A Unified Status Picture for Organizations
Israeli start-up company Vulcan Security is working on a solution for one of the primary challenges of the cybersecurity world – computer system updating. Special interview with the company's founders
Ami Rojkes Dombe
| 19/10/2018
Illustration: Bigstock
The Israeli start-up company Vulcan Security is currently attempting to resolve one of the primary challenges of the cybersecurity world – computer system updating. They describe their solution, in simplified terms, as a combination of automatic IT management and SecDevOps. "In a business organization, you look at three tiers when it comes to information security: infrastructures (operating systems), applications and code development," explains Yaniv Bar-Dayan, Vulcan Security's CEO.
According to Bar-Dayan, who founded the company with Tal Morgenstern and Roy Horev, the complexity starts with the spotting of organizational vulnerabilities. To spot these vulnerabilities, an organization has to employ vulnerability scanners. On average, organizations that employ such tools use between 5 and 15 different scanners. At the conclusion of the scanning cycle, each scanner provides a voluminous report of all of the vulnerabilities it had spotted, divided by technical complexity.
"The technical complexity of a vulnerability is not necessarily relevant to the evaluation of the risk facing the organization," says Bar-Dayan. "In reality, there is a broader context that determines the risk facing the organization. A part of it relies on information as to which vulnerabilities were exploited recently. If we found a technically complex vulnerability but no one had ever exploited it, would it be a more severe threat than a common but less technically complex vulnerability? On top of that, we should add the relevant threat based on the organization's configuration. In most cases, the products of the scanners undergo manual analysis by the organization, which takes hundreds of working hours on average."
Having understood and prioritized the vulnerabilities identified, the organization moves on to the next stage, which is to understand how to fix the vulnerabilities. At Vulcan Security, they explain that every vulnerability may have several solutions, but no central database is available that concentrates everything. Owing to this situation, the organization must search for a solution to the vulnerability on its own. Having found a possible solution, it should test that solution in a safe environment before deploying it through the organizational network. Testing takes a long time to complete and does not always succeed. Consequently, this is a long, time-consuming stage.
Even when the organization has found a solution for the vulnerability, the organizational information security department should contact another organ within the organization (normally the one that runs the computer [IT] systems) and ask it to deploy the solution throughout the organizational network. As these are two different departments, the deployment of the information security solution may not be the top priority. Sometimes the deployment encounters technical obstacles and a reevaluation process is necessary.
"Prioritizing the threat, selecting the solution and deploying it are time-consuming, organizationally complex processes with a steep cost in man hours. No central solution is currently available that allows you to see everything in one place. Even if the organization has a Security Operations Center (SOC), the Center will not address the problem. It is the function of the SOC to handle existing attacks. It does not handle the stage of managing known vulnerabilities. These are two different worlds as far as the management concept is concerned," explains Bar-Dayan.
"Owing to these challenges, many organizations manage their handling of known vulnerabilities through Excel files. The updating management products currently available are also decentralized and there is no single, central solution. There are as many updating management systems as there are vulnerability scanners. This is the problem we come to solve.
"Our system provides the organization with a unified picture for all of the processes associated with the updating of computer systems. The platform runs in the cloud or on an internal infrastructure within the organization (available as of mid-2019) and links to the vulnerability scanners the organization runs to collect information. On the other hand, it links to the IT management systems in order to fix the vulnerabilities. This system closes a loop with regard to the updating of the digital assets throughout the organization."
A Dedicated Picture of Threats
One of the challenges facing the system involves the attempt to prioritize the solutions for the vulnerabilities identified – automatically. Vulcan Security accomplishes this objective by connecting to the existing GRC systems or through manual prioritizing by the organization. Additionally, the Company produces a database of globally known vulnerabilities and the solutions available for each vulnerability. As the system knows the configuration of every organization, it can provide a suitable, specific threat picture for each organization out of that database. Having determined the solutions for the vulnerabilities identified, the system will activate the IT management tools available to the organization according to the updating policy the organization had set in advance.
The solution connects to the organizational systems through an Application Programming Interface (API) and the connection lasts up to one hour. In the case of an unfamiliar product, Vulcan Security will develop an interface to the system for that product within a few days. "The system knows how to present a graphic interface of a patch updating campaign. We divide the organizational network into business contexts (production line or department) and set an updating policy for each business cluster. The policy will determine which updating processes will be automatic and which processes will be manual," explains Bar-Dayan.
"It is important to stress that the automatic updating of the solutions for the vulnerabilities relies on automatic IT management systems that are already available to the organization. The additional element we provide is connecting those systems to the information security world. The clients' tolerance toward automation increases for two reasons – the excessive load of information security tasks and the shortage of personnel. The organizational vulnerability management world is a process that will accompany the organization for years to come. We do not guarantee that the organization will not encounter new information security problems. Instead, we enable the organization to resolve the existing problems faster using our state-of-the-art management system."
Israeli start-up company Vulcan Security is working on a solution for one of the primary challenges of the cybersecurity world – computer system updating. Special interview with the company's founders
Illustration: Bigstock
The Israeli start-up company Vulcan Security is currently attempting to resolve one of the primary challenges of the cybersecurity world – computer system updating. They describe their solution, in simplified terms, as a combination of automatic IT management and SecDevOps. "In a business organization, you look at three tiers when it comes to information security: infrastructures (operating systems), applications and code development," explains Yaniv Bar-Dayan, Vulcan Security's CEO.
According to Bar-Dayan, who founded the company with Tal Morgenstern and Roy Horev, the complexity starts with the spotting of organizational vulnerabilities. To spot these vulnerabilities, an organization has to employ vulnerability scanners. On average, organizations that employ such tools use between 5 and 15 different scanners. At the conclusion of the scanning cycle, each scanner provides a voluminous report of all of the vulnerabilities it had spotted, divided by technical complexity.
"The technical complexity of a vulnerability is not necessarily relevant to the evaluation of the risk facing the organization," says Bar-Dayan. "In reality, there is a broader context that determines the risk facing the organization. A part of it relies on information as to which vulnerabilities were exploited recently. If we found a technically complex vulnerability but no one had ever exploited it, would it be a more severe threat than a common but less technically complex vulnerability? On top of that, we should add the relevant threat based on the organization's configuration. In most cases, the products of the scanners undergo manual analysis by the organization, which takes hundreds of working hours on average."
Having understood and prioritized the vulnerabilities identified, the organization moves on to the next stage, which is to understand how to fix the vulnerabilities. At Vulcan Security, they explain that every vulnerability may have several solutions, but no central database is available that concentrates everything. Owing to this situation, the organization must search for a solution to the vulnerability on its own. Having found a possible solution, it should test that solution in a safe environment before deploying it through the organizational network. Testing takes a long time to complete and does not always succeed. Consequently, this is a long, time-consuming stage.
Even when the organization has found a solution for the vulnerability, the organizational information security department should contact another organ within the organization (normally the one that runs the computer [IT] systems) and ask it to deploy the solution throughout the organizational network. As these are two different departments, the deployment of the information security solution may not be the top priority. Sometimes the deployment encounters technical obstacles and a reevaluation process is necessary.
"Prioritizing the threat, selecting the solution and deploying it are time-consuming, organizationally complex processes with a steep cost in man hours. No central solution is currently available that allows you to see everything in one place. Even if the organization has a Security Operations Center (SOC), the Center will not address the problem. It is the function of the SOC to handle existing attacks. It does not handle the stage of managing known vulnerabilities. These are two different worlds as far as the management concept is concerned," explains Bar-Dayan.
"Owing to these challenges, many organizations manage their handling of known vulnerabilities through Excel files. The updating management products currently available are also decentralized and there is no single, central solution. There are as many updating management systems as there are vulnerability scanners. This is the problem we come to solve.
"Our system provides the organization with a unified picture for all of the processes associated with the updating of computer systems. The platform runs in the cloud or on an internal infrastructure within the organization (available as of mid-2019) and links to the vulnerability scanners the organization runs to collect information. On the other hand, it links to the IT management systems in order to fix the vulnerabilities. This system closes a loop with regard to the updating of the digital assets throughout the organization."
A Dedicated Picture of Threats
One of the challenges facing the system involves the attempt to prioritize the solutions for the vulnerabilities identified – automatically. Vulcan Security accomplishes this objective by connecting to the existing GRC systems or through manual prioritizing by the organization. Additionally, the Company produces a database of globally known vulnerabilities and the solutions available for each vulnerability. As the system knows the configuration of every organization, it can provide a suitable, specific threat picture for each organization out of that database. Having determined the solutions for the vulnerabilities identified, the system will activate the IT management tools available to the organization according to the updating policy the organization had set in advance.
The solution connects to the organizational systems through an Application Programming Interface (API) and the connection lasts up to one hour. In the case of an unfamiliar product, Vulcan Security will develop an interface to the system for that product within a few days. "The system knows how to present a graphic interface of a patch updating campaign. We divide the organizational network into business contexts (production line or department) and set an updating policy for each business cluster. The policy will determine which updating processes will be automatic and which processes will be manual," explains Bar-Dayan.
"It is important to stress that the automatic updating of the solutions for the vulnerabilities relies on automatic IT management systems that are already available to the organization. The additional element we provide is connecting those systems to the information security world. The clients' tolerance toward automation increases for two reasons – the excessive load of information security tasks and the shortage of personnel. The organizational vulnerability management world is a process that will accompany the organization for years to come. We do not guarantee that the organization will not encounter new information security problems. Instead, we enable the organization to resolve the existing problems faster using our state-of-the-art management system."
