Cybersecurity startup Xeol raises $3.2m seed round to secure software supply chains

Xeol, the New York City-based cybersecurity startup, announced it has raised $3.2 million in seed funding led by Shield Capital with Y Combinator and 468 Capital also participating.

Cyber attacks against private enterprises' software supply chains multiplied sevenfold over the past 3 years. Software supply chains must be secured just as industrial supply chains are secured from components to assembly to delivery. This is becoming even more pressing as open source software use and attack surfaces widen.

ShiHan Wan, CEO,  Xeol: "Now is the right time to come out of stealth mode to tackle the software supply chain problem with foundational standards like Software Bill of Materials (SBOM) and Supply-chain Levels for Software Artifacts (SLSA) gaining traction. These standards allow us to go much deeper and be much more accurate with supply chain risks like outdated software"

Xeol's focus is to secure software throughout its lifecycle beginning at the code repository all the way through delivery to customers. The team starts by managing enterprises' end-of-life software whose publishers no longer provide security patches. Attackers typically gain access to vulnerable systems by phishing, then exploiting unpatched software. PCI 4.0, a security standard for handling payment card data, will mandate that companies have a program to manage end-of-life software, highlighting the growing threat surface.

Since launching the company four months ago, Xeol has already signed its first Fortune 500 customer. For this customer, the team was able to identify more than 2,000 end-of-life software components and reduce the company's exposure by 60%.

Mike Brown, partner, Shield Capital: "Xeol is building the next generation of protection for the software we rely on every day to run our businesses. This software makes up a part of our national critical infrastructure and must be protected."

www.xeol.io