulnerability Database to address reliability and performance concerns with the official NVD.

  4. October 12, 2023 - VulnCheck announced four new leadership team additions, indicating company growth.

  5. May 25, 2023 - The company open-sourced its go-exploit framework, an exploit development tool designed for simplicity and portability.

These recent developments showcase VulnCheck’s ongoing innovation in vulnerability intelligence and its commitment to both proprietary and open-source tools for the security community.

Classification: AI Tier 3

  1. Core AI: Create fundamental AI technologies/base models
  2. AI-Enabled: Core offerings rely on recent AI advances
  3. AI Adopters: Use AI to enhance existing products/services
  4. Non-AI: No AI in products/services

VulnCheck enhances its cybersecurity services using AI, classifying it as an AI adopter (Tier 3).