Security Market Segment LS
Sunday, 23 September 2018 23:43

Aura brings security-with-a-service to Australia


Security solutions firm Aura Information Security says its RedShield product is worthy of a new acronym, SwaS, and that it would have protected American credit information provider Equifax if they had it in place.

Michael Warnock, Aura Information Security's Australia country manager, said Aura started up in New Zealand in 2006 primarily servicing the country's government, before being acquired by Kordia to provide cybersecurity services to enterprise and government. The company began an Australian expansion two years ago.

Aura positions itself as a cyber advisory and assurance business, focusing on the mid-market – organisations of 20 to 200 employees. Warnock says the company can service organisations of other sizes but finds the mid-market is digitally transforming and engaging in cybersecurity conversations, while the "top end of town is quite mature, either they do cyber-security in-house or with partners already."

"Aura is having great conversations," he says, finding companies in this space haven't typically thought much about cyber security but are becoming more aware of their need to be through legislation like Europe's GDPR and Australia's mandatory data breach reporting.

However, while Aura performs advisory and assurance, as well as a gamification-style security training tool named CyberWise, RedShield is what it sees as its biggest distinctive advantage over competitors.

Aura's original chief executive, Andy Prow, stepped out and created the RedShield product after the Kordia acquisition, which is exclusively distributed throughout ANZ through Aura.

Warnock explains, "Andy was doing penetration testing for government and would find he was giving the same report every six months. The needle wasn't moving on vulnerabilities. More and more work was performed online, more applications were being introduced, and the vulnerability list kept growing."

Prow thought there had to be a smarter way to help manage vulnerabilities, and created RedShield, essentially a bundle of existing security products that are delivered through a single managed service. This service sits between a user and a vulnerable Web application and API. Inside the routing between these, whether in the cloud or on-premise, RedShield has thousands of rules relating to the applications it has been assigned to protect, applying virtual patches on-the-fly.

What this means in practice is a Web application may have known vulnerabilities, but with RedShield sitting in the middle, the end user — or hacker — is presented with a version that does not have those vulnerabilities. Ultimately, it is best for the organisation to patch its application, but if it is unable to do so for whatever reason — compatibility problems, testing constraints, and so on — RedShield "will guarantee 100% mitigation against a known vulnerability", Warnock claims.

Australian customers include the Commonwealth Bank Health Services, StarTrack Express, and Australia Post. "Running with it provides them a mechanism to protect vulnerable critical customer-facing Web apps currently exposed to a cyber attack," Warnock says. "Nobody else is doing delivering a service like this."

This service, Warnock says, is "security with a service" — or SwaS — representing the product's continual research and development into new vulnerabilities.

"Customers should focus on fixing vulnerable applications and treat RedShield as a temporary fix, but it does allow companies to mitigate before they remediate," Warnock says.

The massive Equifax data breach in 2017 resulted from a vulnerability in Apache Struts. Equifax suffered from an archaic change management control adding 100 days to its patching process. By comparison, "RedShield customers were all shielded within a day of the patch [being] available", Warnock says.

Aura is currently talking to the Australian market through approaching businesses and through channels. "We are also about to announce a large association with a carrier, who will embed RedShield into their managed application security product," Warnock says.

The decision to adopt a security solution is not the domain of the IT department alone. "The boards need to be actively involved," Warnock says. "Security touches every part of the business. There is a fiduciary duty to be involved – mandatory breach reporting legislation means the board are wedded to the process and have skin in the game."


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.



Recent Comments