The cyber security market is too focused on selling products and services instead of helping its customers remain safe, says Ilia Kolochenko, founder and CEO of High-Tech Bridge (HTB), a Swiss company which offers affordable ethical hacking services to SMBs.
HTB recently made the news after its researchers discovered and disclosed a slew of cross-site scripting flaws in Yahoo’s services, and got a t-shirt as a reward. This incident, popularly known as the “T-shirt-gate”, drew the ire of the security community and forced Yahoo to speed up the introduction of a new ‘bug bounty’ programme.
The ImmuniWeb service offered by HTB subjects websites to 12 hours of automated scanning and 12 hours of live penetration testing, with the results presented in a summary written by a security expert which includes recommendations tailored to individual customers.
Kolochenko, who visited London for the InfoSec 2014 conference, told TechWeekEurope the service is unique because it offers real penetration testing starting from just $639 (£380).
HTB was founded in 2010 to develop an automated vulnerability scanner which would make information security more efficient. The company also pioneered an innovative business model – Kolochenko told us he was disappointed by many of the sales techniques employed by large security vendors, and wanted to make something “reasonable and fair”.
In contrast, ImmuniWeb offers a comprehensive one-time service that costs just £380. Customers can simply submit the address of their website along with their payment details, and expect a report in a few days. The whole sign-up process takes about ten minutes. It was designed to be as straightforward as possible, so even non-technical people are able to use the service – after all, smaller businesses often have a website, but don’t always have an IT department.
“Automated tools are cheap and fast, but their vulnerability detection rate is quite low, and you need an IT guy to filter the results to make sure there are no false positives,” explained Kolochenko. Meanwhile, traditional penetration testing services usually require preparation, a lot of paperwork – non-disclosure agreements, insurance, and the like – and come with a heavy pricetag.
“So one of the solutions is very reliable but it’s long, complicated and expensive, and the other is affordable, but not very efficient. My idea was to not just create one more security scanner, but combine manual testing with automated scanning.”
Here’s how ImmuniWeb works: a proprietary scanner automatically detects vulnerabilities in databases and web applications, as well as checking if a website’s SSL certificates are in order. An ‘ethical hacker’ then investigates code highlighted by the scanner, while paying attention to the areas that it might have missed.
HTB’s security professionals also look at phishing websites that could imitate the customer’s brand, and checks hacker resources for any mention of the vulnerabilities on the target website.
The resulting report is very unlike the hefty documents generated by some of HTB’s competitors – the company guarantees that its employees will spend at least six hours writing the concise summary, with recommendations on how to fix the problems discovered during testing.
Kolochenko says that ImmuniWeb is not a replacement for a full penetration test or a complete security audit, but it gives a clear indication of the state of the IT infrastructure, and can help fix serious issues.
What do you know network security? Find out with our quiz!
After axing 31 percent of its workforce when it failed to be acquired by Amazon,…
Mozilla Foundation axes 30 percent of its staff, and is eliminating its Advocacy Division that…
Improving security. Mandatory multi-factor authentication (MFA) is coming to the Google Cloud by the end…
New AI assurance platform from UK government will help businesses ensure they can safely develop…
Protecting kids? Australian government confirms plan to implement restriction on social media for children under…
Canada ordered China's TikTok business in the country to be dissolved over national security risks,…