M. Koster and S. Sehgal, Founder and CEOIn the wake of its rapid adoption, cloud computing has become a well-trodden path for enterprises to embrace digitalization. In the same way like the real clouds continue to move across the horizon, the technology is constantly shifting. According to a report, the SaaS market is anticipated to grow at a compound annual growth rate (CAGR) of 21.20 percent during the forecast period2018-2023. Against this ever-changing backdrop, the challenge for most B2B players boils down to matching the speed at which their cloud environments are changing, while also staying secure. In the same vein, when it comes to agile development, CIOs need to find a way to perform continuous security testing at the speed of DevOps without wiping out their security budget. What these CIOs require is effective and continuous vulnerability management to find every security hole and seal it off from potential hackers, before it could slip through the cracks.
Enter BreachLock. The New York-based company empowers its clients with unified capabilities such as Penetration Testing as a Service, network vulnerability scans, and Web DAST scanning. BreachLock offers a cloud-based platform and delivers these capabilities as a SaaS experience—making it an ideal choice for organizations that are either augmenting or migrating to the cloud. The uniqueness of BreachLock stems from its ability to combine the power of Artificial Intelligence, the cloud, and human hackers to deliver an on-demand, scalable, and cost-effective vulnerability management solution. “We have recently launched our RATAframework (Reliable Attack Testing Automation) that comprise RATA-Web and RATA-Network—industry’s first Artificial Intelligence, cloud and human hacker-powered automated web vulnerability scanners that uncover vulnerabilities in both network and application assets,” says S. Sehgal, Founder and CEO of BreachLock. RATA-Web is an online vulnerability scanner for websites and requires no security expertise, hardware, or software installation. On the other hand, RATA-Network focuses on network layer security gaps—with just a few clicks, one can launch scans for vulnerabilities, get a report of the findings that include recommendations on a potential solution. BreachLock also offers a virtual appliance, embedded with RATA-Web and Network capabilities, which can seamlessly be deployed in the cloud as well as a local network.
The BreachLock platform presents a single pane view to its clients throughout the lifecycle of a vulnerability, providing them with complete control and transparency of their security posture. The platform, with its unique capabilities, allows clients to find and fix a potential cyber breach through a cyclic four-step process. To begin with, the first step of onboarding involves adding users to BreachLock’s SaaS, creating a dedicated ticketing workflow for each project, and providing them all the information needed to scope and schedule the test correctly. The second step focuses on the execution of manual tests or automated scans that result in online and offline reports; real-time alerts are sent to users based on alert settings. Next, BreachLock provides remediation advice as a standard input in all reports, while also listing all findings in the portal.
This is where users can create a ticket with questions for one or more findings. “Our security researchers provide direct support to any queries raised by developers or sysadmins. This way, all teams can collaborate directly with our security researchers and mitigate vulnerabilities faster,” adds Sehgal. The third step is followed by retesting. Sehgal explains, “For most vulnerabilities, it’s possible to launch an automated patch validation process where you get to know if the fix was successful. In other cases, it’s possible to request a manual retest from within the portal with just a click.”
The uniqueness of BreachLock stems from its ability to combine the power of Artificial Intelligence, the cloud, and human hackers to deliver an on-demand, scalable, and cost-effective vulnerability management solution
BreachLock platform is primarily leveraged by enterprise clients to satisfy independent security testing and validation requirements. BreachLock reports—based on industry-standard methodologies such as OWASP and NIST—are widely accepted by Fortune 500 companies. The company also specializes in meeting the need for continuous manual testing and automated scanning for compliance with SOC2, PCI DSS, ISO 27001, and HIPAA requirements. As a large section of its clients comprises B2B SaaS companies, BreachLock is a natural fit to provide iterative and on-demand testing options mapped to each software sprint released by the clients. For instance, BreachLock’s platform had been instrumental in taking the security testing initiatives at BrainFights to the next level. BrainFights regards security as an important ingredient of CodeSignal— the company’s SaaS platform for technical skills assessment—and conducts annual penetration testing for their applications and network. Owing to its comprehensiveness, expertise, communication skills, and ease of collaboration, BreachLock was an obvious choice for BrainFights. Right from the sales process to creating reports and putting appropriate measures into place, BreachLock’s intuitive and user-friendly platform assisted the client in achieving their goals pertaining to security testing.
While BreachLock continues to script similar success stories for its clients, Sehgal reveals that the company’s biggest strength lies in its ability to mobilize security research initiatives. Moving forward, BreachLock’s expansion efforts in people, process, or technology areas are focused on realizing its immense potential in the rapidly growing SaaS market. “We plan to expand our offerings in all major cloud-native market places to further improve our market penetration in the cloud security market,” concludes Sehgal.