Our investment in Avalor: Solving security’s data problem

Companies of all sizes frequently deploy new security tools to address the evolving threat landscape. Recent research suggests the average mid-sized company has deployed dozens of security tools. These figures are even higher among enterprise companies. But do more tools, and thus more investment, really lead to better security outcomes? Statistics around the industry’s talent shortage aren’t improving, the attack surface is expanding rather than shrinking, and ransomware is intensifying in both frequency and severity. So, where’s the disconnect?

Over the years, we have spoken to hundreds of security practitioners. Most of them leverage tools that have their own purpose and taxonomy, which means the data generated by them is often siloed or disjointed and very hard to correlate. So, while these tools may provide essential coverage over critical assets, they can also create a data nightmare for security teams. How well this data is or isn’t organized, prioritized, and actioned determines the effectiveness of a security program. Today, the disconnect between security outcomes and how much is spent on tools is data-driven, and this is where Avalor enters the picture. 

Avalor addresses security’s pervasive data problem and helps security teams make faster, more accurate decisions. The company takes aim at this problem through a differentiated data fabric that acts as a source of truth for assets, controls, identities, vulnerabilities, security bugs, and other related data points. Importantly, we believe the company’s data fabric can power several applications over time, starting with Vulnerability Management (VM).

Starting with VM

VM, broadly defined, has become a mainstay of security over the past decade. Unlike many other security product categories, it’s also one that has a very well-defined budget and buyer. Incumbents like Qualys, Rapid7, and Tenable have all scaled to hundreds of millions in revenue and provide excellent vulnerability data, relying on scanners, CVSS score metrics, and potential impact measures to improve a company’s security posture. However, while existing VM solutions are helpful in telling companies which vulnerabilities generally pose heightened risk and need attention, they’re often blind to business context and other data sources. Understanding the actual risk posed by a given vulnerability is a data problem; it depends on a variety of factors related to the impacted asset, not just one. This is where Avalor’s initial application or “use case” comes into play, normalizing and de-duplicating data from multiple sources to generate a single, contextualized view on vulnerability risk management and prioritization. Avalor’s data fabric automates what has traditionally been a highly manual process, significantly reducing the total number of critical vulnerabilities (often from tens of thousands to hundreds) and facilitating faster remediation across IT, DevOps, and Security.

Built by data experts

Raanan Raz and Kfir Tishbi founded Avalor with the not so simple mission of solving security’s data problem. Undaunted, Raanan and Kfir have spent the past year assembling a founding team with a near-decade-long track record of working together, including at Datorama, a data intelligence company which Salesforce acquired in 2018 for $800M. Following the acquisition by Salesforce, Datorama became a pillar within Salesforce Marketing Cloud and solved key data problems for thousands of customers globally.

The most disruptive security companies often aren’t built by security experts. Finding an innovative solution to an old problem, especially one as onerous as data, requires a new set of eyes. We’re confident we’ve found this at Avalor. Whether it’s Marketing or Security, we believe Avalor’s team of data experts is uniquely qualified to address a problem that others have tried and failed to solve.

Our partnership with Avalor

We’re thrilled to announce that TCV is leading Avalor’s $25M Series A round alongside our friends at Cyberstarts, and Salesforce Ventures. At TCV, we gravitate towards founders that are culture and product obsessed. Raanan and Kfir blend humility with a deep understanding of solving data problems at scale, and we look forward to supporting them on the journey ahead. If you are interested in learning more about Avalor, please visit the company’s website.