Australian IT security consultancy Threat Intelligence's goal is "to disrupt the security industry," managing director Ty Miller told iTWire.
Large enterprises have been able to spend millions of dollars on securing their systems with firewalls, intrusion prevention systems and so on, but other organisations have lagged behind.
Consequently, attackers turned their attention to smaller organisations that could act as stepping stones to the real targets.
What was needed, Miller said, was a security system that was affordable for everything from small businesses to enterprises.
Hence the company's Evolve service, which automates five top security issues – compromised accounts, penetration testing, incident response, security infrastructure orchestration and cyber threat intelligence – and is offered on a subscription basis with usage-based pricing.
Evolve, said to be the world's first dedicated security automation cloud, reduces security risks and cuts security costs by up to 95%, the company claims.
"We have launched Evolve to help individuals and enterprise respond to the global issue of escalating threats and attacks by parties with unlimited capabilities and funds. Traditional security operations are no longer effective and Evolve is designed to address the current gap in automated security offerings," said Miller.
"Evolve also has a unique capability to orchestrate whole environments on the fly, making it easier to respond to rapidly evolving security needs. Our goal is to make automating security operations easy and only pay for what you need, when you need it. We are able to reduce security costs by up to 95% for a broad range of clients."
Checking for compromised accounts is a good starting point. Apart from the possibility of corporate data being stored in an external service, there may be a pattern to an individual's passwords – or worse still, password reuse – that could allow access to internal systems.
"Compromised accounts are the number one way most organisations are breached. Our automated compromised account monitoring is the most comprehensive and up to date solution to have your business stay on top of this ongoing issue," said Miller.
Without automation, staying up to date is challenging. 150 million compromised accounts were added to the list in the last three weeks, he noted.
Clients start by registering their Evolve account free of charge, and then select the tools they need from the marketplace, paying only for what they use and when they use it. For example, some organisations might use compromised account monitoring on a continuous basis, while others on tight budgets might use it a few times a year to allow the expenditure to be redirected to other aspects of security.
Traditional approaches mean it typically takes three to six months to plan and implement security controls, Miller told iTWire, but the Evolve marketplace makes it possible to build cloud-based security infrastructure in 10-15 minutes. This costs less and allows organisations to start automatically detecting problems sooner.
Usually, a small security budget means a small team with no deep technical experience, he said. "They're just there to fight fires."
So Evolve automates detection and response, Miller explained. For example, when malware is detected the system collects the evidence, analyses it, and determines suitable actions such as shutting down the affected machine and scanning the rest of the environment for the same attack. Evolve includes a mechanism for getting human authorisation via Slack or other channels before taking automated actions.
Penetration testing is normally an expensive activity, so it is rarely performed every time changes are made to systems. Evolve's automated approach is priced so organisations can test across as many IP addresses as they wish, he said. Furthermore, the recommendations made are prioritised according to the likelihood of an attack.
"It gets very technical," he said, but reports and executive summaries can be generated easily.
A one month subscription for Evolve penetration testing costs between 5% and 10% of a single traditional test, said Miller, so it can be used on an ongoing basis. It is important to test regularly, as new vulnerabilities keep appearing and Evolve uses the latest exploits in every test, Miller explained.
"Previously we scheduled annual security reviews to help contribute to our check of what was happening in the business. However, that only gave us a point in time perspective. Even if we were secure everyone understands that changes happen quickly in relation to IT security," said the CTO of a professional services organisation that uses Evolve automated compromised account monitoring, automated external infrastructure penetration testing and automated internal infrastructure penetration testing.
"The benefit of Evolve and incorporating an automated security platform into our business means instead of annual penetration tests, we are conducting weekly penetration tests. It's easier to stay on top of our security requirements and not only do we understand our security posture, Evolve is providing further automated actions based on these results. It's a key step in the constant improvement of the IT security for the organisation."
A 30-day free trial of Evolve automated compromised account monitoring is currently available.