Eoin Keary Director, Founder & CEOFor Eoin Keary, CEO of edgescan, the vulnerability management industry was practically “broken” during his time as a global board member of The Open Web Application Security Project (OWASP.org). The scenario was nothing short of “frustrating” for Keary—a celebrated software security professional in the industry— as newer waves of attacks made headlines every day. Taking stock of the situation, he laid the cornerstone for edgescan in 2013, in an attempt to address the primary challenge, which was cybersecurity skills shortage, scalability, and accuracy of technical security assessment technologies. edgescan has successfully emerged as an end-to-end managed cybersecurity SaaS provider to help businesses detect vulnerabilities in systems in real time, by employing a “full-stack vulnerability management” strategy. Eoin Keary concurs and substantiates this point, “we continuously detect and validate vulnerabilities, and so what we do is akin to vulnerability intelligence.”
In addition to skill shortages, Keary explains that lack of enterprise security intelligence and visibility, and a need to adhere to compliance mandates like the GDPR are a few of the common client demands. The answer to these trigger points is made clear by edgescan. Through their SaaS, they supply customers with a virtual penetration testing team who provide support, retesting, and verification of vulnerabilities on demand. As for the demand for intelligence, edgescan’s Vulnerability Intelligence (VI) portal, a highly scalable solution, helps clients detect vulnerabilities and maintain visibility dynamically. Through a smart alert system, edgescan can also notify owners in the event of significant issues occurring.
Keary says that there are two components that form the crux of VI, one is accurate detection of issues and the other is verification of mitigation. Clients can visualize the details of the discovered weakness, including the root cause of the exposure, the actual location of the risk and the impact of that vulnerability. Based on the information, companies can measure metrics like patch-turnaround, high-risk response, network issue management, and compare host-patching with web app issue detection. “Such metrics drive change for our clients”, says Keary
We continuously detect and validate vulnerabilities, and so what we do is akin to vulnerability intelligence
Being a cloud-based SaaS, edgescan has a simple on-boarding and deployment model; for simpler systems like brochureware applications, they offer “edgescan-Essentials;” while for critical systems, they recommend “edgescan- Advanced,” for delivering a deeper level of assessment. There is also the edgescan “Host & Server,” which detects security issues that pertain to patching and configuration in infrastructure.
Incorporating edgescan’s solution was a client involved in the online gaming and media industry. They were running roughly 100 web applications with about 50,000 endpoints distributed across the cloud and physical data centers. Systems changed rapidly over time, and the client was a moving target in terms of security. When edgescan came aboard, they began with assessing the client’s web and infrastructure, where they quickly discovered numerous security issues. edgescan also deployed an API that the client integrated with their infrastructure and as their systems were deployed, the API was able to update edgescan on the changes in its list of live systems at any point in time. All of the discovered issues are validated by security experts resulting in false-positive-free vulnerability intelligence.
edgescan integrates with web application firewalls to generate fixes automatically, enabling clients to fix vulnerabilities directly via their portal. The need for a service like edgescan to maintain compliance established their solid presence in the Europe and more recently, edgescan has begun to expand rapidly in the U.S. It is their clarity in vision, an exclusive focus on managed services, and a dedicated design that has driven edgescan into becoming the industry leader.