So here’s the thing with cybersecurity: It’s so big and such a hot topic and acknowledged to be so important and yet, as, say, an individual retail company, it’s still really difficult to know exactly what your “defensive posture” is.
If an attack happens, will the measures you have in place be enough? At the moment, executives deciding whether or not to beef up security have to depend either on the assurances of cyber-tech salesmen or the best guesses/gut feelings of their IT department.
Neither is quiet ideal, and Christopher Key, cofounder and CEO of Verodin, thinks it doesn’t have to be this way.
After his previous company Enira was acquired by ArcSight in 2006, Key spent some time consulting while dwelling on what he considers one of the really big questions of cyber security — is it working? Key and his team founded Verodin to answer just that very question, and now, after two and a half years of R&D, the company is “coming out of stealth.”
Key said the timing couldn’t be better. “Five years ago cybersecurity was just a checkbox,” he told Technical.ly. But now, in an era were huge data breaches make international headlines on the regular, “people are really hungry for this information.”
The initial philosophy of cybersecurity was prevention-focused, seeking “defense in depth.” This, essentially, means “have as many layers of security as possible.” But how well do those layers work together? Are there any gaps all layers share?
Reston-based Verodin aims to “help companies understand how their cyber tech will respond” to an attack, allowing those companies, in turn, to ask whether they’re happy with what’s in place. It’s kind of like security for your security.
Verodin’s software uses “Instrumented Security” to gather this information by safely executing attack behavior to generate reports on what security is going to see when a given attack is perpetrated, what it’s not going to see and how it will respond. This is valuable information not only for a company’s cyber team, but also for executives strategically deciding when and where to build out security capabilities.
Key puts it this way: “If you’re interested in the effectiveness of the dollars spent on security, you’ll be interested in this.”
Yeah, that sounds pretty interesting.