NEW YORK — Xeol, a New York City-based cybersecurity company, has raised $3.2 million in Seed funding led by Shield Capital with Y Combinator and 468 Capital also participating.
Cyber attacks against private enterprises’ software supply chains multiplied sevenfold over the past 3 years. Software supply chains must be secured just as industrial supply chains are secured from components to assembly to delivery. This is becoming even more pressing as open source software use and attack surfaces widen.
“Now is the right time to come out of stealth mode to tackle the software supply chain problem with foundational standards like Software Bill of Materials (SBOM) and Supply-chain Levels for Software Artifacts (SLSA) gaining traction,” said Xeol CEO and co-founder ShiHan Wan. “These standards allow us to go much deeper and be much more accurate with supply chain risks like outdated software”
Xeol’s focus is to secure software throughout its lifecycle beginning at the code repository all the way through delivery to customers. The team starts by managing enterprises’ end-of-life software whose publishers no longer provide security patches. Attackers typically gain access to vulnerable systems by phishing, then exploiting unpatched software. PCI 4.0, a security standard for handling payment card data, will mandate that companies have a program to manage end-of-life software, highlighting the growing threat surface.
Since launching the company four months ago, Xeol says it has already signed its first Fortune 500 customer. For this customer, the team was able to identify more than 2,000 end-of-life software components and reduce the company’s exposure by 60%.
