2017wasn’tagreatyearofcybersecurity Wesawalargenumberofhighprofilecyberattacks;which
includedWannaCryransomwareattack,Petyavirus,Uber,Deloitte,etc.Despitemultiplesecurity updatesandnumerouspatches,thenumberofattackscontinuestorise,whicheventuallyraisesa questionhowtobesafeinthisworldofweb.So,let’slookatsometrendsandfuturepredictionsforthe nearfuture.
Ransomwareattackshavebeengrowingatasteadypaceduringlastfewyears,butitseemslikeregular usershaven’tlearnedmuchfromtheattacks.So,theWannaCryattackhashighlightedtheneedtobackup dataregularly,keeppatchingandupdatingsystems,andstrengthenthereal-timedefenses.Iforganizations andindividualstookthesesimplesteps,thenwecouldreducetheimpactofransomwaredramatically.
WiththeadventofIoT,wearerollingoutmoreandmoresensorpackeddevicesthatarealwaysconnected totheinternet,butIoTstillremainsoneoftheweakestlinksforcybersecurity.Mostofthetimethese deviceslackessentialsecurityfeaturesormanycasestheyaren’tcorrectlyconfiguredorrelyupondefault passwordsthateventuallyprovideseasyaccesstotheattackers.So,thesepoorlysecuredIoTdevicesare thereasonforthegrowinguseofbotnets,whichcanbeusedforvolumetricattacks,identify vulnerabilities,orforbruteforceattacks.
Manyorganizationsarestillusingsingle-factorauthentication,whichrelieson“somethingyouknow.”Till nowcompaniestendtoshyawayfromimplementingmulti-factorauthentication,astheybelievethatitcan negativelyaffectuserexperiences.However,accordingtorecentresearch,there’sagrowingconcernabout stolenidentitiesamongstthegeneralpublic.
Theriseofstateornation-sponsoredattacksarethemostconcerningareaforthecybersecurity experts.Theseattacksaremotivatedbypoliticalgainandgobeyondfinancialgain.Asexpectedthe levelofexpertisearequitehighwhichmayprovedifficulttoprotectagainst.So,governmentsmust ensurethattheirinternetnetworksareisolatedfromtheinternetandprovideextensivesecurity checks.Additionally,thestaffneedstobetrainedinordertospotattacks.Finally,it’sessentialthat nationsworktogetherandsharetheinformationtheyhaveregardingstate-sponsoredthreats. So,thedireneedofcompetentcybersecuritysolutionprovidershasmadeuslookfor,“The10Most TrustedCyberSecuritySolutionProviders,2018.”
OnourcoverpagewehaveDERMALOGIdentificationSystemsGmbH,whichisanexpanding companybasedinHamburgwithadditionalofficesinMalaysiaandSingapore,asaresultofstrong growthintheregion.
Wealsohave,SonicWall,whichhasbeenpreventingcyber-crimeforover25years,defending small-andmedium-sizedbusinessesandenterprisesworldwide;Logsign,whichisanext-generation SecurityInformationandEventManagementsolution,primarilyfocusedonsecurityintelligence,log management,andeasiercompliancereporting;Seceon,whichenhancesthewayorganizations recognizecyberthreatswithspeedandaccuracy,preventdamageusingsurgicalcontainment,and predictinsiderattacksthroughbehavioralthreatdetectionmodelingandmachinelearning;IT-CNP, aninformationsolutionProviderCompanywhichofferspremiersolutionstotheUSgovernment; CodeDx,isasoftwarevulnerabilitymanagementsystemthatcombinesandcorrelatestheresults generatedbyawidevarietyofstaticanddynamictestingtools;PreySoftware,whichletsyoutrack &findyourphone,laptop,ortablet;TinfoilSecurity,asimple,developerfriendlyservicethatlets youscanyourwebsiteforvulnerabilitiesandfixthemquicklyandeasily;Avatier,isaproviderof identitymanagementsoftwareandsolutionsthatacclimatetobusinessuserstoprovideanintegrated frameworkforbusinessoperations;andEntrustDatacardCorporation,whichoffersthetrusted identityandsecuretransactiontechnologiesthatmakethoseexperiencesreliableandsecure. Solutionsrangefromthephysicalworldoffinancialcards,passportsandIDcardstothedigitalrealm ofauthentication,certificatesandsecurecommunications.
HappyReading!
Kaustav Roy
HeadquarteredinHamburg, Germany,DERMALOG IdentificationSystems GmbHhasbeenshapingtheworldof securityformorethantwodecades. DERMALOGisGermany’spioneerin biometricsandthelargestGerman manufacturerofbiometricdevicesand systems.Thecompanyprovidesawide rangeofbiometricidentification solutions,includinglatestgenerationof fingerprintanddocumentscannersas wellashigh-performanceAutomatic FingerprintIdentificationSystemsand AutomatedBiometricIdentification Systems(ABIS).Theproductportfolio iscomplementedbybiometricborder controlsystems,biometricIDcards andpassports,aswellasbiometric votingsystems.
DERMALOGhasbeenrevolutionizing biometricsecurityproductsforlaw enforcement,civilauthoritiesaswell ashealthandsecurityagencies,and developingsolutionsforaccessand datasecurity,authorizationand authenticationservicesaswellas mobilesecurity.Governmental authoritiesaswellasprivate businessesallovertheworldtrust DERMALOG’sexpertiseandstate-ofthe-artbiometricproducts.That’snot all,DERMALOGhasimplemented oneoftheworld’slargestbiometric installationsinNigeria.Thebranches of23banksandtheCentralBankof Nigeriahavebeenequippedwith
DERMALOG’sABIS.Bankcustomers areclearlyidentifiedbyfingerprints andfacepatterns,whicheffectively preventsfraudpracticeswithfalse identities.Nigerianbankshavealready successfullyregisteredmorethan32 millioncustomerswithDERMALOG’s AutomatedBiometricIdentification System.
“DERMALOG as manufacturer, supplier and System Integrator is able to implement solutions very quick, even into existing projects. Our “Turnkey Solutions” are reliable, intuitive to operate and most of all fast and secure,” addsGüntherMull,Founder ofDERMALOG.
Thecompanyhasdevelopedsolutions like‘FingerLogin’,‘FingerPayment’, and‘FingerBanking’aswellas automaticfaceandirisrecognition. ApartfromGermanyandEurope,the mainmarketsofDERMALOGrevolve acrossAsia,Africa,LatinAmericaand theMiddleEast.Today,morethan150 governmentagenciesandover40 banksinmorethan80countriesare usingDERMALOGstechnologyand turnkeysolutionsforbiometric identification.
APioneerinFingerprint IdentificationSystems
GüntherMullstudiedhumanbiology attheUniversityofHamburg,where hebeganresearchingfingerprintsback
in1980.From1984,hewas responsiblefortheautomationof fingerprintandpalmprintevaluations aspartofaresearchprojectatthe HamburgInstituteofHumanBiology andworkeduntil1990asalecturerin appliedstatistics.Afterservingasthe headoftheInstituteof Dermatoglyphicsforseveralyears,he foundDERMALOGIdentification SystemsGmbHbackin1995.The Hamburgbasedcompanyspecializesin thedevelopmentofAutomated FingerprintIdentificationSystemsand fingerprintbiometricsfordocuments andnationalIDprojects.Presently, DERMALOGtechnologyisusedin morethan220large-scaleinstallations acrosstheplanet.
WhenDERMALOGhelped CountrieswithitsSolutions Backin2016,theNigeriangovernment foundthatmorethan23,000officials eitherdidnotexistwiththeirregistered nameorreceivedtheirsalary unlawfully Thisgavethecountry monthlysavingsof10.5millioneuros andmakesasustainablecontributionto thepositivedevelopmentofthe Nigerianstate.Thecasesoffraudwere identifiedusingDERMALOG’s AutomatedBiometricIdentification System.Originallythesystemwas developedfor23Nigerianbanksand fortheCentralBankofNigeriain ordertoidentifybankcustomers throughfingerprintandface
We are the pioneer in the development of biometric products and solutions.
“ “
recognitionbeforeopeningor accessingabankaccount.Inthis system,everycustomerreceivesan individualnumber.Sinceitsvery introductioninNigeria,morethan32 millionbankcustomershavebeen registeredtilldate,whereintheirbank accountsarebackedby DERMALOG’sinnovativebiometrics.
“Specific requirements due to the security situation and the local conditions are our daily business,” emphasizesMr.Mull.
DERMALOGhasrolledouta BioScreensystemwiththe Immigration&CheckpointsAuthority ofSingapore.Thisspecializedsystem capturesthethumbprintsofvisitors arrivinganddepartingatSingapore’s checkpoints,aspartofitsongoing effortstoenhancesecuritylevels.Now, itiscompulsoryforforeignvisitorsto scantheirthumbprintseachtimethey enterorleaveSingapore.Withthe BioScreensysteminstalledinthe passengerhallstopickuptravelers’ thumbprints,itremindstravelersthat securityinSingaporehasthehighest priorityoverallthreats.Singapore reportsthatafingerprintchecking systeminstalledatbordersishelpingto
findpeoplewhohaveviolated immigrationlaws.
Currentlythediscussionaboutsecurity isdominatedbyrapidlyincreasing digitization.Understandably,this developmentalsoleadstoawider choiceofsecurityproducts. DERMALOGactivelyparticipatesin thisprocesswithinnovativesolutions forsecurebiometricidentifications.As anexample,withDERMALOG’s password-freelogin,companiescan significantlysimplifytheiruser managementbyallowingemployeesto logontocomputersbyfingerprintor facerecognitionfeatures.Thesystem issafer,morereliable,andmuchmore comfortablethanpreviouspassword protectedsolutions.
Thecompany’smajorstrengthsinclude innovativeproductsandtheir unmatchedadaptability Working closelywithitscustomers, DERMALOGalwaysdevelopsthebest possiblesolutioninremarkablyfast timefortheindustry Thisflexibilityis oneofthemostimportantcornerstones ofthecompany’ssuccess.Also, DERMALOG’sinnovativesolutions provideoutstandingservice.Theoffer
rangesfromprojectmanagement, installationandcustomizationto maintenanceandsupportofdelivered products.
DERMALOG’sgoalhasalwaysbeen todeliverthebestsolutionforits customers,whichrequirescreativity andthewillingnesstobreaknew ground.Withtheclaimtobean innovativeleader,thecompanyis alwaysopentonewideas.Thisisalso partofDERMALOG’scorporate culture.Asanexample,flathierarchies enablerapiddecision-makingand acceleratethedevelopmentofnew solutions.Additionally, DERMALOG’semployeeshaveahigh levelofpersonalresponsibility.
Ultimately,withinthebiometrysector, multi-biometrics,thecombinationof twoormorebiometriccharacteristics, iscurrentlyontherise.Therefore, DERMALOGhasdevelopedan AutomatedBiometricIdentification System(ABIS)thatsimultaneously comparesfinger,faceandeyedatafor maximumaccuracy With DERMALOGABIS,thecompany positionsitselfasaninnovativeleader andoffersthenextlevelofsecured
identification.Thesystemisalreadyinusearound theworld,inbankingandbordercontrolaswellas inissuingofficialdocuments,suchaspassportsand driver’slicenses.
Inthefaceofincreasingmobilityofpeopleand goodsinaglobalizedworld,governmentsneedto findabalancebetweenfastprocessingandsecure borders.Basedonitsexperiencefromworldwide projects,DERMALOGofferssolutionstodevelop andimplementBorderControlSystemsaswellas checksforsecurebordermanagement.
OneofthelatestDERMALOGbordercontrol productsisthe DERMALOG Gate.Itisthefirst fullyautomatedelectronicgatethatuses3Dsensor high-resolutioncameratechnologycombinedwitha preciselydefinedfieldofview.Itguaranteesonly onepersonatatimecanpassthegate,providinga highlysecurefacerecognition.Theintegratedfront scannerenablesfastreadingofnumerous documentssuchaspassports,IDcards,e-IDcards andflighttickets.TheDERMALOGGatereduces transittimes,providesaself-serviceprocessand increasestheattractivenessofusingtheairport.
DERMALOGoffersbiometricsolutionsforbanks andmanufacturersofautomatictellermachines (ATM).Thisincludesthelargestbiometricbanking projectworldwide(USD50million),whichwas deliveredbyDERMALOG(BVNProject):23 banksandtheCentralBankofNigeriawere providedwithDERMALOG’sABIS,toprevent doubleidentitiesamongbankcustomersthrough differentmeanssuchasfingerandfacerecognition andguaranteesthebest-possiblebiometric identificationofcustomers(KYC)forthesebanks. Furthermore,manyATMsacrosstheglobehave beenequippedwithDERMALOG’sfingerprint technology
In addition to our innovative range of services and the expertise and motivation of our employees, this fact is also based on the satisfaction and loyalty of our customers.
“ “
Avatier avatier.com
CodeDx codedx.com
DERMALOG dermalog.com
NelsonCicchitto Chairman, FounderandCEO
AnitaD’Amico CEO
GüntherMull
Founderand ManagingDirector
EntrustDatacard Corporation entrustdatacard.com
IT-CNP it-cnp.com
Logsign logsign.com
ToddWilkinson Presidentand ChiefExecutiveOfficer
CynthiaGibson InformationSecurity ComplianceManager
AvatierCorporationisaproviderofidentitymanagement softwareandsolutionsthatacclimatetobusinessusersto provideanintegratedframeworkforbusinessoperations.
CodeDxEnterpriseisasoftwarevulnerabilitymanagement systemthatcombinesandcorrelatestheresultsgeneratedbya widevarietyofstaticanddynamictestingtools.
DERMALOGIdentificationSystemsGmbHisanexpanding companybasedinHamburgwithadditionalofficesinMalaysia andSingapore,asaresultofstronggrowthintheregion.
EntrustDatacardoffersthetrustedidentityandsecure transactiontechnologiesthatmakethoseexperiencesreliable andsecure.Solutionsrangefromthephysicalworldoffinancial cards,passportsandIDcardstothedigitalrealmof authentication,certificatesandsecurecommunications.
IT-CNPisinformationsolutionProviderCompanywhichoffers premiersolutionstotheUSgovernment.
VeyselAtaytur CEO
Logsignisanext-generationSecurityInformationandEvent Managementsolution,primarilyfocusedonsecurity intelligence,logmanagement,andeasiercompliancereporting.
PreySoftware preyproject.com
CarlosYaconi CEO Seceon seceon.com
ChandraPandey founderandCEO
SonicWall sonicwall.com
TinfoilSecurity tinfoilsecurity.com
BillConner PresidentandCEO
AinsleyBraun, Co-founder&CEOand MichaelBorohovski Co-founder&CTO
Preyletsyoutrack&findyourphone,laptop,ortablet.
Seceonisanorganizationthatenhancesthewayorganizations recognizecyberthreatswithspeedandaccuracy,preventdamage usingsurgicalcontainment,andpredictinsiderattacksthrough behavioralthreatdetectionmodelingandmachinelearning.
SonicWallhasbeenpreventingcyber-crimeforover25years, defendingsmall-andmedium-sizedbusinessesandenterprises worldwide.
TinfoilSecurityisasimple,developerfriendlyservicethatlets youscanyourwebsiteforvulnerabilitiesandfixthemquickly andeasily
Adigitalidentityisan individual’sonlinepresence; itcomprisesinformation relatingtotheirpersonalidentityas wellasotherdata.Theprotectionof thisinformationiscrucialto safeguardtheindividual’sidentity.
AvatierCorporationprovides flexibleidentitymanagement softwareandsolutionsthatallow businessuserstoconstructan integratedframeworkforbusiness
operations.Itsidentitymanagement solutionsrequirefewerlogin credentialsbutenablecollaboration acrossandbeyondbusiness boundaries.
Avatierhasalsocreatedtheworld’s firstIdentity-as-a-Container(IDaaC) platform.ThisIDaaCcombinesthe bestofIdentity-as-a-Service(IDaaS) andon-premisesidentity managementofferingswhile deliveringgreaterflexibilityand controlthanhybrididentity managementsolutions.
Avatier’sprimaryvisionisto acceleratetheadoptionofidentity management.Thecompanyplansto accomplishthisbyproviding organizationsandtheiremployees, partners,andcustomerswithsecure andeasyaccesstoapplications, assets,andelectronicforms.
NelsonCicchitto,theChairman, FounderandCEOofAvatier establishedthecompanyin1997.
Nelsonspent5yearsleadingthe developmentofChevron’sCommon OperatingEnvironment(COE)IT efforts.Itwasherethatherecognized thepressingneedtomanage MicrosoftNTandExchangeasone system.
AsAvatier’sCEO,hekeepsthe companyaheadofthecompetitionby constantlyseeking–andfinding –waystotakethecomplexandmake itsimple.Nelson’sleadershipfosters innovation,creativethinking,and documentingprocesses.
Thesefactorshaveallowedhimto developasystemwhereallnonrevenuegeneratingbackofficeapps andemployeeassetscanbemanaged asonesystem.
Avatierdevelopsstate-of-theart identitymanagementplatformsthat enableorganizationstoscalefaster, innovatequicker,conquerand embracechange,andtodominate competitionworldwide.ItsIdentity AnywhereproductbringsCloud servicesandemployeeassets togetherandallowsorganizationsto managethemasonesystem.
IdentityAnywherePassword Managementistheworld’sfirstselfservicepasswordresetsystem.It usesDockercontainertechnologyto runanywhere-onanyCloud,on premises,oronaprivateCloud hostedbyAvatier
AccessGovernanceisthemost portable,scalableandthemost
securesolutioninthemarket.Itenablescustomersto conductaccesscertificationsofITauditfromanydevice, seethelistofauditsduealongwithidentityandaccess governanceitemswhichhavenotbeenreviewed, practicesecurityandcompliancemanagementwiththe touchofafinger,andapproveandrevokeaccess.
IdentityAnywhereSingleSign-On(SSO)gives employees,partnersandcustomerssecureaccessto publicandprivatewebapplications.AvatierSSO leveragesexistinggroups,OU’sandusersinthe customer’snativedirectorytodelegatewebapplication access.Withbuilt-inSaaSlicensingmanagement,Cloud subscriptioncostscanbecutby30%ormore.SSO integrateswithIdentityAnywhereLifecycle managementforautomaticuserprovisioningand de-provisioning.
Avatieristheonlycompanywhichhasthecapabilityto providesolutionsthatadapttotheneedsofthebusiness userandallowsthemtodeliveraunifiedframeworkfor businessprocessesacrossoperations.
Industryanalystsandcustomershaveindemnifiedthat Avatier’sidentitymanagementandaccessgovernance solutionsmaketheworld’slargestorganizationsmore secureandproductiveintheshortesttimeandatthe lowestcosts.
BymovingitsIdentityManagementsolutionfromREST APIstoDockercontainersandaddingorchestrationfor auto-scaling,continuousdelivery,andtransparentload balancing,Avatierhasbecometheonlyvendorthat allowscustomerstoplaceitssolutiononanyCloud.This alsoallowsAvatieroranyothervendortotakethesame instanceandhostitforthemasamanagedsolution.
Avatier’ssolutionsincorporatethelatestDocker containertechnology,arecloudagnostic,andmaybe hostedbyAvatier,runon-premises,oronanyprovider’s Cloud.ContainertechnologyorIdentityasaContainer (IDaaC)providesthebenefitsofspeedydeployment continuousdeliveryofcloud-only(IDaaS)providersbut withgreatercontroloveryouridentityrepository, maximumsecurityandflexibilityatthelowesttotalcost ofownershipintheindustry
Bycontrast,hybrididentitymanagementprovidersthat donotleveragecontainertechnologyfacetheverysame
problemsonpremisesastraditionalidentitymanagement providers.
Avatierboastsaclienteleofover500worldwide customers,rangingfromtheGlobal100tothesmallest businesses,acrossawiderangeofindustries,technology topharmaceuticalstoevenmanufacturing.
Avatierconsidersfeedbackfromitscustomersoneofits greatestsourcesofinnovationandinspiration. “Customers become our strongest advocates and drive us to continuously evolve our offerings to be the most secure and scalable in the industry,” statesNelson.
Thecompanyeveninvitescustomerstoserveonits customeradvisoryboardwheretheyhavedirectinput intoproductsindevelopmentatAvatier.
Therearemanyapplication securitytechniquesavailable today,butnotallsoftware securityvulnerabilitiescanbefound byanyoneofthem.Everydetection techniquehasitsadvantagesand disadvantagesandsuchtoolsare mutuallycomplementary;usingthem inconjunctioncreatesamore comprehensivesafetynet.CodeDx, Inc.wasfoundedontheprinciple thatapplicationvulnerability managementshouldbeanintegral partofthesoftwaredevelopment process,andthatcanonlyhappenif itisconvenientandlogical.This approachhelpsdevelopersand securityprofessionalsmaketheir
softwareassecureaspossibleusing anintegratedcollectionofopensourceandcommercialtools.
CodeDxbuiltitsflagshipproduct, Code Dx Enterprise,tocombineand correlatedifferenttoolsand techniquesunderonesoftware vulnerabilitymanagementsystem. Theadvantageisthatonesetof resultsareconsolidatedacrosstools, oneuserinterface,onereporting function,andacentralmethodfor prioritizingandassigning vulnerabilitiesforremediation. Developersandsecurityanalystscan usethesereportsandCodeDx’s remediationguidancetocoordinate anddecidewhichvulnerabilitiesto fixfirst,andstreamlinethetracking oftheirremediation.
AnitaD’AmicoistheCEOofCode Dx.Shehasauniquebackgroundas ahumanfactorspsychologist, cybersecuritysituationalawareness specialist,andasecurityresearcher. Thisexceptionallydiverse backgroundandAnita’sabilityto developavisionandfuelitwith energy,goodcommunication,and effectiveleadershiphaspropelled CodeDxtowhereitistoday
Underherleadership,CodeDxhas developedinnovativeapplication vulnerabilitycorrelationand managementsolutionsthatare breakingdownbarrierstousing ApplicationSecurityTesting(AST) toolsandprocesses,andenabling organizationstoprotectagainst softwarevulnerabilities.
DrivenbytheWord‘Together’
Whiletheindustryisworkinghardto deliverpowerfulASTtools,CodeDx Enterpriseisdifferentbecauseofits focusonmakingthosetoolswork togethertoproducebetter,actionable resultsevenfasterandwithless effort.Thus,customersseeCodeDx Enterpriseasavaluemultiplierfor theirexistingASTinvestments.
CodeDxEnterpriseautomatically configuresandruns15different open-sourceASTtoolsdirectlyfrom withinthesolution.Whencustomers feedtheircodeintoCodeDx Enterprise,itautomaticallyidentifies thelanguage,thenselectsandrunsan appropriatesetofopen-sourcetools tofindvulnerabilitiesintheircodeas wellasthird-partylibraries,andthen consolidatestheresults.CodeDx Enterprisealsoseamlesslyintegrates withawidevarietyoftheindustry’s bestcommercialstatic,dynamic,and
interactiveASTtools.Mergingopen-sourceresultswith toolsthattheyalreadyknowandlikeextendsthevalue oftheirAppSecinvestment.
CodeDxEnterprisealsostandsoutwithitsseamless integrationintothesoftwaredevelopmentprocesses.It assimilateseffortlesslywithseveralintegrated developmentenvironments(IDEs),buildserverslike Jenkins,andissuetrackerslikeJira.CodeDxhasalso madeconsiderableeffortinthepasttwoyearstobe easilyadoptedintotheDevOpsprocess.
CodeDxfillsacriticalholeinthecybersecuritymarket withitssoftwarevulnerabilitycorrelationand managementsolutions.Thecompany’steamofexpert developershascreatedhigh-valuesoftwaresystemsfor demandingcommercialandgovernmentcustomers,and theyparticipateincomplexcybersecurityresearchand developmentworkforvariousgovernmentagencies.As aresult,CodeDxunderstandsthereal-worldchallenges facedbysoftwaredevelopersandsecurityanalystsin securingtheirsoftware.Itsteamoftooldevelopersand applicationsecurityspecialistsisdedicatedtoproviding thetools,techniques,andsupportneededbyapplication developerstoassurethesecurityoftheirsoftware productsandservices.Theteam’semphasisison buildingasafersoftwaresecuritysupplychain.
CodeDx’scollaborationwithclientsandgovernment researchsponsorsovertheyearhavegivenitthe knowledgeandexpertisetobuildfuturisticsolutionsin real-time,andprovidetop-notchcustomerserviceand supportaswell.
Anitaadds,“Code Dx Enterprise saves time and valuable resources needed to secure your applications, whether you are just getting started or have a mature application security practice, by streamlining software vulnerability management through all its phases: discovery, consolidation, triage, prioritization, and remediation.”
CodeDxiscommittedtoprovidingthehighestlevelof supporttoitscustomers,whomostlyspecializein shippingsoftwareproductsbutoptforsecuritybecauseit isimportanttothoseproductsandtheirclientswhouse them.Hence,CodeDxextendsitssupportbeyondjust
Anita D’Amico CEO
helpingitscustomerstouseitstoolseffectively The companyalsoadvisesthemonhowbesttoapproach applicationsecurityandbuildsecuresoftwareinthe developmentprocess.Thiscomprehensiveapproachhas enabledCodeDxtosustainandbuilduponitslong-term globalandregionalpartnerships.
Thesecurityservicessectorwillcontinuetogrowas morepeopleunderstandandacceptthatconducting businessintheinternetageisfraughtwithcybersecurity risks.However,CodeDxhasalsoseenthatenterprises arebeginningtoacceptresponsibilityforensuringtheir ownsecurity,andbringingmanyoftheactivities previouslygiventotheservicesectorin-house.These evolutionsarecreatingnewopportunitiesforsecurity serviceproviderslikeCodeDxwhoareadaptingtothe newtoolsandsupportingtheirapplicationsecurityneeds toleveragetheirprocesses.
Theconceptofdigitalidentity hasevolvedtoapointthat wasscarcelyimaginablenot verylongago.Theshiftfrompaper documentstoembeddedchipsto digitalidentificationisgivingwayto cloudtechnologythatsurpassesthem all.
Paralleladvancesaretransforming thewayweinteractwitheachother andwithourgovernment,howwedo business,andhowweliveinan increasinglyinterconnectedworld. Thisrevolutionisbeingdriven, adaptedandmoldedbyaselect
“ “
groupofcompaniesoneofthose companiesisEntrustDatacard.
EntrustDatacardisnotanewcomer tothefield.Establishedin1969,it hasgrowntoemployover2,200staff spreadover37locationsacrossthe globe,whodealwithclientsinover 150countries.Thecompanyis headquarteredinShakopee,MN.
Itbeganitsjourneyasaproviderof financialcardpersonalization technology.Today,itsproductsand solutionsencompassvirtuallyevery
aspectofourlivesasindividuals, customers,employees,business entitiesandcitizens.Theyaretrusted byfinancialinstitutions,digital enterprises,andgovernments.
Ourworldmayhaveshrunkwiththe adventofthedigitalage,butitalso seemstohavebecomeaplacewhere thethreatstooursafety,securityand privacyhaveexpanded.Weliveina worldofdevicesbeyondcomputers towhichweareconstantly connected,andtowhichweentrust criticalinformation.
Unfortunately,bothindividualdevicesandnetworksare vulnerabletoattacks.Theseattackscompromisenotjust personalandprivateinformationbutregularlyresultin lossesthatcompromisefarmorethanmonetary possessions.
ItisherethatEntrustDatacardhasproventobea trustworthypartner,notonlyforyouandI,butforany businessthathasanonlinepresence,andevennational governmentswhoneedtomaintainandoversee e-servicesandbordercontrols.
TheEntrustDatacardteamisledbyToddWilkinson, PresidentandChiefExecutiveOfficersince2008. Priortothat,hespentthreeyearsasthecompany’sChief FinancialandAdministrativeOfficer.
Mr.Wilkinsonoversawthemergeroftheindividual entities,EntrustandDatacardthatcreatedtheEntrust Datacardbrandin2014.Hemanagedthetransitionina mannerwhichaccordedduerecognitionandrespectto theconstituentcompaniesandtheirdistinctiveheritage, whileintegratingtheirtechnologiestocreatean organizationcapableoftacklingthechallengesofthe digitalera.
HiscareerbeforeEntrustDatacardincludesexecutive positionsatGeneralElectricandUSGCorporation.Mr. Wilkinson’salmamaterisNorthernIllinoisUniversity, fromwhichheholdsbothaBachelorofScienceanda MasterofBusinessAdministrationdegree.
Thefoundersoccasionallyforgetaboutimplementingimportantfundamentalsofsecurityandstartrunningafter
shiningtechnology Thesecuritybudgetsarelimited,sotheyneedtobesureaboutcoveringhighestbreachareas beforemovingontootherthings.
IBMreportedthatmorethanabillionpersonaldatawasstolenandleakedin2014alone,whichmadeitthehighest recordednumberinthelast18years.Criminalsarealwaysastepaheadoftheexistingsecuritysystems.Socompanies shouldhavebeststrategiesandpracticesforenterprisesecurity
Sohowdoweensuretohavethebestsecuritysystems?Itallhastodowithhavingasolidfoundation,whichstartswith thesebasicpractices.
Firewallsarethefirstlineofdefenseforanyenterprise.Itbasicallycontrolstheflowofthedataanddecidesthedirection offlowofdata.Thefirewallkeepsharmfulfilesfrombreachingthenetworkandcompromisingtheassets.Thetraditional processforimplementingfirewallsisattheexternalperimeterofthenetwork,buttoincludeinternalfirewallsisthe popularstrategy Thisisoneofthebestpracticesofcompaniesbymakingitthesecondlineofdefensetokeepunwanted andsuspicioustrafficaway
Routersaremainlyusedtocontroltheflowofthenetworktraffic.Butroutersdohavesecurityfeaturestoo.Modern routersarefullofsecurityfeatureslikeIDS/IPSfunctionality,qualityserviceandtrafficmanagementtoolsandstrong VPNdataencryptionfeatures.ButveryfewpeopleuseIPSfeaturesandfirewallfunctionsintheirrouters.Tohave improvedsecurityposturecompaniesneedtouseallthesecurityfeaturesofrouters.
Itishighlycommontoreceiveemailsfromthesuspicioussources.Theemailisthemaintargetforthecriminals.An86 percentoftheemailsintheworldarespam.Evenifthelatestfiltersareabletoremovemostofthespamemails, companiesshouldkeepupdatingthecurrentprotocols.Iftheno,ofspamemailsarelarge,thenitonlymeansthecompany isatgreaterriskofgettingmalware.
Tomakesureyourcomputerpatchedandupdatedisanecessarystepifyouaregoingtowardsfullyprotectedenterprise.If youcan’tmaintainitright,thenupdatingalreadyinstalledapplicationsisanimportantstepinenterprisesecurity.Noone
cancreate100percentperfectapplications,butonecanmakechangesaccordinglytryingtokeepitwiththepace.Thus, makingsureyourapplicationisupdatewillletyouknowtheholesprogrammerhasfixed.
Youmaywonderthatwhysecuringlaptopsandmobilesisinthelist.Butitistruethatsecuringlaptopsandmobilephones thatcontainsensitivedataofenterprises.Unlikedesktopcomputersthatarefixed,laptopsandmobilesareportableand thusareathigherriskofbeingstolen.Makingsureyouhavetakensomeextrastepstosecurelaptopsandmobilesisas importantasimplementingstrongfirewalls.Encryptinglaptopsandmobileswiththehelpofsoftwaresisagreattacticto befollowedforsecuredenterprises.
Thisisthemostobviousfeatureofall.Ifcompaniesaren’tusingWPA2wirelesssecurity,thentheyneedtostartusingit. Manymethodsofwirelesssecurityare insecureandcanbecompromisedinminutes.IfcompanieshavewirelessWPA2 installed,thenitwillbedifficulttobreachforcriminals.
VerizonDataBreachInvestigationsReportstatedthattheattacksagainstwebapplicationsintherecentyearshave increasedatanalarmingrate,withover51percentofthevictims.SimpleURLfilteringisnolongersufficient,asattacks arebecomingmorefrequentandcomplex.ThefeaturesthatneedtobeconsideredforwebsecuritysystemsareAV Scanning,IPreputation,MalwareScanning,anddataleakagepreventionfunction.Awebsecurityshouldhavetheability tocorrectlyscanthewebtraffic.
Makingsurethatemployeesareeducatedaboutsafeandonlinehabitsisascrucialassecuringenterprisewithtopclass antivirusandfirewalls.Educatingemployeesaboutwhattheyaredoingandhowtobepre-defensiveismoreeffectivethan expectingITsecuritystafftotakestepslater.Becauseprotectingendusersagainstthemselvesisthemostdifficultthingto do.So,employeesmustunderstandhowimportantitistokeepcompany’sdatasafeandthemeasurestheycantaketo protectit.
Whiletheworldisapproachingwithmoreandmorecybertheftandcrimes,thesesimpleandstandardtoolsbased foundationofenterprisesecuritycanprotectthecompaniesfromsuchattacks.
Computerviruses,bugs–even theterm“hack”suggests illness.Withgoodreason: cyberattacksareanewkindofplague st forthe21 century
In2018,databreachesareapervasive andever-presentfactoflife.Cunning criminalscaninfiltrateelectronicfiles fromacrossaroom,oracrossthe globe,withnothingmorethanalaptop oraccesstoanInternetofThings device,whilebarelyraisingtheir pulse.
Governmentnetworks,specifically, aresusceptible–notjustfrom attackers,butalsointerconnectivity issues,hardwaresnafus,usererror, andactsofGod.
Meanwhile,governmentalbudgets continuetoshrink,resourcesfor criticalprotectionscontinuetotighten, andaconstantlyevolvingmorassof regulationsandstandardsmake complianceamaddeningprospect.
Governmentagenciesneedacure.
Foralmosttwodecades,now,IT-CNP hasprovidedanantidote.
TheColumbia,Maryland-based consultingfirmwasoneofthefirst nationalprovidersofgovernmentoriented,FISMA-compliant, FedRAMPcertifiedcloudhostingin thecountry.Itremainsoneoftheonly facilitiesnationwidethatexclusively servesFederal,state,andlocal governmentagencies.
Turnkeycloudsolutions–including policydevelopment,audits, compliance,forensics,analysis,and incidentresponse–areoffered throughIT-CNP’suniquehosting division,GovDataHosting.
“Byidentifyingvulnerabilitiesand implementingcorrectivemeasures,we reducetheriskofcompromised systems,reinforcetheintegrityof agencydata,andensurepoliciesand regulationsareaddressedconsistently acrossallplatforms,”said InformationSecurityCompliance Manager,CynthiaGibson.
Gibsonpreviouslyprovidedmultiple DepartmentofHomelandSecurity agencieswithriskassessmentsupport. Today,sheisresponsibleforthe deliveryofcybersecurityandsecurity complianceservicesforIT-CNP’s portfolioofGovDataHostingcloud customers.
Competitionisatanall-timehigh whenitcomestovyingfor governmentcloudcontracts.The secretofIT-CNP’ssuccessissimple: They’vebeendoingitbetter,longer
“Ourwealthofexperience,garnered frommultiplepastperformances, offersournewcustomersreassurance thattheirsystemswillbeimplemented withlittletonorisk,”Gibsonsaid.
Complementedbystate-of-the-art datacentersand100%uptime performance,GovDataHosting providesfully-managedcloudtoa growingrosterofgovernment agenciesrepresentingindustriesfrom healthcaretodefense,andbeyond.
IT-CNPrealizesthatthereisnoroom forerrorwhenhostingandmanaging thesemission-criticalsystemsinthe cloud.That’swhyalldatacenters, relatedpersonnel,andcustomerdata arelocatedandmonitoredwithin Americanborders.Employees,too, undergoacriminalbackgroundcheck, whilethoseworkingwithsensitive
informationtakepartinagovernment-sponsored backgroundinvestigation.
“Protectinggovernmentsystemsisatremendous responsibility,”Gibsonsaid.“Butwehavecontinuously earnedourcustomers’trustwithdiligenceandattentionto detail.Wefacegovernmentcybersecuritychallengesheadon,deliveringcomprehensive,innovativeresultson-time, withinorunderbudget,andtoourclients’complete satisfaction.”
Caseinpoint:IT-CNPtransitionedamilitaryclientfroma governmentoperateddatacentertoaclouddatacenterof itsown,meetingthecomplexrequirementssetforthbythe DepartmentofDefense.Immediateoperational enhancementresulted,aswellasamarkedimprovement fortheServiceLevelAgreement’sturnaroundtimeand modernization.
IT-CNPalsoassistedwiththetransitionofaDepartment ofHealthandHumanServicesdatawarehouse,evaluating, documenting,andauthorizingPersonallyIdentifiable Information(PII)andProtectedHealthInformation(PHI) inaccordancewithFISMAandHIPAAregulationsand ensuringthatallsystemsadheredtotheFederal government’srigorousstandards.
TheU.S.DepartmentofHealthandHumanServices recentlyrecognizedsuchcapabilitiesandexperienceby awardingIT-CNPwithaBlanketPurchaseAgreementto provideNextGenerationITServicesapplicationhosting, FedRAMPcertifiedcloud,andassociatedmanaged services.
TheawardprovidesHHSoperatingdivisionsandoffices withstreamlinedaccesstoapplicationhostingandcloud migrationresources.
IT-CNP’sservicesaresimilarlyavailableonanumberof pre-negotiatedgovernmentcontractvehicles,including GSASchedule70,NavySeaport-E,andDHS-EagleII.
AsavendoroftheU.S.ArmyACCENTProgram, GovDataHostingservesasapreferredapplication migrationandcloudhostingproviderfortheentire DepartmentofDefense,includingDoDagencies,the Army,Navy,AirForce,andtheMarineCorps.
Astheuniqueneedsofthesecurityservicessector continuetoevolve,IT-CNPhasinitiatedplanstoextendits cybersecuritysolutionsandFedRAMPcloudservicesinto thesouthandsouthwesternpartsofthecountry.
Gibson Information Security Compliance ManagerThehope,saidGibson,istoprovideacoast-to-coast presence,notonlyforcivilianagencies,butalsothe DepartmentofDefense.Twoadditionalclouddatacenters arealsointheworks.
“We’reproudtosupportthequicklyevolvingsecurity needsoftheFederalgovernment,”saidGibson.“Being partofwhatittakestoprotectAmerica’sinfrastructureis thereasonIT-CNPandGovDataHostingwerecreated,and wearecommittedtoofferingourcustomersnothingless than100percentsatisfaction.”
Logsign,headquarteredin California,wasestablishedin 2010asanall-in-one SecurityInformationandEvent Management(SIEM)solutions provider.Itunifies Security Intelligence, Log Management, and Compliance asappliedinvarious industries.
Thecompany’suser-friendly platformhasasmartlydesigned NoSQLandHDFSembedded architecturethatensuresefficient storage,clustering,andrapidaccess tostoredandlivedata.Actively providingservicestomorethan500 SMBsandgovernmentalagencies, Logsignisworkingtowardraising customers’securityawarenesswhile establishingitselfinthefieldof cybersecurity.
Thisnext-generation,all-in-one SIEMsolutionsproviderisprimarily focusedonSecurityIntelligence,Log Management,andeasierCompliance Reporting.Logsignunifiestheview andmonitoringofcloudandlocal data,increasesawarenessviasmartly designed,security-oriented dashboards,andprovidesaclear understandingofmachinedataand enablesreliable,actionableinsights inreal-time.
Logsign’scorefeaturesareLogand EventDataCentralization,Event Mapping,Real-TimeCorrelation, andHistoricalandReal-Time Analysis.Logsigncollectslogsand eventdatacomprehensivelyfrom sourcessuchasfirewalls,routers, IDS/IPS,networkdevices,Windows, Linux/Unix,databases,VMware ESX,mailservers,andwebservers.
VeyselAtaytur,CEOofLogsign,is anElectronicsandCommunications Engineerwithvastexperienceinthe cybersecurityindustry.
Hisin-depthknowledgeof,and experienceinproductmanagement andproductmarketingto cybersecurityserviceprovidersand partnershavecontributed significantlytothesuccessof Logsign.Heisprimarilyresponsible forthebusinessoperations,sales,and marketingofthecompany
Veyselalwaystriestomaintainlongtermrelationshipwithhisclients. ThishashelpedLogsigngrow organicallywhileretainingalarge shareoftheclienteleithasworked withsinceitsincorporation.
“We believe that cybersecurity is a team effort that should continue seamlessly. We focus on customers’ needs and expectations, focus on that we are always on the same side,” assertsVeysel.
Healsorevealsthattheircommunity ofsatisfiedcustomersisgrowing everydayastheteamcontinueswith itsfocusondeliveringaddedvalueto them.
Logsignisanext-genSIEM combinedwithaSecurity Orchestration,Automation,and Response(SOAR)systemand healthcareservices.Withitswelldesignedarchitecture,itprocesses operationalsecurityofsystems, therebyshorteningincidentresponse times,improvingteamefficiency,and decreasingthenumberofrepetitive tasksandfalse-positives.
Thesystemalsoenablesautomatic responsesanddetectionofindicators viaAPIintegrations.
Logsignalsoensurescontrolover bothITandOTinfrastructuresto preventattacksbeforetheyoccurvia
itscomprehensiveSOCsolutions.Ithelpsenterprises andSMBsimprovetheirinformationsecurityprocesses andprocedures,andtoreviewandcreatenewonesin real-time.
Thecompanystrivestocontinuouslyimprovesecurity procedures,remediation,andmonitoringoperationsby learningandadaptingwitheveryincident.
Logsign’suser-friendlyplatformisbackedbyadiligent technicalsupportteamthatprovidescustomersa comprehensive,reliableSIEMsolutionatanaffordable price.LogsignalsohelpsenterprisesandSMBsto improveandremedytheirinformationsecurityprocesses andprocedures.
“We believe that solutions should have a well-designed UX and be human-oriented. SOCs are where technology and humans meet. Security professionals in every line should work more efficiently, effectively, and happily,” saysVessel.
Logsignhasprovideditssolutionstomorethan500 enterprises.Someofthemostprominentnamesamong themareDeloitte,MigrosGlobalRetailChain,Simit SarayiGlobalFoodChain,BMC,Cardtek,FordOtosan, BenettonandPenti.Besidesthesemajorbrands,Logsign productsarealsoemployedbymanyuniversitiesand colleges,hotels,andinsurancefirms.
Thenumberofcyber-attacksagainstindividuals, organizationsandgovernmentalagenciesisincreasing bytheday.
Aswasthecasein2017,phishingattacks,ransomware, andexploitsshowstrongtrendsin2018.IoTand SCADASecurityhavegainedanincreasingpopularity Securityprofessionaltalentshortage,numerousattacks, repetitivetasksandalerts,etc.canbethoughasapartof apuzzle,it’sabigchallenge.
Totackleallsuchthreats,Logsignfocuseson ‘Orchestration,EarlyDetection,Automation,and Response’.Usingthispointofview,Cybersecuritydoes notjustmeansecuritydevices,systemsshouldbe monitored,recovered,andimproved.Logsign’snext-gen SIEMisbeingdevelopedtohelpimprovehumanto
human,humantomachine,andmachinetomachine interactions.
“Our sophisticated and ever-evolving view of threat lifecycle management and collaboration is our strength. Aiming team leaders and executives, to improve efficiency and diminish worries that systems are on. Security analysts working at SOCs are also in our target to help them work easily,” statestheteaminonevoice.
Inmyexperience,whenbusinesses arelookingtofundamentally transformthewaytheywork,they havetotakeaseriouslookattheir cloudstrategyandmakesureit's alignedtotheirbusinessgoals. Whetherthesegoalsaretoincrease operationalefficiency,drivenew revenuestreams,improvecustomer serviceordisruptthemarket,thereare keyprinciplesIadvisebusinessesto follow
Theapproachyoutakewilldependon whatstageyourbusinessisat.Acloud firststrategyisappropriateifyouhave theflexibilitytomoveyourcore businessapplicationstothecloud becauseyou’reanewbusinessor you’renotencumberedbylegacy infrastructure.
Ahybridapproachworksifyouhavea clearplanonwhichapplicationsyou feelcomfortablemovingtothecloud, versusthoseyou’dprefertokeep withinyourownprivatenetworkorat adatacentre.
Ifyou’reatanearlystageinyourcloud strategyandarestillgettingtogrips withtheoptionsavailable,itcanhelp toworkwithamanagedservice providerwhowillmapoutthemost appropriatemigrationpathbasedon whatyou’retryingtoachieve.
Irrespectiveofwhatstageyou’reat, therearechallengesthatmost businessesfaceastheyjourneytothe cloud.
Firstly,upskillingyourinternalITteam tomanagethemigrationcanbeareal challengewhentheskillsrequiredare fundamentallydifferenttothoseofa traditionalITteam.Furthermore,itcan beriskytodivertyourteamawayfrom managingbusinesscriticalIT infrastructuretoplanandimplementa cloudmigrationstrategy.Thiscanbea verysignificantundertaking,andone thatoftenmakessensetooutsourceto anMSPwiththespecialistskillsyou don’thavein-house.
Manybusinesseswillneedtoredesign theirlegacynetworksand infrastructuretosupportthismigration, whichcanbecomplex.Forexample, datathatwaspreviouslyroutedviaa privatenetworktoheadoffice,may nowbeservicedviatheinternet,which createsabigshiftindataand networkingrequirements.
Anotherbigdecisioniswhich technologyprovidertogowith.With somanyoptionsavailableitcanbe challengingtodecidewhichoneis rightforyourbusiness.Forexample, doyougowithMicrosoftAzure, AmazonWebServices(AWS)oramix ofthetwo?It’seasytogetdistracted byservicefeatures,soit’simportantto keepfocusedonthebusinessoutcomes you’retryingtoachievewhengoing throughthevendorselectionprocess.
Withallthebenefitsthatthecloud offersintermsofcostsavings,agility andinnovation,itcanalsoexposeyour businesstoincreasedsecuritythreats.
WorkingwithaManagedService Providerwithstrongcredentialsin securitycanhelpyoutolockdownany potentialvulnerabilitiesinyour network.
Ifyoudecidethatworkingwitha ManagedServiceProviderisrightfor yourbusiness,lookforapartnerwith demonstrableexpertiseinarchitecting, implementingandmanagingcloudbasednetworkinfrastructuresand applicationsthatcanflexwithyour business.Theyshouldalsooffera securityportfoliothatsupportsboth publicinternetandprivatenetworking environments.
ManyITdecisionmakerscome unstuckwhentheyselectservice providerswhodon’tinvestenoughin cutting-edgetechnology.Eventhough ITservicesareoftenviewedasa commodity,workingwithapartner whocanpredictwherethemarketis goingcanreallyhelptotransformyour business.
There’snothingworsethaninvesting timeandmoneyintechnologythat becomesobsolete.Workwithsomeone whohasastrongreputationin deliveringmarketleadingtechnology indatacentres,datasecurityandcloud basedservices.
TherightMSPwillbemuchmorethan asupplier They’llbeanextensionto yourITteam;atruepartnerwho’s committedtodeliveringoutcomesand ishappytosharetheriskofthe
As the CEO of Enablis Pty Ltd, Jon leads a passionate and focused team delivering Managed IT Communication and Cloud Services to mid-sized organizations in Australia and New Zealand.
A 25-year industry ICT veteran, in 2006 Jon founded the Australian business for Sirocom Ltd, a leading UK Managed Virtual network operator (MVNO) that later became Azzurri Communications Pty Ltd.
Eleven years on, John has grown Enablis, the Australian division of Azzurri Communications, from one employee to over 50 employees with offices in Sydney and Melbourne.
His zeal and vision to deliver smarter ways for organizations to procure and operate complex communication estates coupled with his experience in leading and driving a strong business culture focused on doing “right by the customer” have resulted in Enablis winning multiple industry awards for growth and service quality every year for the past six years.
Prior to Enablis, Jon held Senior Partner roles at major carriers such as Verizon and Optus where he helped develop and grow key integrator relationships in Europe, and later on, in Australia. Before that, he worked at Cabletron and 3Com.
Jon has sat on and assisted in technology steering panels at St Vincent de Paul. He has a passion for helping and getting involved in raising awareness and donations for a number of charities focused on homelessness and under privileged youth.
technologydeployment.Muchlikeanyrelationship,agood partnershipisbasedonchemistry,transparency,shared goalsandmutualrespect.Mostimportantly,youneedtobe certainthey’vegotyourback.
WorkingwithanMSPwhospeaksyourlanguageisvital. Thismeansthattheyshouldknowyourindustryand ideally,alreadyhavecustomersinyoursector.Eventhough everybusinessisunique,there’salottobesaidforworking withserviceproviderswhounderstandyourbusiness objectivesandtheriskprofileyou’retryingtomanage.
Inmyexperience,ITbudgetsaregenerallyflatorfalling, whereasdemandforhighprioritystrategicprojectssuchas migratingtothecloud,isonlyincreasing.Thismeansthat ITdecisionmakersareoftenunderincreasingpressureto achievemorewithless.
WorkwithanMSPwhocanhelpyoudeployyourbudget andresourcesmoreeffectively;whocanbuildabusiness caseforyouandbackitupwithhardnumbers.Ultimately, theyneedtoconvinceyouandtherestofthebusinessthata cloudstrategyisgoingtodelivermeasurableimprovements toyourbusinessbeforeyoubringthemonboard.
Jon Evans CEO Enablis Pty Ltd
We,ashumans,are completelydependent upontheinternet.When wewanttolistentoasong,store data,orevenwhenwewanttobuy somestuffforourhouseholdneeds, weturntowardstheinternettofulfill ourneeds.
Thewebworldevenpossessesthe abilitytostoreidentificationdata includingfingerprints,irisscanand others.Butthankstoattackers, nowadays,mostofourdataisupfor sale,mostdefinitelyonthedarkweb. Shockinglyourwholeonlineidentity
canbeboughtforaslowas$1,170. Thisincludesaccountsanddatafrom 11differentgroups;fromonline shoppingtoentertainmentservices, topersonalfinancesaccountsand datacategorizedasproofofidentity.
EnterPreySoftwareasamultiplatformanti-theftmanagement solutionthathelpsbusinesseskeep theirmobiledevicefleetsanddata secure.Thisisdonethrougha mixtureofAnti-Theftanddevice managementtools.
Inanutshell,Preyconsistsoftwo parts.Theagent,installedonlaptops, phones,andtablets,andthepanel. Onceitsclient’sfleetiscoveredwith theagent,everythingismanaged onlinethroughthewebsite’spanel,to whichtheusersignsin.
Thereuserscanorganizethefleetby labels,setupControlZones (geofencing)tomonitormovement onareaswheredevicesshouldenter orshouldn’texitandtracktheir locationgloballytokeepaneyeon allassets.
Ifsomethinggoeswrong,theuser willactivatePrey’strackingmode,or ‘MISSINGmode’,whichturnsPrey
intoanevidencegatheringmachine. Theplatformgeneratesreportswith pictures,location,nearbyWiFi networks,hardwarechanges,and moredatacriticaltotheretrievalofa device.
AMassivelyExperiencedLeader
CarlosYaconi,Prey’sFounderand CEO,kick-startedtheproject’s globalexpansionandevolution togetherwiththeinitialfounderof theLinuxapplicationTomásPollak. ThispartnershiptookPreytoa worldwidereleasein2010,which quicklyescalatedbecomingthefirst globalmulti-platformanti-theftapp.
CarlosstudiedComputerScienceand InformationTechnologyat UniversidadDiegoPortalesandisan innovationgraduateofUniversidad delDesarrollo.Hisworkasan entrepreneurgoesfurtherback, havingfoundedtwopriorcompanies: Nectia,softwaredevelopercompany, andBizware,adatabaseservice provider.Inhissparetime,youcan usuallyfindCarlostrainingasa ‘workinprogress’guitaristor listeningtoPinkFloyd.
TacklingtheCompetition
Currently,Preyisworkingonits
user-focuseddevelopment.Itsofferanditsfeaturesare constantlybeingdevelopedfortheuserspecificneeds, makingwayforasturdierproduct.Thecoreofthis conceptistoadaptandgrowPrey’ssolutionstoreal needs,withpriorknowledgethatensuresthefeaturesare aresultofanissue,nottheotherwayaround.
Prey’sclientshaveadirectlinetothesupportteam, whichispromptandreadytotackleanychallengesand toguidetheclient’sexperienceacrosstheplatform. GreatvalueonPrey’ssupportcomesfromacombination ofactiverelationshipswithitscustomers,andquick assistancefromthedevelopers,whichgiveuser-fixesa highpriority.
However,that’snottheendofit.Toenrichthis relationship,thecompanysharesitsadviceonsecurity withthem,Preyalsoassistsitsclientswhenfacing threats,andkeepsanopenlineforanysuggestionsthey couldneedsecurity-wise.
Intheverybeginning,Preypioneeredthisfightagainst technologyandgadgettheft,beforeserviceslike‘Find myiPhone’evenexisted,andeventodaythe organizationiswitnessingthegreatbonditcreated betweenitselfandthepublic.
What’smore,theftisaproblemthat’stoughtobeat,and nobodylikestofeelhelplessagainstit.That’swhere Preycomes-inforaid.Thedifferenceisthatitdoesso butnotbytakingtheloadandbecomingthehero,quite theoppositeactually;Preylookstoempoweritsusersby givingthemthetoolstheyneedtobecomethehero.
Thisgreatuser-developerrelationshippushesthe companyforwardconstantlywithnewproblemsto tackle,andnewopportunitiestoprovidethehelpusers need.
There’sagreattopic,securityservicesshouldkeepan eyeonforatleastacoupleofyears:IoT,ortheInternet ofThings.Mobileenvironmentsarecurrentlyhyperconnected,butwithIoT,thisisgrowingexponentiallyto thepointwhereconnectabledeviceswillcomeinall shapesandsizes,withextremelydifferentutilitiesand littleregulation.
HowPreysecurestheseIoTdevices,andthe environmentstheygenerate,areconcernsthatcurrently
challengethesecurityindustry.Thelackofsecurity standardsamongthesedevicesprovidesachallenge, especiallywhenoneneedstointegratethemtoanetwork withoutmakingitvulnerable.Furthermore,IoTwill clashwithIT’scurrentheadache:BringYourOwn Device(BYOD)controlandpolicies.Whencombined, bothissuescanescalatetheneedforacontrollingfilter.
Withthisinmind,Preyhasmanychallengestofocus upon.Currently,theorganizationisinvestigatingonthe subjecttounderstandthescopeofthesecurityissue,and howanintegrativeplatformcouldaidmobiledevice securityandmanagementtocoverthelackofprotocols andstandards.
Weliveinaworldwhere almosteveryfacetofour livesisconnectedtothe internettosomedegree.Unfortunately, thisubiquitousrelationshipwiththe onlinerealmisanincreasingly attractivetargetforindividualsand groupswithillintent.
Cyberattackshavebecomeoneofthe biggestnuisancesandmostpotent threatsthatindividuals,organizations andgovernmentshavetocontendwith today
IntothisscenariocomesSeceon,a companyfocusedonempowering organizationstorecognizecyber threatsclearlyandquickly,prevent damageusingsurgicalcontainment, andtopredictinsiderattacksthrough behavioralthreatdetectionmodeling andmachinelearning.
ItsinnovativeOpenThreat Management(OTM)Platformgives MSSPsandEnterprisestheabilityto detect,containandeliminateallknown andunknownthreatsinreal-time.
Theplatformusespatent-pending predictiveanalytics,machinelearning, anddynamicthreatmodelsto automaticallygeneratethreatalertsin real-time,givingITteamsthecapacity torespondbeforecriticaldatais extractedanddamageisdone.
Seceon’sOTMPlatformproactively closesthethreatloop.Itisthe industry’sfirstandonlyfullyautomated,real-timethreatdetection andremediationsystem.
ChandraPandeyistheFounderand CEOofSeceon.Heisanexpertin datacenterarchitectureandhighly scalablenetworksolutions,anda provenbusinessleaderwithmorethan 20yearsofexperiencedevelopingand marketinginnovativetechnology solutions.
BeforefoundingSeceon,hewasthe GeneralManagerandVicePresidentof PlatformSolutionsatBTISystems.He ledaglobalteamthroughthecreation, developmentandlaunchofIntelligent SecureCloudConnectPlatformto morethantwentyWeb2.0-focused customerdeploymentsinlessthan18 months.
Hehasalsoheldseniorleadershiproles atJuniperNetworks,Internet Photonics,Lucentand3Com.Chandra isaninspirationalleaderwho empowershisteamtotakeonthe continuously-evolvingcybersecurity challengesbusinessesface,creatinga newmarketcategoryintheprocess.
Fromtheverystart,Pandeyknewthat heneededtalentedindividualswith passionanddrivetocreatetheOTM Platform.Hissolutionwastohire someofthebestmindsineveryfield Seceonwouldbeinvolved-Machine Leaning,AI,BIGDataPlatform, Networking,SecurityModelingand UserExperience.
TheSeceonteamfindsitsfocusfrom thecompany’smotto,“Cybersecurity DoneRight.”
Itprovides Comprehensive Visibility: Real-timevisualizationofallservices, applications,usersandhostsandtheir interactions; Proactive Threat Detection: Detectionofknownand unknownthreats; Automatic Real-Time Threat Remediation: Eliminationand containmentofthreatsinreal-time;and Reporting and Compliance: Assistance forHIPPA,GDPR,PCI-DSS,NIST, andISOwithreal-timemonitoring.
AccordingtoSeceon,thereisnoother platformintheindustrywhich currentlyhasthesecapabilities,butit acknowledgesthatotherswillsoon
followitslead.Hence,thecompanyworkscloselywith partnersandcustomerstomaintainitsadvantageand continuetodelivertheinnovativeandeffective cybersecuritysolutionsforwhichitisknown.
Seceon’splatformisuniqueinitsabilitytohandlemillions ofinputsfromlogsandflowsandcorrelatingtheminto actionablealerts.Organizationscanchoosetoprogram automaticresponsestothesealertsoroptforsingle-touch humanintervention.
Becauseofitsabilitytoscaleatspeed,theplatformcan processdatainreal-time,updatingandactivatingthese modelswithinminutesthroughadvancedcorrelationwith intelligentapplicationofmachinelearningandAIwith actionableintelligence.
Theorganization’sin-memory,fastanalyticsprocessing enablesamoreglobalapproach,ingestingandanalyzing datainreal-timewhilecorrelatingitwithinformationabout existingthreatsandzero-dayexploits.Inthisway,it deliversprioritizedthreatalertstoIT/securityanalystsor MSSPSOCstaff.
Being100%channel-driven,Seceonputssignificant emphasisonitsrelationshipwithclients.Thecompany’s goalistoempowerthemtobesuccessfulsotheycan dominatetheirrespectiveniches.
Overtime,Seceonhaslearnthowtobetteridentifypartners thatareequallyvestedinthegoalsitistryingto accomplish.Inthatrespect,Seceonconstantlyuses feedbackfromitspartnerstoimproveitsprocesses,sharpen communications,andsimplifyonboarding.Thisenhances theentirepartnerexperiencefromintroductiontodemoto trialtotrainingand,finally,toimplementation.
Seceon’sMSSPprogramisaimedatchannelpartners deliveringmanagedsecurityservicestoFortune5000 organizationsandSMBs.OTMwasbuiltusingdynamic threatmodelengines,machinelearningengines,and proprietarypredictiveandbehavioralanalytics,toprovide whatSeceonreferstoasavirtualSOC.
MSSPspartnerwithSeceonbecauseitssystemreducesthe numberofalertsperclientandmakesavailabletheright informationwhenanalertisprocessed;bothfactorsreduce costs.Thereisalsothecompetitiveadvantageofbeingable toprovideincreasedbusinessassurancetoclientsby detectingthreatsearlierandwardingoffattacks.
Founder & CEO
MSSPsexpecttobeabletomonetizethiswithvalueadded serviceofferings.
Astheworldbecomesmoreconnectedandsystem complexityincreases,cybersecurityplatformswillhaveto contendwithincreasinglysophisticatedattacks.Attackers haveaccesstomorecomputingpowerandhavedeveloped theabilitytogoafterbusinessesofanysize,butfocus particularlyonsmall-andmedium-sizedenterprisesthatare notaswellprotected.
Traditionalsolutionsandservicesfromlargevendorscan neithercombatthisincreasingsophisticationofcyber threatsnorcoulddetectbetweenperimeterandendpointsto therequiredlevel.
Forcybersecuritysolutionstobesuccessfulinthese environments,itiscriticalthattheyruninreal-timeand havetheabilitytotakeimmediateactiontoeliminate problems.Visualization,speedandscalabilityaremusthavecharacteristicsofaneffectivesystem.
Seceon’splatformrunsinreal-time,hastheabilitytoview theentiresystem,andcanbeappliedbyenterprisesofany size.
Seceonwillcontinuetoinnovateandexpanditsplatform, investinginanapproachthatbringstogethermachine learningandanSaaSmodel,tostayonestepaheadofthe challengesofthefuture.
Theriseincyber-crimesisoneofthemaincausesof
Datacenteroutages.Aspertherecentsurvey conductedbyindustryinsiders,cyber-crimecaused 22percentdatacenteroutagesin2015opposedto2percent outagesin2010.Addingtoallthese,nowmostofthedata centersarere-evaluatingtheirsecuritypoliciesafterthe recentWannaCryransomwareattack.
Datacenteroutagescausecompaniestolossrevenuein manyways.However,thecostliestlossisservice interruptionandlossofITproductivity.So,the organizationsarenowrealizingthattraditionalsecurityis nolongersecureenoughtosecureanydatacenter Arecent studyhasfoundthat83percentoftraffictravelseast/west withinthedatacenter,whichstaysundetectedbythe
perimetersecurity.Inthisenvironment,whenanattacker infiltratestheperimeterfirewall,thencanjumpacrossthe systemwithease,extractinformationandcompromise valuabledata.Additionally,datacenterscanfaildueto trespassersoraterroristattackorbynaturalcalamities.
So,howcanonesecureadatacenterinthebestway possiblefromanykindofcyberthreat?Don’tworrywe’ve gotyoucovered,withthepointsbelow.
Asthefirststep,oneshouldMaptheDataCenterandflag thehackerswithinthevirtualandphysicalinfrastructure. TheCSOsandCIOswithasystemmapoftheirsystems canreacttoanysuspiciousactivityandtakestepstostop databreaches.Beingabletovisualizedifferenttraffic patternswithinanetworkhelpstounderstandthreats,that eventuallyelevatesthelevelofsecurity
Understandingandmeasurementoftrafficflowwithin thedatacenterboundaryareveryimportant.Inthecaseof anyinterruptionintrafficacrosseast/westvsnorth/south, protectedvsunprotectedonecangettoknowaboutathreat. Additionally,vulnerablezonesandunprotectedtrafficneed tobemonitoredforabetterresult.
Firewallrulesneedtobedefinedandimplementedasper requirements.Additionally,oneshouldallowtrafficonly afterthoroughverificationandselectivelyallow communicationtoensuremaximumprotection.Thekeyis toidentify,what;slegalandsecuredandwhatcanbe blockedtoenhancesecurity.
OneneedstoBuildaTeamwithexecutiveswho understandhowtrafficflowswithinthepremisesandcan access&secureinformation,takenecessarymeasuresto secureimportantassetsalongwiththeimplementationof roadblocksfortheattackers.
Securitymustmoveasfastasadatacenter’stechnology adoptionandintegration.SecurityStrategyShould ChangeAlongsidetheTechnologyanditshouldnotbe treatedasanadd-onoption.Additionally,businessesalso shouldensurethattheirvirusprotection,signaturesother protectionfeaturesareuptodateforbetterprotection.
BusinessesshouldIdentifyandPlaceControlsoverhighvalueassets,whichwillhelptoreducerisk.However,older securitysolutionsarecompletelyblindtonewthreats,new securitycompanieshaveproducedlatestsolutionsthat protectdatainthevirtualworld.
AccessRestrictionalsoneedstobeimposed.Every businessshouldthoroughlycheckaperson’sbackground beforegivingtheaccesstoaprizedpossession.Accessto themainsiteandtheloadingbaymustbelimited,
additionally,two-factorauthenticationsandfortified interiorswithsecurityguardsandrovingpatrolswouldhelp tosafeguardtheemployeesandthedatacenter
InstallingSurveillanceCamerasaroundthedatacenter, alongsideremovingsignswhichmayprovidecluestoits functionhelpstolocateanintruder.Abufferzonebetween thedatacenterandalltheentrypointswilllimitunlawful trespassingtoagreatextent.Additionally,thedatacenter needstobefarawayfromthemainroadanditshouldnot haveanywindowsotherthanadministrativepurposesfor bettersecurity
AdatacentershouldCheckTestBack-UpSystems regularlyasprescribedbythemanufacturer.Itshouldalso ensuretomakealistandofDo’sandDon’tsintheeventof anattack.Recoveryplansandsecurityplansalsoneedtobe checkedthoroughly
DatacentersarealwaysaSoftTargetforTheTerrorists, asanattackonthemcandisruptanddamagemajorbusiness andcommunicationinfrastructure.So,securityneedstobe takenseriouslyandtodothatproactivestepsshouldbe takentolimittheimpactofaterroristattack.
TrainedSecurityGuardsneedstobepostedinsideadata centerandtheyshouldbewelltrained.Securityofficers mustundergostrictsite-specifictrainingtomonitor surveillancefootage.Dependingonthesizeofdatacenter andthenumberofsecuritycamerasmultiplesecurity officersmayberequiredonduty. Securityofficers dedicatedtoinspectingsurveillancefootagehelpswhenit comestosecuringadatacenter
DisasterRecoveryisverymuchimportant,thatmustbein place.Ifthedatacenterstopsfunctioningafteranattackor naturalcalamity,itmusthaveawaytorestoreoperationsas soonaspossible.Tobereadyforadisasterandtoevaluate thedisasterrecoveryplan,it’snecessarytotrainstaffswell andexperiencesimulateddisasters.
Toavoidtheseobstacles,oneneedsafairbitofknowledge ofnewsecuritysystems,solidplans,andcomprehensive visibility.Themoreworkadatacentercandoupfrontin theabove-mentionedareasthebetterthechancesofsuccess withlesseroutages.
Nowadayscybersecurityismore importantthaneverforevery business.Cybersecurity professionalsexistinanincreasingly complexworld.Asthecyberthreat landscapeevolves,anewcyberarms racehasbrokenoutthatplaces organizationsandtheirsecurity solutionsinthecrosshairsofagrowing globalcriminalindustry
Cybercriminalsareincreasingly turningtohighly-effective,advanced cyberweaponssuchasransomware, infostealers,IoTexploitsandTLS/SSL encryptedattackstotarget organizationsofallsizesaroundthe world.
TheInceptionStory HeadquarteredinMilpitas,CA, SonicWallwasfoundedin1991.The companywantstohelporganizations protecttheirnetworksandsensitive datafromadvancedcyber-attacks.
SonicWallprovidessmall-and medium-sizedbusinessesand enterprisesworldwidewithreal-time breachdetectionandprevention solutions.Itssecuritysolutionshelp organizationsrunmoreeffectivelyand securelyintoday’sriskycyber landscape.
Thecompanyregularlyupdatesits producttoprovideseverallayersof defenseagainstcyberthreattrends identifiedbytheSonicWallCapture LabsThreatResearchTeam.
TheExperiencedLeader
Withacareeracrosshigh-tech industriesspanningmorethan30 years,BillConner,Presidentand CEOofSonicWall,isacorporateturnaroundexpertandgloballeaderin security,dataandinfrastructure.
Hebeganhisleadershiptenurewith SonicWallwhenthecompanybroke offfromDellinNovember2016. Connerhasabachelor’sdegreein mechanicalengineeringfromPrinceton University,andanMBAfromthe WhartonSchooloftheUniversityof Pennsylvania.
Astaunchsupporterofpublic-private cybersecuritypartnerships,Conner regularlyshareshisexpertisewith globalfinancial,enterpriseand governmentleaders.
Hehasintroducedaclearplanfor strengtheningSonicWall’sdistribution channelandimprovingitsrateof innovation.Thisstrategyhashelped thecompanyexceedeverygrowthgoal itsetforitself.Withinoneyearunder
Conner’sleadership,SonicWall surpassedfinancialandoperational goals,delivering.
Ÿ Recordpartnerregistrationsof morethan18,000globalchannel partnerswith5,000newpartners
Ÿ Strongpipelinegrowthwithover $330Minnewpartnerdeal registrations
Ÿ Keyserviceimprovementswith 80%reductioninwaittimes
Ÿ Anewglobalmarketingcampaign
Ÿ Recordnewproductreleases
ExclusiveArrayofServices
Mostfirmsoffertheproductsof companieswithwhichtheypartneras thebestsolutionforalltheirclients.At SonicWall,theexpertiseoftheir consultantsistheirlargestasset, allowingthemtooffertheverybest solutiontotheirclient.Thecompany’s industry-specificsolutionsinclude:
Ÿ
SonicWallNext-Generation Firewalls:WhentheCaptureLabs threatresearchersnotedarisein malwarehidingwithinSSL/TLS encryptiontoevadefirewalls,they developedabroadrangeofnextgenerationfirewallsthatcaninspect SSL/TLS-encryptedtrafficwithout slowingnetworkperformance.
Ÿ
CaptureAdvancedThreat Protection(ATP)Service:In responsetothegrowingnumberof advancedpersistentthreats, SonicWallintroducedtheCapture AdvancedThreatProtection(ATP) service;acloud-based,multienginesandboxdesignedto discoverandstopunknown,zerodayattacksatthegatewayand
In the cyber arms race, knowledge is our most powerful weapon.
Ÿ
provideautomatedremediation.
CaptureCloudReal-TimeDeepMemoryInspection TM(RTDMI ):Tohelpcustomersidentifyandmitigate deceptivememory-basedthreatsandfutureMeltdown exploits,theyunveiledthepatent-pendingSonicWall CaptureCloudReal-TimeDeepMemoryInspection TM(RTDMI )inFebruary2018.
Ÿ
SonicWallSecureMobileAccess(SMA)Appliances: Tohelpcompanieswithmobileworkforceskeeptheir hybridITenvironmentssecurewhileprovidinga consistentexperienceforauthorizedusers,SonicWall releaseditsSecureMobileAccess(SMA)appliances thatprovidegranular,singlesign-on(SSO)access control;context-awareauthorization;fileinspectionina multi-enginecloudsandbox;andeasyintegrationwith enterprisemobilitymanagementsolutions.
Ÿ
SonicWallEmailSecurity:Designedtomakesecure andcompliantemailaccesseasier,SonicWallEmail Securityisanext-generationemailsecurityplatform thatscansawiderangeofemailattachmenttypes,then analyzestheminacloud-based,multi-enginesandbox andblockssuspiciousattachmentsuntiltheyare reviewedbyanauthorizedadministrator
SonicWallthrivesonacultureofopeninformationsharing.
Thisrangesfromthereal-timealertsandthreatinformation sharedbyCaptureLabs,tothecustomerserviceteam’s systemizedsharingoffeedbackwithotherlinesofbusiness, totheongoingeducationofpartnersandemployeesthrough SonicWallUniversity,toCEOBillConner’sleadershipon cybersecuritytrendsandlegislation.
Thecompanybelievesthatonlybyhavingareal-time understandingofthecyberthreatlandscapecanone developandimplementbestpracticesandinnovative solutionsthatwork.
SonicWall’sindependentstatushasgiventhemtheabilityto moveswiftlyonintelligencegatheredbytheCaptureLabs ThreatNetwork.Thisallowsthemtoinnovateandrelease productsandservicesthatareuniquetotheindustry,and thesehavealreadyproventhemselvesinthefieldby protectingcustomersagainstthreatsrangingfrom ransomwaretoMeltdown.
ItisnotonlySonicWall’sinnovativeproductsthatsetit apartfromthecompetition,buttheirdistributionstrategy, too.SonicWallmovedtoa100-percentchanneldistribution modelandlaunchedtheSecureFirstPartnerProgram,which quicklyaccumulated$330millioninrevenueandmorethan 18,000globalpartnersin150countries.
Bill Conner President & CEO
ThissuccesswassupportedbythelaunchofSonicWall University,arole-basedtrainingandenablementresource forpartnersandemployees.
Toempowerandeducatetheirpartners,SonicWallensures eachcustomerhasaone-to-onerelationshipwithacybersecurityexpert. TheyrecentlylaunchedaCustomer SupportPortalwithomni-channelservicecapabilities.
Thecustomerservicedepartmentsharesthefeedbackand insightscustomersprovidewiththeappropriatelinesof businesswithinSonicWalltodriveimprovementsin training,communicationandproductdevelopment.
Asaresultoftheseandotherefforts,customersconsistently rateSonicWallsupportagentsabove89percentfor responsiveness,technicalknowledge,andprofessionalism. Theyalsoreportan85percentself-servicesuccessrate.
Asacompanythatbasesitsproductstrategyonadatabasedunderstandingofthenextwaveofcyberthreats, SonicWalliswell-positionedtohelpcustomersweather them.
Theyhavealreadystartedseeingmorecompanies implementingadvancedthreatprotectionsolutions, SSL/TLSinspectioncapabilitiesinfirewalls,andsolutions gearedtowardstoppingmemory-basedexploits.
SonicWallhopestoalsoseemorewidespreadsharingof informationacrosstheindustry.Manyvictimsstillfear beingstigmatizediftheyrevealtheyhavebeenbreached, butsharingthisinformationcanhelpensurethatother
TinfoilSecurityhasafounding teamofMITandintelligence communityalumni,with extensivebackgroundsinsecurity acrossmanyorganizationsaroundthe globe.Theorganizationbuilds cybersecuritysolutionswhichscale, forlargeenterprisecompanies.It streamlinestheclient’ssecurityneeds withtoolsthateasilyintegrateintoany DevOpsprocessorSDLC.Tinfoil’s technologyempowersitsclients’ DevOpsanddevelopmentteamsto becomethecriticalfirstlineofdefense, therebyincreasingbandwidthfor securityteamstoprioritizeand enhancemorestrategicsecurity initiatives.
TinfoilSecurity’senterpriseofferings includeaccesstoamultitudeoftools thathelpintegratesecurityintoits clients’DevOpsprocess.
Backin2011,TinfoilSecuritywas foundedbyAinsleyBraunand MichaelBorohovski.Sinceitslaunch, theorganizationhasprovidedsecurity solutionstonumerouscustomers, ranginginsizefromSMBstothe Fortune100.
AinsleyistheCEOofthecompany andmakessuretoinstillacompany culturethatpridesitselfoncommunity andgivingback.Thisisreflectedinthe contributionsmadebyitsengineering teamtoopensourcetheircode, wheneverpossible,totheglobal communityinthebattlefor cybersecurity Ainsleyrealizedthatshe wantedtobealeaderandinnovatorin thecybersecurityindustryduringher timeconsultingwithBoozAllen Hamilton,wheresheworkedupon graduatingfromMIT.Asamemberof theirStrategicTechnologyand Innovationdivision,shehasworked primarilywithUnitedStates DepartmentofDefense(DoD)clients.
MichaelservesastheCTOofthe organization.Histechnicalabilities
havehelpedtheorganizationcreatea superiorproductthatisonthecuttingedgeoftoday’scybersecurityneeds. Michaelisphenomenalatstartingand buildingrelationshipswithanyonehe meetsandhasplayedanintegralrole ingrowingandclosingtheTinfoil Securitysalespipelineaswell.His purepassionanddeepknowledgeof thecybersecurityindustryhasallowed himtooftenplaythetrustedadvisor roleforTinfoilSecurity’scustomers, wholeanonhimfordirectionand adviceforprotectingtheirsitesandIP.
TinfoilSecuritycurrentlyofferstwo products;WebScannerandAPI Scanner.
Ÿ
WEB SCANNER: TinfoilSecurity knowsmostCISOsatenterprise companiesdeploretheircurrent securitysolutionsorarejusttoo jadedtoevendealwiththirdparty integrators,especiallyforscanning webapplications.Tinfoilchecksfor over70classificationsof vulnerabilities,includingthe OWASPTop10WebApplication SecurityRisks,andisalways addingmoreasnewzero-day vulnerabilitiesarediscovered.The productscanseachtimeanew versionacustomer’ssiteis deployed,andcanalsologintoany
website,includingSAML/SingleSign-On authenticatedsites.
Ÿ API SCANNER: TheTinfoilSecurityAPIScanneris abletodetectvulnerabilitiesinalmostanyAPI, includingweb-connecteddevicessuchasmobile backendservers,IoTdevices,andwebservices.Thefew toolsthatarecurrentlyavailablelackcoveragedepthin APIsecurityorarefocusedonactingasafirewallor unintelligentfuzzer Vulnerabilitiesfocusedon authorizationandaccesscontrolconcerns,orevenweblikevulnerabilitieslikeXSS,manifestindifferentways andwithdifferentexploitationvectorsthantheydofor webapplications,andtheTinfoilSecurityAPIScanner takesthatintoaccount.
Intheearlyyears,Tinfoilwasfocusedexclusivelyon SMBs,becauseofitbeinganunderservedmarketwhich sorelyneededhelpwiththeirapplicationsecuritytooling andprocess.AsthecompanygrewandgainedSMBmarket share,itdiscoveredthatenterpriseorganizationsactually hadverysimilarproblemsandlackedsolutionstobridge thegapbetweenthevastlyincreasedspeedofdevelopment andtheirrelativelysmallersecurityteams.Theorganization quicklyrealizedthatinordertosteerTinfoilSecurityinthe directionofbecomingagloballycompetitiveplayerinthis space,ithadtoswitchitsfocusintotheenterprise.This strategyledthecompanywellintoprofitability,whilestill maintaining,supporting,andsellingtotensofthousandsof customersintheSMBmarket.
TheprofitabilityturnoverwasinlargepartduetoTinfoil’s abilitytoadaptandimplementaninnovativestrategy,while leadingwithanagilesalesandoperationsprocesswithin thefirm.Theorganizationmadesuretokeeptrackofand providesuperiorsupporttoeachandeverycustomer,even astheyreachedthetensofthousands.Throughthis involvementwithcustomers,thecompanydesignedits productforbetterUIandUXfunctionality,makingit seamless,integrated,andusableforDevOpsteams.
TinfoilSecurityhasjustlauncheditsAPIScanner,andwill befocusingoneducatingCISOsonTinfoilSecurity’s
patent-pendingtechnology.Builtfromthegroundup, Tinfoilprovidesanintegral,fullydevelopedtoolthat CISOscanusetobringtheirdevelopersandDevOpsteams intotheircybersecuritystrategytobuildhighlysecure products,easingtheirburdenandincreasingefficiency.This isincontrasttothefewcompetitivesolutionsthattakeweb scannersandhavejury-riggedthemtoactasanAPI scanner,lackingcoveragedepthinAPIsecurity.Theonly otheroptionsarethosefocusedonactingasafirewallor unintelligentfuzzer Tinfoil,instead,focusedonsolvingthe problemasitsownproblem,ratherthanrehashingwhatit alreadyknew TinfoilSecurityworkscontinuouslyto improvethestatefortheindustry’stoolsincombating attackersaroundtheworld.
Michael Borohovski Co-founder & CTO
