"Our technology simulates a human hacker, and has the capability to simulate all possible attack scenarios"
- Bikash Barai, CEO, iViz Security
iViz claims that the cloud-based model offers significant advantages over a traditional model. “Conventional penetration testing or ethical hacking is driven by consultants and hence is time consuming, costly, non scalable and lacks uniformity in quality. Compared to this, a SaaS-based model offers scalable penetration testing with easy compliance to standards such as SOX, HIPAA, ISO 27001 and PCI DSS. Our technology simulates a human hacker, and has the capability to simulate all possible attack scenarios,” claims Bikash Barai, CEO, iViz Security. The firm has already won numerous awards from organizations such as the US Navy, US Department of Homeland Security, Intel, University of California Berkely, Red Herring, Nasscom etc.
The ability to simulate all possible attack paths is crucial, as most standalone technology solutions are not able to understand the big picture behind multiple small attacks. thereby providing a more comprehensive solution. For example, in complex security threat scenarios, attackers exploit multiple security weaknesses that individually are not critical, but in the aggregate, they allow an attacker to compromise business critical data. iViz’s solution uses artificial intelligence techniques to address this issue.
Barai explains this with the help of an example. “While conducting one conventional penetration testing exercise during the year 2006, it dawned on us that even as a security expert; we cannot comprehensively detect all multi-stage attack path possibilities. Especially, once a network is successfully broken into, we tend to become complacent and the mental incentive to find all and every ways to penetrate diminishes. To overcome this barrier related to basic human instinct, we explored the usage of artificial intelligence to simulate all multi stage attack possibilities. We have developed a technique to compute all possible permutations and combinations of attack paths in a complex network or a system. Such a simulation process has high complexity and demands very huge infrastructure and huge amount of time. We optimized the process using different techniques, which has made it possible for us to detect such attacks.”
iViz has partnered with security consulting firms to lower their operational cost and increase their scale of operations. Many organizations have already partnered with the firm since they can now do business at any scale while maintaining almost zero operational cost.
As the cloud-model is built for scale, it scores heavily over traditional models.
“Any known security firm can conduct penetration testing using consultants and tools. However, the problem is with the cost, scalability, uniformity in quality and manageability of vulnerabilities. Most of the security firms would not be able to handle customers who have 600 applications that need to be tested four times a year. They will not be able to hire enough people to do the job,” explains Barai.
Due to the high costs, customers do not test all their applications, which in turn, results in partial security. The cloud-based model enables firms to test hundreds or thousands of applications in parallel which is not possible in the case of the consulting approach.
For iViz, the scale of opportunities on the global stage is huge, as globally there are more than 165 million online websites that need protection. “The security testing market is more than 3 billion USD in size. Our vision is to build a 100 million USD company in this space,” says Barai.