Organizations need to fully understand and proactively address cybersecurity risk to become more resilient to cyber-attack.

The security assurance that organization’s hope to achieve is often measured by performing cybersecurity testing against the operating environment. This environment often has multiple attack vectors, many of which are not known or explored, by the organization itself.

At the same time, the operating environment is changing through forces such as technological obsolescence, or to adapt to the marketplace, or to fulfill the organization’s mission. This changing landscape makes it difficult for people, process, and technology to adapt in lockstep to protect it, leading to a weakening of security posture.

What we have learned through hundreds of cybersecurity engagements is that we can almost always find an attack vector that could lead to an undesirable impact, even within the limited timeframe of testing. When presented with these findings, an organization attempts to mitigate vulnerability to reduce the operational risk to an acceptable level.

While this effort helps, the organization is only addressing the weaknesses discovered in the restricted scope of the engagement during a point in time. They are helping to reduce operational risk, but they don’t have a complete picture of risk. Even with this understanding, an organization can be lulled into a false sense of security, until a threat is realized.

Until now, the industry has been attempting to address this gap by moving towards more frequent testing such as continuous penetration testing. This testing is better than a point in time, can address more of the operating environment, and some of the testing can be automated. However, it is often unaffordable, requires experts, and still doesn’t address the entirety of operating risk.

It also places undue emphasis on known attacks and known vulnerabilities, rather than unknown or unexplored attack vectors. Other tools promise autonomous testing but have been shown to cause negative impact and therefore cannot be trusted to be run in sensitive environments.

We set out to build a platform to address these challenges. We are realizing the promise of automation through innovations in artificial intelligence and cloud computing coupled with a human in the loop to drive decision making and execution. We are building a platform that can capture organizational memory, so that it can maintain a baseline of the operating environment and guide exploration of the unknown so that we can constantly improve our understanding of operational risk.

We are facilitating vulnerability discovery through agnostic support of security tools, improving project management through intuitive evidence capture and report generation, measuring detection and impact through integration with organizational security controls. Ultimately, we are augmenting the required knowledge and skill to empower IT professionals to wield the security expertise they require to defend their organizations.

Our vision is a platform that delivers security assurance and provides the best customer experience. Our philosophy is to play the infinite game through perpetual innovation in service of this vision.