NEW INVESTMENT: Volition Capital leads $20M investment in Levanta  Read More

VOLITION NEWS: Sean Cantwell & Roger Hurwitz Named Top Software Investors of 2024  Read More

FOLLOW-ON INVESTMENT: Volition Capital Announces Meaningful Follow-On Investment in Creatio  Read More

VOLITION MEDIA: Why Hardware-Enabled SaaS is a Winning Formula  Read More

Cybersecurity

4 MIN READ

Why Volition Invested in Black Kite Third-Party Cyber Risk Monitoring Platform

Cyber security is only as strong as its weakest link, and CISOs today have a big unknown looming in their environments – third parties. Whether it’d be an organization’s supply chain partners or service providers, entities outside an organization’s firewall are holding sensitive data or accessing internal systems. Yet, insight into third parties’ cyber security risk is limited, creating a large blind spot. Black Kite, our newest portfolio company, addresses this gap.

Earlier this week, we announced a $22M Series B investment in Black Kite, a Boston-based third-party cyber risk monitoring platform. Built by former white hat hackers, Black Kite continuously monitors third parties from a hacker’s point of view to identify vulnerabilities and assess an organization’s risk level. Further, it enables organizations to share their findings with third parties alongside step-by-step instructions to mitigate the risks.

Black Kite sits at the intersection of two key themes for Volition: 1) third party/supply chain risk management, including portfolio companies Assent Compliance and TraceLink, and 2) cyber security, including portfolio companies Ping Identity and Securonix. We believe cyber risk will become a crucial component of every Third-Party Risk Management (TPRM) program, and Black Kite has developed a market-leading cyber risk management product loved by customers. We are excited to partner with the Black Kite team to support the Company through its next phase of growth.

The challenge of third-party risk management

Managing third-party risk in general provides a unique challenge – organizations don’t have direct access to their third-party’s data. And without direct access to data, it is difficult to monitor and measure the risk they pose. Through portfolio companies Assent Compliance and TraceLink, we’ve experienced first-hand how software solutions can help bridge this intra-business data accessibility gap.

Within cyber security, managing third-party risk poses an extra layer of complexity. While the difficulties of data accessibility remain, there are additional challenges, including:

  • Questionnaires alone are not enough to understand the cyber risk posed by third parties
  • The security posture of third parties is not static. It needs to be continuously monitored
  • Monitoring and rating third parties at scale requires deep technical and domain expertise

The ramifications of a third-party breach are far and wide. In the worst of scenarios, the third-party breach leads to a breach on the first-party via island hopping by the attackers. In the best of scenarios, there is operational damage as the supplier or third-party cannot deliver its products and services. As a result, cyber risk management has become crucial for not only security teams but also procurement and supply chain teams. Yet, the market is vastly underserved with an effective solution.

So, why did we invest?

We invested in Black Kite because we believe cyber risk will become a key component of every TPRM program, and Black Kite provides a market leading solution. The company’s platform performs continuous scans and collects data from over 400+ OSINT (Open-Source Intelligence) resources internet-wide without touching the target. Then, it scores each entity’s cyber risk using open-source models such as MITRE and FAIR to help rate and quantify a third-party’s risk, enabling effective, continuous monitoring at scale.

Black Kite’s open rating methodology is a key value driver for customers. Its findings and ratings are easily understood by security teams because they’re based on standard frameworks such as MITRE instead of proprietary ‘black box’ models. Further, Black Kite provides step by step instructions on how to address the vulnerabilities that can be shared with third parties, going beyond just scoring them. As a result, customer feedback has been stellar given the transparency, fidelity, and actionability of Black Kite’s cyber ratings. Black Kite aims to help mitigate third-party risk, not just rate them.

Most importantly, we are big believers in the people behind Black Kite. The Black Kite team is world class, led by Paul Paget, CEO, who has decades of experience leading successful cyber security business, alongside Candan Bouklas, CTO and co-founder, who has built the product from ground-up leveraging his experience as a former white hat hacker. Their commitment to customers and innovation, coupled with their passion for helping organizations secure their environments, has impressed us since our first meeting with the team. We are truly excited to be partnering with the Black Kite team and look forward to the journey ahead.

COMMENTS & DISCUSSION BELOW:

Volition Capital

Tomy Han

Partner

Tomy Han

Partner

ALL ARTICLES
BACK TO TOP

Consent(Required)
This field is for validation purposes and should be left unchanged.

Consent(Required)
This field is for validation purposes and should be left unchanged.

Consent(Required)
This field is for validation purposes and should be left unchanged.

Consent(Required)
This field is for validation purposes and should be left unchanged.