Connect with us

Hi, what are you looking for?


Cybersecurity Funding

Silk Security Emerges from Stealth With $12.5 Million Seed Funding

Silk Security raised $12.5 million in seed funding and is on a mission to break down the silos between security and development with an integrated ‘find and fix’ platform.

New York based Silk Security has raised $12.5 million in a seed funding round led by Insight Partners and Hetz Ventures, with the CrowdStrike Falcon Fund and angel investors including Shlomo Kramer, Mickey Boodaei and Rakesh Loonkar also participating.

The company is on a mission to break down the silos between security and development with a new integrated ‘find and fix’ platform.

Silk was founded in 2022 by Yoav Nathaniel (CEO, formerly head of threat intelligence at Avanan), Or Priel (CPO, formerly VP enablement at Ermetic), and Bar Katz (CTO, formerly product manager at Facebook).

The primary purpose of the Silk platform is to bridge the gap that exists between security teams (those who find risks in the system), and development teams (those who fix the risks). Better integration between these silos will lead to shorter remediation lag. In December 2022, HackerOne reported aviation and aerospace companies had a median time to remediate of 148.3 days, while medical technology organizations took 73.9 days. During this period, organizations are at increased risk.

Silk consolidates alerts from multiple detection systems, and performs automatic triaging based on threats to the customer’s environment and assets. During this process it can also recognize connected or overlapping threats, and discover the root cause of the problem or problems.

It generates a remediation priority scheme that is made available to the development team (including specific remediation advice). The information is bi-directional: progress on the remediation plan is automatically available to the security team. In this way, the automated triaging, remediation proposal, and progress monitoring integrates security and development into a combined unit that efficiently finds and fixes threats.

The platform operates by integrating with best of breed threat detection solutions and collaboration tools. “Silk uses an agentless approach to connect to the customer’s environment (CI/CD pipeline, cloud environment, detection tools, ITSM tools, user management, workflow tools), and then moves the data through an AI/ML pipeline,” explained Nathaniel.

Advertisement. Scroll to continue reading.

Using AI technologies, the first step is to normalize and consolidate the detection findings, looking to identify any duplicates. “The next step is context enrichment,” he continued. This provides an asset-centric view of the findings, generated from information provided by the security team, integration with threat intelligence feeds, and severity ratings from CVSS or other frameworks – providing a likelihood-of-exploitability rating. Silk is also able to identify the remediation owner.

“Silk packages the logic that informed the prioritization output,” said Nathaniel. “Rather than simply pushing a detection tool’s finding into something like a Jira ticket, Silk generates a clear and concise recommendation, with a reason for the remediation request – such as a ‘high severity threat on an internet accessible asset’ to the right owner using the right workflow tool.”

The detection tool or tools, and ‘the right workflow tool’ are integrations with the platform. ‘Integrations’ are key to the functionality and user friendliness of the platform, ultimately allowing the platform to be tailored to individual customers’ preferences. 

“At the heart of what Silk does is looking at the risk resolution process from a holistic perspective,” continued Nathaniel. “Key to improving the resolution process is working with the workflow tools that developers, infrastructure or IT teams use on a daily basis – and then using bidirectional integration to allow security teams to monitor and gain visibility into remediation status.” 

He gave Monday as an example. “A customer requested the bidirectional integration since the team uses the project management features for staging and deploying assets to their cloud infrastructure.  Visibility across workflow tools helps CISOs understand their current remediation status at a high level, as well as compare how teams are performing on a relative basis, and potentially identify where there are technical or organizational issues.”

If the relative priority of a finding changes, and the remediation task has not been completed, security teams can use the workflow tools to escalate the priority. 

Silk includes a ready-made range of integrated detection tools, and is committed to widening this on an ongoing basis. it also comes with an API that allows customers a ‘bring your-own-inegration’ for the rapid integration of other preferred detection, scanners or workflow apps.

“As a former CISO, my teams wasted so much time managing findings out of multiple spreadsheets and then throwing them over the fence to infrastructure and DevOps teams. It was inefficient and impossible to prioritize,” commented Steve Ward, MD at investing firm Insight Partners. “Silk gives cybersecurity teams the ability to aggregate and prioritize findings in a way that simplifies an overwhelming space for the teams that are responsible for the fix.”

The Silk platform is designed to better integrate the separate functions of the security team (risk detection) and the developers (remediation). Its purpose is to increase the speed and effectiveness of risk resolution within the combined security epithet it dubs ‘find and fix’.

Related: Trackd Snags $3.35M Seed Funding to Automate Vuln Remediation

Related: WhiteSource Becomes Mend, Adds Automatic Code Remediation

Related: Vulnerability Remediation Platform Vicarius Raises $24 Million

Related: Analysis of ICS Exploits Can Help Defenders Prioritize Vulnerability Remediation

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

Cybersecurity Funding

CommandK announced that it has raised $3 million in a seed funding round for a solution designed to help organizations secure sensitive data.