Today we’re excited to announce the general availability of DeepSurface®, representing four years of working towards our vision of the best vulnerability management platform available. Thanks to the whole team, we’re releasing the result of years of research, hard work, and determination. We’re proud to be able to share it with our new and existing clients. I truly believe it represents the biggest and best change in vulnerability management in the last decade.

Before I go into why and how our product will transform vulnerability management, I’d like to share a bit about the journey to get here:  

  • 2016: 4 years ago our CTO, Tim Morgan, gathered a group of CISOs and security experts around a boardroom table in the World Trade Center in Portland, OR and explained his concept for what DeepSurface could be. Every person in that room (including me) had the same three responses: 1) We didn’t think it could be done. It was too complicated. It was too big of a problem; 2) If anyone could do it, it would be Tim. (He’s devilishly talented and a great red team hacker) We had complete confidence that, if he said he could do it, he could; and 3) We would be first in line to sign up for the product when it came out.
  • 2016-2018: Tim put his head down for two years of 60 hour weeks and the result was the alpha version of DeepSurface. We’re incredibly grateful to those brave souls who installed DeepSurface on their network and set it loose to do its work. When we first launched, it crashed a lot. It ran out of memory many times. It froze for seemingly no reason. But, when it worked…it was magic. On the screen was a hacker roadmap showing those CISOs exactly how an intruder would penetrate and navigate their network and get to their crown jewels.
  • 2019-2020: Within a couple months the major defects were all fixed and we started a beta program. About a dozen companies signed up to have the product installed and their teams trained on how to use it. We worked with the beta customers over the last year to improve the interface and reporting tools so they had the visibility to the threat model they needed, and behind the scenes Tim was making it 10 times faster. And then 10 times faster again.
  • 2020: Investors got excited. We started raising money on March 7, 2020 (arguably the worst date in recent history to begin fundraising). Within 10 days, Portland was on lockdown. Airlines were shutting down. Many of our customers (especially in higher ed and healthcare–some of our best customers) were literally fighting for their lives and the lives of other people like never before. They had exactly zero time to talk with us. So we had to pivot quickly to other customers. We started signing up name brands. The investors saw how customers were embracing DeepSurface, got the vision, and soon we had a million dollars in the bank. No more living on ramen and caffeine.  

Today, DeepSurface is ready for primetime. It’s the industry’s first automated Predictive Vulnerability Management™ suite of tools.

  • It digs deep into your network, and gathers all the context an analyst would need to really understand the threat landscape of an enterprise network.
  • DeepSurface pulls in your vulnerability scans, then does a deep authenticated scan of your network to gather all user permissions and activity, application permissions, host configurations, network topology and ACLs.
  • Next it computes all the pathways an attacker could use to successfully compromise that network.
  • Finally, taking into account where your network’s most critical network assets are, it rank-orders all the vulnerabilities on your network by business risk–including telling you which seemingly critical vulnerabilities pose no risk at all.

By automating the labor-intensive manual process of gathering context, analyzing and prioritizing vulnerabilities on enterprise networks, it shows you every day exactly where the most risk is on your network. That report doesn’t just point to a vulnerability and say, “go fix this!”, but it provides a full report on the vulnerability, how to fix it, what other hosts have that vulnerability on your network, and what other CVEs you’ll be remediating by applying the fix.

Let me sum up:

  • Old way: Scan your network with a vulnerability scanner and get a hundred pages of vulnerability reports. Spend as much time and resources as you can possibly afford analyzing that list. Once a year, spend as much money as you can afford for professional services to show you the worst of the worst on your network. Oh, and that report is pretty useless within 2 months as your network has changed and there are over 2,000 new CVEs released.
  • New way: Release the Kraken! Actually, install DeepSurface on your network–which takes all of 20 minutes–and soon your team has actionable intelligence. DeepSurface calculates everyday, in rank order, where your business risk is and how to fix it.

Here’s what some of our early customers have said:

“We had a generic industry list of vulnerabilities to patch, but we weren’t answering a critical question: ‘Are we actually vulnerable to this? I think the bang for the buck for DeepSurface Security is better than just about any other tool I’ve seen.”

“DeepSurface is a remarkable blend of expertise and elbow grease. It consumed information from a strikingly comprehensive set of systems in our network and then created exactly the view of our infrastructure a hacker would wish for.”

“This is exactly what I wanted to build at [Fortune 500 company] for 4 or 5 years before. I don’t think anyone has been able to do this integration with network vulnerabilities and accounts.”

We’re very excited about this announcement and would love to show your vulnerability team what DeepSurface can do for you. You can schedule a demo of the product at or you can reach sales directly at: contact.sales at deepsurface dot com.