Startup Cybric aims to reduce time between detecting and remediating breaches
- 27 January, 2016 04:44
Startup Cybric is working on a cloud-based platform to help businesses find out about breaches quickly and clean them up as fast as possible.
It will do that with its platform, Continuous Security Delivery Fabric that creates a clone of network elements in its cloud and runs tests against them looking for vulnerabilities. Because the work is done in the cloud, it doesn’t slow down or interfere with the business’s production network, the company says.
Because multiple tests can be run in parallel in the cloud, the time it takes to find vulnerabilities is reduced, the company says. Alternatively, customers can run the Continuous Security Delivery Fabric on premises.
The company lumps itself in a category defined by Gartner as security operations, analytics and reporting (SOAR), which includes EMC, CyberSponse, Proofpoint, Resilient Systems and Swimlane.
Some of the companies Cybric feels it competes with are Cyber Ark, Dell Secure Works, Tanium, Palo Alto Networks and Rapid7.
Key factors for this SOAR category are that products gather state information about the network, evaluates it within a business context and orchestrates a response, according to Gartner’s “Innovative Tech Insight for Security Operations, Analytics and Reporting”.
Continuous Security Delivery Fabric is a cloud service that discovers the network automatically, and makes thin clone copies of network assets within Cybric’s cloud network. There it runs tasks or scans against these copies in order to discover vulnerabilities, misconfigurations, poorly written code and the like.
To do so users define targets, called fibers, for the platform to work against. Targets can be a variety of assets such as applications, code repositories and IP ranges. Then they set tasks – security policies to run against the tasks – that are called business resiliency integrated controls (BRIC), to run against each fiber. The sum of these fibers and BRICs becomes the customer’s security fabric. BRICs define what action to take if vulnerabilities are found.
A simple task might be to send out an alert when a BRIC finds that a specific application hasn’t been patched. Or it could be automatically scanning Ruby on Rails source code being written by the customer using the vulnerability scanner Brakeman before it can be merged into code posted to GitHub. If the code is found secure, the Continuous Security Delivery Fabric allows it to be merged; if vulnerable, it sends an alert.
Customers can use their own security tools or enlist third-party tools as part of BRICs, which can be run on a regular schedule.
Continuous Security Delivery Fabric can act on corporate resources that are located in commercial cloud vendors’ networks, which can be useful to developers who need to create virtual machines on the fly to test their work. Because BRICs can be assigned to IP ranges, any new virtual machine developers create will be subject to the appropriate BRIC screening automatically.
Scanning tools the platform currently supports are Nikto, NMAP, Metasploit, Brakeman and OWASP. It plans to support CoreSecurity, IBM – Qradar, IBM – AppScan, Rapid 7 and Qualys. It supports these communications tools: Slack, PagerDuty, email and native SMS, with plans to add DataDog.
As for remediation tools, it supports Cybric Remediation and ServiceNow, with Remedy and IBM BigFix on the planning board.
Cybric is based in Boston and funded with $1.3 million in seed funding led by Petrillo Capital and angel and strategic investors.
Continuous Security Delivery Fabric is in beta. Those who want to participate, click here.