By Brian Pereira, Editor-in-Chief, CISO MAG

FireCompass was founded in 2019, and its offices are located in Bengaluru, Boston, and New York. Its co-founders are Bikash Barai, Priyanka Aash, and Paul Dibello. They have yet to publicly announce their recent funding series.

The Indian co-founders met at IIT Kharagpur (as students) and their idea took root there, with the launch of their first venture. Bikash Barai, Co-founder of FireCompass spoke to CISO MAG and revealed how the company was founded, and its journey through the years.

Automating Ethical Hacking

“In those days, hacking was about people writing scripts, and it was more of a manual process. Few people were into hacking, so this activity was confined to small groups,” said an amused Barai. “And we launched a company with the vision to automate ethical hacking. After we built this automated ethical hacking product, we began receiving awards from Intel, UC Berkeley, Homeland Security, U.S. Navy, etc. So, we got a lot of recognition. But we faced a challenge; we noticed that not too many people were buying our product. We realized that it was much ahead of the times in terms of automating ethical hacking. And this was two decades ago.”

The irony was that the product was receiving many awards, but there were few customers for it. So, the co-founders reached out to the alumni for advice. The response they received gave them a business idea.

“An alumni member said, I would love to buy this product, but I don’t have anyone to run it for me,” said Barai. “So, we thought, why not we run it for you. Instead of giving away the product, we can host it and run the product for our customers. And that’s how it became a SaaS offering. In fact, we were one of the first SaaS companies from India.”

That move paid off, and the response improved. The company raised a round of funding from IDG Ventures. It grew steadily soon after and bagged 100 global customers. Cigital then acquired it. The co-founders continued to run the business, which continued to grow. Barai informed us that 18 out of the top 20 U.S. banks were using its products and services. Eventually, Cigital was acquired by Synopsis. Their product became the engine for Synopsis’ cloud-based testing. And that was the first innings for FireCompass and its co-founders.

The Next Phase

After spending two years at Synopsis, they were again bitten by the entrepreneurial bug and started thinking about their next product. What was the next problem to solve?

“We noticed something very interesting, and very strange. We saw a top financial services company getting breached because they had an open database without any password. And we were very intrigued because we knew that this particular company is highly mature. They have the best tools and the best folks working for them. We wondered why they missed that. Moreover, many other such companies were getting breached. We noticed the same pattern – they were getting breached because of some very simple stuff. And once we dived deeper, we noticed that this particular database that they were using, which got compromised, was made online by the marketing team, without the knowledge of the central IT.”

Well, doesn’t this problem sound familiar? They call it shadow IT. Business units helping themselves to cloud services or creating their own products without the approval of the IT team. That’s a recipe for a security disaster.

“This new problem was not there a decade ago (before the cloud era). And you have to blame it on rapid cloud adoption, digital transformation, distributed teams, and agile teams who have got this autonomy to create things on their own. Ten years ago (before cloud), anything that had to go online had to go through IT; you did not get access to a public IP easily. But today, anybody can spin up a new asset (virtual machine), there can be new API integrations, and many new applications getting created,” said Barai.

This was clearly a problem to be addressed, and an opportunity for Barai and his company. The second problem was the limitation of the first-generation testing tools.

First generations tools or Testing 1.0 Tools could only test known systems. One had to input the IP addresses or the application URLs to test assets. So, in plain speak, these tools can’t test what they can’t see. If you do not have complete visibility of all your assets, you can’t test them.

And then there was another problem with testing, or rather, the shoddy manner in which organizations were testing their assets.

The Need for Continuous Testing

“Red teaming or penetration testing exercises are done intermittently, a few times a year. And not all the assets were tested. So, organizations are testing some of the assets some of the time, whereas hackers, the ransomware guys, the nation state actors — they’re attacking all the assets all of the time,” said Barai.

To add to that, there is inadequate cybersecurity talent in the industry. Organizations cannot scale up their testing or do continuous testing just by hiring more people.

“We believe Testing 2.0 is the future of testing, where we are continuously discovering all our assets. And we are continuously testing all our assets. So, testing has to move from that point in time to continuous. Continuous discovery of assets and continuous testing has to be automated. And it has to be continuous,” said Barai.

And it is with that vision that they founded FireCompass.

How Continuous Testing Guards Against Attacks

FireCompass offers solutions for Continuous Automated Red Teaming (CART), External Attack Surface Management (EASM) & Ransomware Attack Surface Testing (RAST). It enables organizations to map out their digital attack surface, including shadow IT blind spots, by continuously discovering, indexing, and monitoring the web. The platform then automatically launches safe multi-stage attacks, mimicking a real attacker, to help identify attack paths before hackers do, continuously and proactively providing security. And that’s how continuous testing makes an organization more secure.

The Attack & Recon Platform of FireCompass continuously indexes and monitors the deep, dark and surface webs using nation-state grade reconnaissance techniques. The platform automatically discovers an organization’s external attack surface and launches multi-stage safe attacks, mimicking a real attacker, to help identify and prioritize vulnerabilities that are most likely to be attacked.

“We first go and index the entire internet, and we index the deep dark surface web, collect all that data and put it into a big data platform. And then, we analyze that data automatically using various algorithms. From absolutely zero knowledge, we build the hackers’ view of the attack surface or the map of the attack surface of all these organizations, and we do it on a near real-time basis,” informed Barai.

FireCompass is continuously monitoring its customers’ assets and discovering their attack surface. They look for new assets that are going online, such as databases or VMs, new open ports, new APIs, etc.

“We mimic various threat actors and do a mock ransomware attack or other types of attacks on an organization. This is a red teaming and pen test exercise. Finally, we give real-time alerts,” said Barai.

So, this goes much beyond offering reports, as we saw in first-generation testing. This is really the future of testing.

NetApp Excellerator Program

NetApp, a global cloud-led, data-centric software company, announced the graduation of its eighth cohort of the flagship startup accelerator program, NetApp Excellerator, on July 23. The eight business-to-business (B2B) tech startups, which all share a focus on deep tech, including artificial intelligence (AI), machine learning (ML), cloud, and data, graduated via a virtual demo day event yesterday.

Since its inception in 2017, the award-winning NetApp Excellerator program has received over 1,700 applications.

FireCompass was one of the eight startups in the eight cohort. Speaking about his experience in the program, Barai said, “The global exposure that you can get and the access to such great minds and their knowledge within NetApp, is very special. The knowledge that you can gain from the experts at NetApp is immense. The team has been very supportive and helps you come out of the program as a better & more efficient version of you. One of the key highlights of the program that we were personally excited about was the joint GTM opportunity along with NetApp. This program introduces us to their experts globally in NetApp and getting their help to create a strong combined GTM is very exciting for us.  Also, the paid proof of concept, which was an integral part of the program, helped in fine-tuning the offerings.”

The NetApp Excellerator program now moves forward with its ninth cohort.

About the Author

Brian Pereira is the Editor-in-Chief of CISO MAG. He has been writing on business technology concepts for the past 27 years and has achieved basic certifications in cloud computing (IBM) and cybersecurity (EC-Council).

The post How FireCompass is Shaping the Future of Security Testing appeared first on CISO MAG | Cyber Security Magazine.

SPONSORED CONTENT

The cyber gurus have for ages debated that there are a great number of tools available to aid pure information security, but when it comes to data governance or compliance frameworks, you can number them at your fingertips. Numbers suggest that a lot of companies still do their compliance auditing and analysis manually. Thus, hoping to revolutionize cybersecurity assessment and automate compliance audits and reporting, AJ Yawn and Jeff Cook came together to kickstart their new venture ByteChek.

It Takes Two to Tango!

Since his high school days, AJ Yawn, who grew up in Oceanside, California, has been an athlete at heart. He was an active member of his High School Basketball team and always dreamt of making it to the NBA. His dream looked within touching distance as he made it to the Florida State University’s team in his senior year. However, as destiny would have it, some critical injuries forced him on the sidelines.

But playing a sport teaches you to “Never Back Down.” And so, Yawn persevered. His grit and determination toward long-term achievement helped him serve in the U.S. Army for six efficient years. We call it efficient because this is where Yawn was introduced to the field of cybersecurity intelligence, which eventually shaped his entire career and mindset. His thirst for knowledge and inquisitiveness encouraged him to dig deeper into the field of cybersecurity assessments and audits, and the result of it is now for everyone to see.

His business partner and CFO of ByteChek, Jeff Cook, also matches the same wavelength. All thanks to sports. Cook himself is a qualified 4^th Degree Black Belt Karate champion. Taking reference to the “Karate Kid” movie, we are not sure if he is a Miyagi-Do fan or a Kobra Kai, but one thing is certain, like Yawn, Cook never shied away from any adversary. Be it his Karate Black Belt test or the CPA exam. He’s fought all the battles and emerged victorious every single time. This grit and motivation are what led to the foundation of ByteChek in November 2020, when the world was reeling through one of the greatest adversities of the current century – the COVID-19 pandemic.

 The Cyber-Aware CEO  

AJ Yawn is the Co-Founder and CEO at ByteChek. He is also a founding board member of the National Association of Black Compliance and Risk Management Professionals (NABCRMP). Yawn has earned six AWS certifications, including the AWS Solutions Architect-Professional and AWS Security-Specialty. Before ByteChek, He spent over a decade in the cybersecurity industry, both in the U.S. Army and as a principal consultant.

 CFO with Extensive IT Audit Experience 

Cook brings his information assurance and public accounting experience to ByteChek as a professional with over nine years of IT audit and consulting experience and over 20 years of public accounting and auditing experience. He has worked extensively on SOC in addition to providing IT audit support for traditional financial statement audits. Jeff is also heavily involved with the AICPA, volunteering with the development of the SOC and CITP programs. Cook was part of the SOC 2 working group, helping to develop the 2018 version of the AICPA SOC 2 guide, has developed numerous training for the AICPA, and is a prior recipient of the AICPA IMTA Standing Ovation Award for outstanding professional achievement in the IT specialization area. He is also a part of the AICPA CITP credential committee, the AICPA IMTA SOC task force, and the AICPA Eye on Technology task force.

The Kickstart

Both Cook and Yawn had been colleagues and had always dreamt of venturing together to start a compliance audit automation company because of Cook’s expertise in CPA and Yawn’s in cybersecurity. But last spring, when both men parted ways with their previous employer, things finally got serious, and Cook reached out to Yawn to materialize their dream team.

“I know it’s a global pandemic, but do you want to start this thing?” Cook remembers discussing with Yawn. The answer was a no-brainer for Yawn. “Yes,” he enthusiastically responded. The two rushed to the drawing board, and fittingly ByteChek was launched on Veteran’s Day as a gesture of Cook’s appreciation and respect for his Co-Founder Yawn, who served as a captain in the U.S. Army.

Let’s Check ByteChek

Cybersecurity processes can be overwhelming and laboriously time-consuming, even for the market’s more prominent players. However, to counter this problem and speed up the process of proving compliance, ByteChek has introduced a cloud-based SaaS solution to automate IT audits and streamline cybersecurity reporting. This platform fits well for companies of all sizes. The ByteChek platform provides a stable security program, automates cybersecurity readiness assessments, and completes SOC 2 audits faster, and the best part – it does all of this from a single platform.

The ByteChek platform is well diversified and provides a ground-up approach to building information security policy. Once done with defining the policies, the platform then connects with the applications that companies use daily to eliminate evidence collection and vague auditor requests.

 ByteChek’s product features include the following: 

• Full suite of integrations
• Information security policy generator
• NIST CSF risk manager and register
• System description generator
• Automated & actionable recommendations
• Real-time chat functionality with your auditors
• Complete access reviews, vendor management, annual policy tests, and much more.

ByteChek has recently become the first cybersecurity software company selected for the accounting-focused startup accelerator sponsored by the Association of International Certified Professional Accountants (the Association) and CPA.com.

 About the Author 

---

Mihir Bagwe is a Tech Writer and part of the editorial team at CISO MAG. He writes news features, technical blogs, and conducts interviews on latest cybersecurity technologies and trends.

 

Related Articles:

• Use SOC 2 Examinations to Keep Your Security Program in “Chek”
• When your CSP has an outage, what does it mean for your SOC 2?

The post In ByteChek, Companies Can Find the “X” Factor for Cybersecurity Compliance appeared first on CISO MAG | Cyber Security Magazine.

By Pooja Tikekar, Feature Writer, CISO MAG

Founded by Tazin Khan Norelius, Cyber Collective is the first and only women of color-owned data ethics, privacy, and cybersecurity research organization. CyCo’s strength lies in research, security awareness, privacy advocation, and data ethics consulting. Given the advancement of tools and systems used for the convenience of end-users, the company firmly believes in engaging in an open dialogue on the modern-day cyber landscape. It explores and analyzes the mechanisms that influence human-technology interactions. Today, engineers, data scientists, and infosec leaders, often find themselves in situations in which they use digital datasets that are collected or shared without informed consent, or those that are impacted by implicit biases. To address this inherent conflict between personal ethics and business goals, CyCo works directly with the community to educate and gather data transparently with an aim of creating a future where technology — though neutral — is overwhelmingly a force for good — for all.

CyCo uses the grounded theory approach in its creative, qualitative research, and then further uses the information to center marginalized folks — those who have historically been pushed to the margins by decision-makers in tech product and policy development — in conversations to impact the next generation of tech product and policy.

Integrating Pop Culture in Learning

Popular culture is an intrinsic element of our social and political lives. CyCo recognizes the value of pop culture in promoting digital literacy and building conversations around technical topics that impact our daily lives, including the impact of technology and how it shapes social dynamics. Using appealing memes, movie references, and unfiltered yet friendly language, the company educates the public and connects with a wider audience through virtual events on Zoom. Through creative and live audience research events, CyCo assesses their knowledge and gathers real-time insights to share workable findings that influence policy and industry. It also caters to its Instagram and Twitter following for social media outreach.

IFundWomen: By the People, For the People

The largest cybersecurity budgets belong mostly to Fortune 500 companies, further confirming that revenue generation or monetization strategies for startups around data privacy research are thinning. Through its IFundWomen Crowdfunding Campaign, CyCo intends to raise financial capital to foster research and bring awareness on the impact of technology on human lives.

Data Rights are Human Rights

Since the U.S. has no single federal law that regulates cybersecurity or data privacy, SMBs and marginalized communities encounter multiple challenges in the way data is consumed. Taking this concern into consideration, CyCo partnered with IT service provider Elroi and non-profit organization, The Markup. Collectively, they launched a new petition to demand the U.S. government to start working on a new national privacy law, to ensure the data protection of marginalized communities that big techs capitalize on. The company’s goal is to:

• Create diverse and public subcommittees as part of the regulation drafting.
• Seek an annual review of regulation compared to current technology advancements and interpretations.

To make its petition actionable, CyCo hosted a virtual event on January 28, 2021 – National Privacy Day. The event was graced by Rachel Cash, CEO and Founder of Elroi; Nabiha Syed, President of The Markup; and Brittany Kaiser, Co-Founder at Own Your Data Foundation and Cambridge Analytica whistleblower.

From February 1 to March 30, 2021, CyCo will continue to host webinars, workshops, and seminars to collect information that helps identify the gaps in our systems. It will also investigate tech’s impact on people who have historically been pushed to the margins by decision-makers in tech and policy.

No industry, program, or topic can truly grow if it remains within the parameters of its comfort. It’s 2021, we should all know by now why we “need more women in cybersecurity,” if you don’t, well shame on you. But the women are here, and we’re making space for ourselves. The change is inevitable, it’s just up to us to make it. Be the change you want to see, or watch things stay the same. At Cyber Collective, we are the change and we’re bringing everyone with us,” says Founder & CEO Tazin Khan Norelius.

About the Author

Pooja Tikekar is a Feature Writer and part of the editorial team at CISO MAG. She writes news reports and feature articles on cybersecurity technologies and trends.

More from the author. 

The post Empowering Marginalized Voices in a Digital World appeared first on CISO MAG | Cyber Security Magazine.

Wearables have become the talk of the town in recent years owing to their wide range of consumer-focused and industry-based offerings. These devices are broadly classified into four types:

• Smart glasses and head gear
• Smart watches
• Wearable medical devices
• Fitness trackers

Of these, the one that really interests and fascinates people the most is the head-mounted wearable display. These devices have the broadest scope of usage as they visually transmit data and information to the eyes via the headgear. Considering the tech industry’s inclination towards, and the demand for wearable gadgets and artificial intelligence (AI), a bunch of tech enthusiasts came together to co-found AjnaLens.

The company, registered under the name Dimension NXG Pvt. Ltd., is co-founded by Pankaj Raut (CEO), Abhishek Tomar (CTO) and Abhijit Patil (COO). Before AjnaLens, all the co-founders worked in different fields. Raut, who comes from a business background, had developed a tech product in 3D scanning, Tomar headed the VFX team at Red Chillies Entertainment and Patil was working with Godrej on process planning and optimization for the manufacturing of Brahmos Missile. However, expertise from various domains is exactly what worked in their favor. They covered all bases required to form a startup – technology, business and operations.

Using the brand name, the company designed AjnaLens – a pair of AI-powered mixed reality (MR) glasses that augments human intelligence. In layman’s terms, this pair of glasses enables the user to use AI and helps in better, concise and real-time decision making in fields ranging from education to enterprise to defense.

The Struggle

The path to success like other tech startups was not flower-laden. Finding the right investors and visionaries who believed in their vision and the future of such a technology was an uphill task. They were in a literal sense talking sci-fi; talking to investors was like talking to people with a James Bond movie script in hand. The industry was unexplored, untouched, and unheard off. Raut, Tomar, and Patil needed brave and visionary people by their side. They were fortunate enough to have met people like Vijay Shekhar Sharma, Founder and CEO of Paytm, and Nailesh Khimji, Director and Board Member – Khimji Ramdas Group (Oman), among other angel investors. After acquiring the required seed funding, it was time to get to the drawing table and this is where the second part of the challenge began.

Network Security and Bandwidth

Uninterrupted streaming of Augmented Reality (AR) based on cloud-hosted content and services requires huge bandwidth and coverage in areas where these wearable AR glasses are deployed. Ensuring reliable Wi-Fi and other modes of network availability in remote locations, where even mobile/cellular network coverage is not present, was a daunting challenge.

Both devices and networks require the highest security standards in sensitive environments to ensure critical, personal and organizational information is not compromised. These devices carry massive amounts of user data ranging from user demographics to personally identifiable information (PII). The team at AjnaLens was very much aware of the cybersecurity aspect of their wearable glasses, especially being in the defense sector. Thus, they implemented multi-layered 256-bit encryption to secure the data and communication of these devices. An in-depth discussion with the team related to the core cybersecurity technology used in the wearable was not possible as they are still awaiting a few security certificates and clearances from the defense authorities. However, after two years of intensive R&D, the team was confident about the data safety of this device and finally launched AjnaLite and AjnaLite Plus at DIDAC in September 2019.

The Beginning of the Rise

The trio was very clear about their first target industry – the Education industry. They found a way to integrate AR/VR technology and AI in one headset, that would help education and training in remote areas. This was the beginning of the rise. The startup was immediately taken note of by the local and international media, and won many accolades including Technology Innovation Leadership Award in Augmented Reality Headset – Frost & Sullivan (2018), Awarded #1 Innovation across India by CII, AICTE & DST, Early Growth IOT Startup of the year – The AEONIAN 2018 and many more.

The Future of Warfare

Meanwhile, the team at AjnaLens saw a huge potential of their technology in the future of warfare. Thus, was born one of the world’s most advanced MR glasses for defense and law enforcement forces – AjnaBolt. This pair of MR glasses was launched at the recently held Defence Expo 2020, in the presence of India’s Prime Minister Narendra Modi, and Defence Minister Rajnath Singh. AjnaLens also signed an MoU with the government to set up a manufacturing unit in the state of Uttar Pradesh, India.

What’s Next

AjnaLens is soon launching an enterprise version of its AR glasses, in 2020, called AjnaOne. To support the manufacturing of the enterprise version and further enhance their AR/VR capabilities, AjnaLens raised a Pre-Series A funding of US$1.5 million which was led by Maharashtra Defence and Aerospace Venture Fund.

With nearly 15+ Patents in AR/MR and allied fields under their name, and after receiving the backing from the Government of India-led institutions like DRDO, Army, Navy and Air Force the co-founders humbly said, “The journey is still challenging. But people are slowly realizing the possibilities and opportunities. They are now coming forward to join hands for a larger vision.”

Company Timeline

 2014 

• Founded in Mumbai Maharashtra
• Founders met at Google startup weekend held at IIT Bombay. Synergies between founders met and decided to start working together on technologies that could have a positive impact on human lives.
• Officially registered on November 14, 2014

 2015 – 2017 

• Raised first funding: Angel Round
• Team Size of 5
• Incubated at Zone Startup India.
• Build an in-house R&D Optics Lab
• Dedicated the 2 years for R&D in Optics, 3D World sensors and tech.
• Got the first fully functional prototype ready.
• Started generating revenue using allied skills in 3D Printing.
• Applied for 6 patents in India.
• Landing 20+ Letters of Interest.

 2018 

• Team size expanded to 10
• Created breakthrough in Multiple Optics for Augmented Reality
• Applied for 6 patents.
• Started multiple Industry paid pilots.

 2019 

• Team exceeds 15 members
• Launched AjnaLite and AjnaLite Plus at DIDAC in September 2019 for pre-orders
• Signed 30+ LOI/MoU with private schools and colleges to setup AR/VR Lab
• First batch manufacturing of AjnaLite and AjnaLite Plus started
• Received grant of ₹ 1.5 Crore (Approx. US$215,000) from the Ministry of Defence (India) under iDEX initiative to give military tanks a see-through capability in 360 degrees (X-Ray Vision)
• Accelerated at Forge accelerator
• Key Customers: DRDO, PM Experts, Army, etc

 2020 

• February, launched AjnaBolt at the Defence Expo 2020
• Completed fundraise of US$1.5 million lead by Maharashtra Defence and Aerospace Venture Fund

About the Author

Mihir Bagwe is a Tech Writer and part of the editorial team at CISO MAG. He writes news features, technical blogs, and conducts interviews on latest cybersecurity technologies and trends.

 

Other Posts from the Author:

• Don’t Just be a Good CISO, Be a Successful CISO!
• OT-ISAC Virtual Summit Brings Together the Best Minds in APAC for OT/ICS Security
• Is the Co-existence of Security and User Experience in Media Industry Possible?
• COVID-19 Pandemic is a Silver Lining for Cybersecurity

**Disclaimer**

CISO MAG did not evaluate/test the products mentioned in this article, nor does it endorse any of the claims made by AjnaLens. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. CISO MAG does not guarantee the satisfactory performance of the products mentioned in this article. The material in this article was curated from brochures and other sources as provided by AjnaLens.

The post AjnaLens – Making Augmented Reality a Reality appeared first on CISO MAG | Cyber Security Magazine.

By Mihir Bagwe, Technical Writer, CISO MAG

It’s a Jungle Out There!

Remember Disney’s famous animated movie “The Lion King”? What was Simba restricted from? He was forbidden from going beyond a certain boundary. Why was he forbidden? Because the threats in the valley were unknown and thus made him vulnerable to attack. The same applies to our urban digitally connected jungle; the threats are unknown, and we need to protect our boundaries.

In the early days of the pandemic, cybercriminals vowed not to attack healthcare facilities and systems that are at the forefront of the COVID-19 war, thus drawing a protected boundary around these services. However, it is a known fact that they use these global episodes and the associated fear among the masses for personal gain. And they did just that. Add to this the vulnerability of the humongous number of people working from home outside the company’s usual security perimeter. No wonder a recent study suggested that 85% of organizations anticipated a threat to business operations from remote workers.

While businesses are pushing to integrate digitization as an indispensable part of the personal and professional lives of the people, it is worth noting that vulnerability and misuse of personal and professional data are ringing serious alarm bells. It is like the threat actors are employing the jungle rules; attack and spread fear, and only the fittest survive. So how can you defend your digitally connected urban tribe from these intrusion threats to your cyberspace? WiJungle, an Indian based startup, may have an answer to this.

The WiJungle Story

Co-founded by Karmesh Gupta and Praveen Gupta in 2017, the company provides a Unified Network Security platform that is trusted by businesses spread across 25+ countries worldwide. Karmesh, due to his keen interest in cybersecurity, had previously worked with Lucideus (a cybersecurity firm founded by his college alumni, Saket Modi). The learnings from his time at Lucideus, the deep understanding about the distributed architecture followed within the cybersecurity industry from their first two ventures in computer networks, and its allied security products, coupled with their failures, helped them persevere in being successful the third time around, with a unique solution that served the need of the hour. The duo did not just succeed but excelled and the world took note of it by showering them with accolades such as ‘Most Innovative Product of The Year in 2018’, Frost and Sullivan – ‘New Product Innovation Award of the Year 2019’, etc. Karmesh’s perseverance was further rewarded when he was selected by Forbes in its annual ‘30 Under 30 Asia 2020’ list.

As they say, all great stories have humble beginnings, and so is it the case with this duo. When asked about the challenges faced in bringing up the startup, the duo mentions, “We had already failed twice, so there was no chance to get capital from any sort of third-party for trying a new venture. Bootstrapping was the only way to take it forward. Consequently, we had a very limited period to develop a minimum viable product (MVP) and turn it into a successful sale to ensure cashflow. If the launch period were missed, the MVP product would have failed to hit the expected sales volume and we would have again been in a deadlock. So, ensuring to be lean was a prime challenge in the starting days.”

The Unified Network Security Gateway

This platform comprehensively offers the capabilities of NextGen Network Firewall, Secure Web Gateway, Web Application Firewall, Hotspot Gateway, DLP, Vulnerability Assessment, etc. with an all-in-one device. The AI and ML-enabled devices help businesses to seamlessly manage and safeguard their entire network through a single window.

WiJungle has a wide range of models to cater to the needs of businesses of all sizes in various sectors such as enterprises, education, hospitality, healthcare, BFSI, transport, retail, defense, smart city, real estate, events, etc.

With many industry giants telling their employees to continue working from home even in the post-pandemic world, in some cases as long as “forever,” it has now become more important than ever to secure your work cum home security perimeter with competent solutions like the Unified Network Security Gateway offered by WiJungle.

Company Timeline

About the Author

Mihir Bagwe is a Tech Writer and part of the editorial team at CISO MAG. He writes news features, technical blogs, and conducts interviews on latest cybersecurity technologies and trends.

 

Other Posts from the Author:

• Don’t Just be a Good CISO, Be a Successful CISO!
• OT-ISAC Virtual Summit Brings Together the Best Minds in APAC for OT/ICS Security
• Is the Co-existence of Security and User Experience in Media Industry Possible?
• COVID-19 Pandemic is a Silver Lining for Cybersecurity

 **Disclaimer** 

CISO MAG did not evaluate/test the products mentioned in this article, nor does it endorse any of the claims made by WiJungle. The facts, opinions, and language in the article do not reflect the views of CISO MAG and thus we do not assume any responsibility or liability for the same. CISO MAG does not guarantee the satisfactory performance of the products mentioned in this article.

The post Wi-Jungle: Keeping Intrusions Away From Your Network Jungle appeared first on CISO MAG | Cyber Security Magazine.

By Mihir Bagwe, Technical Writer, CISO MAG

A recent survey from Forrester revealed that this very abundance of technological investments leaves security teams reeling with how to cobble together data from disparate systems to truly understand their organization’s cybersecurity posture. This is a very reactive, labor-intensive, and not easily scalable approach. Security leaders are understandably looking for new technology and tools to improve their cybersecurity posture, but an evolving threat landscape, compliance, and regulatory hurdles coupled with limited budget and resources make it tedious to effectively implement the best measures.

Before launching Panaseer, CEO Nik Whitfield and his founding team were building advanced threat detection tools at BAE Systems Applied Intelligence, an international business and technology consulting firm. It was here that they observed a majority of the businesses were mature in their cybersecurity methodologies, had cutting-edge technologies, and great talent to handle them. What they tended to lack was visibility into their own IT and security systems. They noticed a need for a platform that could unify IT and security data, establish total visibility, and automate the reporting processes. And thus, was born a new tool for enterprise security, Panaseer’s Continuous Controls Monitoring (CCM) Platform.

What’s the Need for a CCM Platform?

A Continuous Controls Monitoring platform gives CISOs visibility of all their assets and the confidence that security controls are working effectively. It can help businesses make informed risk-based security decisions using technology that cleans, normalizes, aggregates, de-duplicates, and correlates data from any security data source — creating a continuous feed of unified asset and controls insights.

Panaseer’s Continuous Controls Monitoring (CCM) Platform improves enterprise security by offering the following:

• It provides the ability to automatically validate whether proper controls and safeguards are in place and turned on across all asset types such as devices, databases, applications, people, and accounts.
• CCM helps uncover gaps in controls coverage, aligns security with framework standards, automates security metrics and stakeholder reporting, substantiates regulatory compliance, prioritizes risk remediation, and tracks improvement – all while reducing headcount requirements and costs.
• It empowers enterprises to take a proactive approach to security so a control failure does not become a security incident.
• With the launch of Business Risk Perspectives (BRP) as part of the CCM platform, it enables enterprises to pin-down technology risk of mission-critical business processes and operations.
• BRP can isolate and group risks to all asset types of the crown jewels of the business. For example, it helps isolate and understand risks to your trading systems, accounts receivable, or systems with sensitive data such as PII.
• BRP continuously monitors the interrelated risks across asset types aligned to critical parts of the business by conducting a 360-degree, cross-security-domain analysis of everything that needs to be protected across the organization.
• It allows security and risks teams to effectively prioritize risk remediation and maintain a strong security posture

Editor’s note: The material in this article was curated from the data sources provided by Panaseer. CISO MAG has not verified and does not endorse any claims suggested in the product features.

Can CCM Evolve and Scale with Your Growing Needs?

As businesses grow, new data is added, new endpoint nodes are created, and more importantly, new security data sources are added under the cybersecurity periphery of an enterprise. However, scalability is the biggest hurdle in an organization’s expansion plan. Without a scalable security solution, any business will be unable to keep up with growth.

However, the CCM platform has been architected in a way that it can be scaled depending on the customer’s use case requirements and size. Updates to the product are primarily managed by the Customer Success team as part of customer support and maintenance and are not often affected significantly by the size of the deployment. Each customer influences the product’s roadmap individually.

Panaseer’s product team consists of engineers and data scientists that are continually engaged in R&D initiatives based on the feedback received from customers to drive innovation in data-driven security insights. They have made major advancements in delivering the following:

• A distributed graph-based entity resolution algorithm to resolve unique devices. By amalgamating dozens of siloed data sources, a “Smart Inventory” is built. This gives a complete and accurate picture of devices on the network.
• Novel visualizations to intuitively communicate insights represented in complex multi-dimensional data sets.
• Data science delivering unique risk mitigation insights built on an in-depth understanding of security data semantics and key security drivers.
• Sophisticated data engineering applied to build the data pipelines required to prepare diverse security data sets for consistent and trusted analysis. The pipelines perform the ETL required to collect, standardize, and enrich data from a range of sources.
• Campaign tracking capability using data to actively monitor remedial work leading to cyber risk reduction.

Existing products in the marketplace provide partial solutions and many organizations have attempted to build internal solutions, but scaling is always an issue with these approaches. Panaseer claims it has a complete solution that is effective in providing a 360° view of the entire IT infrastructure and can scale with growing business needs.

“Traditional security tools are insufficient for proactive cybersecurity as they don’t provide a complete, real-time view of cybersecurity risk. Threats are becoming more advanced, attackers savvier, and regulation is tightening. This has created a clear market requirement for automated continuous controls monitoring, a new category of solution that provides real-time visibility of assets.The ability to make informed security decisions based on data and metrics will enable security leaders to have validated confidence that their company and customer data is protected.”

 A Continuous Controls Monitoring Platform enables enterprises to:

• See every asset, application, user, and data-set in real-time.
• Uncover gaps in controls coverage.
• Spend less time on reporting.
• Priorities risk remediation based on mission-critical parts of their business.
• Enhance board-level decision-making.
• Establish regulatory compliance via integration with GRC systems.
• Achieve cost efficiency and prove ROI.

Company Timeline

About the Author

Mihir Bagwe is a Tech Writer and part of the editorial team at CISO MAG. He writes news features, technical blogs, and conducts interviews on latest cybersecurity technologies and trends.

 

Other Posts from the Author:

• Don’t Just be a Good CISO, Be a Successful CISO!
• OT-ISAC Virtual Summit Brings Together the Best Minds in APAC for OT/ICS Security
• Is the Co-existence of Security and User Experience in Media Industry Possible?
• COVID-19 Pandemic is a Silver Lining for Cybersecurity

Disclaimer

CISO MAG did not evaluate/test the products mentioned in this article, nor does it endorse any of the claims made by Panaseer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. CISO MAG does not guarantee the satisfactory performance of the products mentioned in this article. The material in this article was curated from brochures and other sources as provided by Panaseer.

The post Panaseer – Delivering Enterprise Security Through Continuous Monitoring appeared first on CISO MAG | Cyber Security Magazine.

By Mihir Bagwe, Technical Writer, CISO MAG

CYFIRMA is a cyberthreat intelligence analytics platform company with a flagship product called DeCYFIR. This product is designed using Artificial Intelligence and Machine Learning (AI/ML) to provide real-time insights, threat visibility, and situational awareness to prevent business losses. It helps organizations discover and decode unknown cyberthreats and mitigate potential risks. The platform aggregates, correlates and analyzes information from the open and dark web, to effectively identify and process potential threats at the planning stage of a cyberattack. It provides deep insights into the cyberthreat landscape, and amplifies the preparedness of organizations by providing relevant, predictive, and prioritized cyberthreat visibility and intelligence.

The predictive capability of the platform gives organizations deep insights that correlate data to form a threat story, providing context to every threat, increasing the accuracy of threat alerts, and helping clients prioritize resources for cyberattack prevention. It also equips organizations with a multi-layered approach to cybersecurity and helps form strategic, management, and tactical viewpoints.

A Company to Watch

The company’s growth and service offerings depend mainly on the leadership, guidance, and mentoring of its C-suite, and CYFIRMA has got the perfect piece to fit in this puzzle. CYFIRMA’s Chairman and CEO, Kumar Ritesh, has over two decades of experience in global cybersecurity leadership and has various certifications including PMP, CISSP, CISM, CISSP-ISSAP, TOGAF 9.1, CIPM, and CIPT, among others, to back his knowledge and skill set. He is a highly dynamic executive displaying a high grade of technological acumen and business skills, along with a strong track record of developing successful cybersecurity strategies, products, policies, standards, and solutions.

His resume also includes the development of prototypes for data loss prevention, social profile risk assessment, web content assessment management, intelligence-led cyber risk management, and adaptive cyberthreat intelligence tools.

“Cyberthreat intelligence is an increasingly overused terminology, confusing the industry and blurring the lines between information and quality intelligence. This is where CYFIRMA steps-in.”

 

Ritesh always observed that organizations struggled to understand the external threat landscape, as their cyber posture management was highly focused on internal protection, security controls, and building firewalls. This was proving ineffective, given that threat actors always kept modifying their approach, methodology, and techniques. A productized offering was needed to help organizations consume multi-dimensional intelligence driven by deep technology —thereby making cyber posture management efficient and effective.

CYFIRMA’s clients are exclusively provided with:

• Client-tailored and customized Outside-in/Hacker’s view of the cyberthreat landscape.
• Multi-dimensional strategic, management and tactical cyberthreat visibility and intelligence.
• Threat indicators at the planning stage versus the execution and exploitation phase of a cyberattack.
• Indicator centered threat hunting capabilities, which could be as simple as a conversation or geo-political issue driving the cyberthreats and risks.
• An ability to integrate intelligence and insight into risk management, cyber posture management, and regulatory, compliance, governance, investment, and resource management.
• Deeper analytical insights into situational awareness, cyberattacks and events, incidents, vulnerabilities, technology, or regulatory shift.

CYFIRMA has a team of highly experienced professionals with rich expertise in the cybersecurity domain along with AI and ML, among others. We believe CYFIRMA is the company to watch out for in 2020, especially with its core product DeCYFIR, which is being upgraded.

Company Timeline

About the Author

Mihir Bagwe is a Tech Writer and part of the editorial team at CISO MAG. He writes news features, technical blogs, and conducts interviews on latest cybersecurity technologies and trends.

 

Other Posts from the Author:

• Don’t Just be a Good CISO, Be a Successful CISO!
• OT-ISAC Virtual Summit Brings Together the Best Minds in APAC for OT/ICS Security
• Is the Co-existence of Security and User Experience in Media Industry Possible?
• COVID-19 Pandemic is a Silver Lining for Cybersecurity

The post CYFIRMA Brings Cyberthreat Intelligence to the Fore appeared first on CISO MAG | Cyber Security Magazine.