Security Market Segment LS
Sunday, 23 September 2018 23:43

Aura brings security-with-a-service to Australia

By

Security solutions firm Aura Information Security says its RedShield product is worthy of a new acronym, SwaS, and that it would have protected American credit information provider Equifax if they had it in place.

Michael Warnock, Aura Information Security's Australia country manager, said Aura started up in New Zealand in 2006 primarily servicing the country's government, before being acquired by Kordia to provide cybersecurity services to enterprise and government. The company began an Australian expansion two years ago.

Aura positions itself as a cyber advisory and assurance business, focusing on the mid-market – organisations of 20 to 200 employees. Warnock says the company can service organisations of other sizes but finds the mid-market is digitally transforming and engaging in cybersecurity conversations, while the "top end of town is quite mature, either they do cyber-security in-house or with partners already."

"Aura is having great conversations," he says, finding companies in this space haven't typically thought much about cyber security but are becoming more aware of their need to be through legislation like Europe's GDPR and Australia's mandatory data breach reporting.

However, while Aura performs advisory and assurance, as well as a gamification-style security training tool named CyberWise, RedShield is what it sees as its biggest distinctive advantage over competitors.

Aura's original chief executive, Andy Prow, stepped out and created the RedShield product after the Kordia acquisition, which is exclusively distributed throughout ANZ through Aura.

Warnock explains, "Andy was doing penetration testing for government and would find he was giving the same report every six months. The needle wasn't moving on vulnerabilities. More and more work was performed online, more applications were being introduced, and the vulnerability list kept growing."

Prow thought there had to be a smarter way to help manage vulnerabilities, and created RedShield, essentially a bundle of existing security products that are delivered through a single managed service. This service sits between a user and a vulnerable Web application and API. Inside the routing between these, whether in the cloud or on-premise, RedShield has thousands of rules relating to the applications it has been assigned to protect, applying virtual patches on-the-fly.

What this means in practice is a Web application may have known vulnerabilities, but with RedShield sitting in the middle, the end user — or hacker — is presented with a version that does not have those vulnerabilities. Ultimately, it is best for the organisation to patch its application, but if it is unable to do so for whatever reason — compatibility problems, testing constraints, and so on — RedShield "will guarantee 100% mitigation against a known vulnerability", Warnock claims.

Australian customers include the Commonwealth Bank Health Services, StarTrack Express, and Australia Post. "Running with it provides them a mechanism to protect vulnerable critical customer-facing Web apps currently exposed to a cyber attack," Warnock says. "Nobody else is doing delivering a service like this."

This service, Warnock says, is "security with a service" — or SwaS — representing the product's continual research and development into new vulnerabilities.

"Customers should focus on fixing vulnerable applications and treat RedShield as a temporary fix, but it does allow companies to mitigate before they remediate," Warnock says.

The massive Equifax data breach in 2017 resulted from a vulnerability in Apache Struts. Equifax suffered from an archaic change management control adding 100 days to its patching process. By comparison, "RedShield customers were all shielded within a day of the patch [being] available", Warnock says.

Aura is currently talking to the Australian market through approaching businesses and through channels. "We are also about to announce a large association with a carrier, who will embed RedShield into their managed application security product," Warnock says.

The decision to adopt a security solution is not the domain of the IT department alone. "The boards need to be actively involved," Warnock says. "Security touches every part of the business. There is a fiduciary duty to be involved – mandatory breach reporting legislation means the board are wedded to the process and have skin in the game."

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments