A typical large company works with over 5000 technology vendors, according to Gartner, and each of these vendors presents a potential security risk. After all, every new vendor must be given access to proprietary data and information for their product to function within a company’s tech stack. To ensure that software from third-party vendors is integrated into their infrastructure without compromising any sensitive data, the average company spends $2 million — and countless hours — a year on vendor onboarding programs.
These programs usually entail asking each new vendor to answer over 200 security questions on a spreadsheet, and then having risk, compliance, and security program managers review the answers to assign the vendor a risk score and identify issues that need fixing. This slow, manual, and error-prone process must then be completed annually for each vendor.
Today, Bain Capital Ventures is thrilled to announce that we’re leading a $11 million Series A investment in VISO Trust, an innovative startup that has automated the vendor risk management process via automatic document extraction and low-touch onboarding. We are joined by some high-profile security CEOs who invested as angels in the round, including Mandiant CEO Kevin Mandia, Crowdstrike CEO George Kurtz, and former CEO of Splunk Doug Merritt also participated in the round.
VISO’s platform makes it fast and easy to onboard new vendors, automatically assess their security posture and risk surface, and audit those results on a regular cadence. A vendor onboarding process that used to take weeks takes just hours with VISO. And vendors get a VISO profile that’s accessible by other VISO users, making onboarding almost instant once a vendor is in the system, and producing a network effect that incentivizes VISO adoption.
VISO has cracked one of the thorniest problems in the security space and has already attained impressive traction among CISOs, who have been waiting for a product like this for years. CISOs know that two-thirds of data breaches occur due to the failure of third parties to make good on their security commitments, so if they can identify these issues before they occur, they could eliminate the majority of breaches.
While BCV was getting to know VISO Trust, we put the founders Paul Valente and Russell Sherman in touch with Bain Capital’s own CISO, Mark Sutton. After two phone calls, Mark was convinced and now Bain Capital is a VISO customer.
“This platform allows me to make accurate risk decisions, quickly, based on the potential impact of a specific relationship within our vendor ecosystem,” said Sutton. “We are now able to spend more time governing this growing risk instead of being stuck in the endless cycle of process management. This is a true game changer in the vendor and third-party risk management space.”
But while VISO’s technology is incredibly sophisticated, using AI and document heuristics to automatically and quickly do highly-accurate risk assessments, we never invest in technology, no matter how groundbreaking. At BCV, we invest in teams, and the two founders behind VISO have spent the last 20 years in the trenches dealing with vendor risk management themselves.
Paul was CISO at LendingClub, where he met his co-founder Russell, and at ASAPP, and he also worked in senior security roles at Restoration Hardware and MicroEdge. Russell was manager of threat intelligence at LendingClub and has also held security roles at Varo Money, ASAPP, and Dell. Their deep networks in the security industry have already led to several marquee customers and VISO is growing at a rapid clip.
In our software-centered world, companies need to adopt new technologies at a breakneck pace to stay ahead of the competition. And all this new software must be “connected” to its customers’ tech stacks in a safe and compliant way without compromising sensitive corporate data. Vendor risk management is a hugely time-consuming and expensive task for companies today, but VISO solves this headache using sophisticated AI and automation.
We’re excited to see where VISO goes next and we can’t wait to support Paul and Russell as they build the next great security company.
Palo Alto Networks is a company I’ve admired for a long time; it’s the world’s biggest standalone security company, has an arm in virtually every category of cyber, and is an active acquirer of dozens of pioneering startups.
We couldn’t have said it better ourselves. We’re living in a special time; we have the compute, funding, and expertise to augment wide swaths of knowledge work using foundation models (also referred to as large language models or LLMs in NLP use cases). But despite their near-magical characteristics, foundation models aren’t yet ready for primetime.…