Eoin Keary, CEO
Scrolling down the twitter handle of Eoin Keary (@eoinkeary), CEO and founder of edgescan, one can notice a video of a nine-year-old kid that has hit seven million views. The boy with a basketball tucked under his arm is seen reciting a motivational speech about the importance of hard work as he is heard saying, “You have to be the shark of the ocean or the fish of the ocean. Alright, now we have to be the shark; take over everything, strength, no weakness, power, muscle.” It is hardly surprising as to why Keary shared the video; he understands the challenges of bringing a startup from scratch to a successfully running business, better than anyone. During his time as a global board member and leader of multiple projects of the open web application security project (OWASP.org), in the year 2011, Keary realized the flaws of the vulnerability management industry and decided to change the status quo. “Reliance on automation alone does not work,” states Keary. In order to address some of the major challenges of the industry including skill shortage, the accuracy of security assessment processes, and scalability, Keary laid the foundation for edgescan in 2012. Just a few years after the launch of their flagship vulnerability assessment platform in 2015, edgescan has emerged as one of the most compelling software security firms with global sales and a seven-figure turnover. The “edgescan Fullstack Vulnerability Management and Intelligence” system is offered via a SaaS to assist companies to get the most from their vulnerability scanning and management investments.
Change is Good if Detected
As an experienced software security professional, Keary’s center of focus during the initial phase of the company's inception was to build a system that works round the clock, is highly scalable and accurate. His well-planned approach is the best bet to defeat blackhats and keep pace with system development. Vulnerability management is not a new genre in the cybersecurity arena, but edgescan’s approach to threat hunt is a stark contrast to all the conventional norms. “We use technology, human intelligence, and expertise in a continuous manner to find the weaknesses in web apps, cloud, and hosting infrastructure,” he says. In addition to a lack of expertise and experience, Keary adds that “the industry lacks a systematic process to validate risks at scale whilst also maintaining accuracy.”
Further, relying on security automation alone results in inaccuracies, false positives, and false negatives. Oftentimes, vendors misinform their clients of a potential security risk when there is no risk at all. This is the reason why edgescan defines the depth and scope for automation to take charge over specific tasks. In effect, their system uses automation for scenarios such as vulnerability scanning, coverage verification asset profiling, correlation, and scheduling. Meanwhile, the conventional approach of vulnerability management silos the web application layer and the supporting host, which made software security a cumbersome task. Besides that, the traditional way of countering cybercrimes requires consultants performing testing regularly, but the industry concludes that in the face of sophisticated attacks, this method is no longer productive, is too expensive and can’t keep pace.
To begin with, edgescan offers a full-stack vulnerability management solution which empowers their clients with unparalleled vulnerability detection and continuous system visibility.
The industry lacks a systematic process to validate risks at scale whilst also maintaining accuracy
Full-stack vulnerability management revolves around regular/continuous assessments and detection of changes across the entire technology stack. As edgescan resorts to this approach, even when the client deploys new code to an existing system, the solution detects the change that may give rise to a vulnerability and performs an assessment. This way edgescan keeps pace with change.
Along with performing technical assessments, edgescan also performs business logic assessments for additional protection using human expertise. The former includes the detection of issues concerning the source code, and problems with the patching while the latter corresponds to the weak points of business processes on the web application or the API. The technical and logical assessment is followed by the validation of vulnerabilities during when the false positives are detected using delta analysis and correlation. Similarly, the importance of risk rating cannot be understated; “prioritizing the risks based on the impact it can produce is critical.” This approach aids the client in focusing and fixing threats that are most vulnerable. The company also employs a smart alert system, through which edgescan notifies its customers in the event of a significant vulnerability or other event being detected.
Yet another centerpiece of edgescan’s solution is the generation of the web application firewall (WAF) rules when a vulnerability whose fix is unknown is detected. Specific rules can be auto generated and can block the discovered vulnerability. “WAFs become really helpful for clients who use legacy systems that are not modernized,” says Keary.
Prevention is Better than Cure
Through their SaaS, edgescan supplies customers with a virtual penetration testing team who provide support, retesting, and verification of vulnerabilities on demand. As for the dire need for “intelligence,” edgescan’s Vulnerability Intelligence (VI) portal and API, a highly scalable solution, helps clients detect vulnerabilities, track issues, provide metrics and maintain visibility dynamically.
Today’s cyberattacks have turned toward automation, where the threat can lay dormant and strike at an appropriate time. Irrespective of the company size, organizations are targets to cyberattacks, as they own digital assets that have a monetizable value in the cyber marketplace. Cybercriminals own systems that continuously look for vulnerabilities, and the challenge is to find the weakness much before they do. This is why edgescan delivers HIDE (Host Index, Discovery, and Enumeration) a continuous asset profiling and alerting service which is part of every edgescan license. edgescan can be purchased on an annual license basis and unlimited security assessments can be performed throughout the year without any hidden service charges.
For highly regulated industries such as financial services where compliance is mandatory, edgescan’s full stack vulnerability management offers assurance and confidence via a combination of technology and human intelligence while helping clients stay compliant with the data protection and regulation acts.
In the online gaming and sportsbooking industries, edgescan’s services enable agility and protection for sensitive data. edgescan works with most successful companies in the gaming sector and keeps pace with their security requirements. As personal data theft is a common threat in the healthcare sector, the company ensures security, meanwhile adhering to the compliance practices—GDPR ,FISMA, and NIST 800-53, to name a few. Government organizations, retail e-commerce, pharmacy and media and entertainment are the other sectors that use edgescan’s services. The company also offers mobile app security and license plans. edgescan also publishes a vulnerability statistics report which discusses the weaknesses that the company identified over the previous years.
Patching the Holes
Driven by the principle of being proactive and always staying a step ahead of cybercriminals, the firm’s vulnerability management service has become an asset for media and retail organizations. As they have to update their content and services frequently, edgescan provides them a security solution for continuous vulnerability detection. For instance, one of the largest media companies, struggling with security audits at scale for their websites sought the help of edgescan’s teams, who not only gathered information about their websites but also conducted vulnerability tests on demand and a continuous basis. The firm focused on the risk posed by the client’s sites and highlighted errors and issues. In a matter of days, the client was able to see various risks being published on their portal. edgescan prioritized the discovered risks, identified and also validated when the issues were fixed. These measures increased the media firm’s security awareness and preparedness to mitigate cyber risks. Further, the information provided by edgescan helped the client in generating internal tickets for patching up the vulnerabilities, mapping responsibilities to different business units via edgescan API integration. The media behemoth was also able to prioritize risk management and eventually succeeded in securing websites against the threats on a continuous basis.
"We use technology, human intelligence, and expertise in a continuous manner to find the weaknesses in websites and computer systems"
The success stories akin to the media organization stem from edgescan’s expertise in accurately evaluating vulnerabilities and integrating disparate systems. Numerous clients have already started banking on edgescan as their virtual cyberteam. Government agencies have also shown faith in edgescan, and this is evident from the fact that the company was awarded multiple six-figure grants by the Irish government for research and development. Besides leveraging cutting-edge technologies like machine learning and AI to prepare organizations for probable cyberthreats, edgescan is also focusing on predictive security which relies on historical data of the client coupled with threat intelligence. “We have a dedicated team of developers and cybersecurity experts for whom continuous innovation is a priority to stay a step ahead in offering top-notch solutions,” adds Keary. Optimistic about his company’s future, he reiterates the words of the kid from the video, “Don’t put yourself down; motivate yourself, keep yourself up, pumped and ready for any challenge.”