Intruder – Automated Pen Testing for SMEs
I met Chris Wallis last week for a cuppa and to talk shop as we both have been doing start-ups for a while. He’s ahead of me and it’s incredible he pulled it off.
I’ve known Chris since our Deloitte days. I was spending my days analyzing implementations of core banking systems and he was having fun with white-hat hacking / pen testing. But I don’t want to talk about old times. Today and future is much more interesting – and his company intruder is pretty cool.
Chris’s journey has taken quite a few years. He had that idea that pen-testing can be to a large-degree automated. I absolutely agree with that as there are many pen-testers out there who just run a few off-the-shelf tools and write a few paragraphs summarizing the results. If you’re good then you probe these initial results with hand-crafted queries to tell apart false and true positives. (I had no idea you can get PCIDSS audit for $100; if something looks too good to be true it probably is.)
Intruder went through CyLon accelerator in 2015 – in the first cohort. I like CyLon as it has links to Cambridge via Alex van Someren, a guy a hugely admire. Anyway, intruder’s journey seemed to be bumpy for a while. They were however selected for GCHQ accelerator in 2017 and it sounds like good things have been happening since.
Chris takes a pragmatic approach and focuses on SMEs – companies who want to do the right thing but have no experience with cyber security and are also worried about the cost of audits by CREST-certified pen testers. What intruder.io does is regular audits against latest databases of vulnerabilities and threats. You can think about it as an antivirus software for your web servers. Something you should simply have.
I have been looking at various options to enhance our KeyChest monitoring – the core system of KeyChest is not that much about security as about supporting operations and giving managing directors / auditors good information about their internet estate.
While KeyChest will integrate its operational audits with SSLLabs providing deep security audits, I believe there’s a huge scope for integrating different tools to give customers as much information as they may need in one place.
That’s one of the things I wanted to chat with Chris about and I’m excited he had found the idea interesting. We will probably start with something low-tech like discount codes for KeyChest users and if there’s enough interest we will try to figure out something more sophisticated – whether it could be combined PDF reports or some nice online experience.
Either way, I’m looking forward to 2019 and you should go and check intruder.io.
as well as our KeyChest.net 🙂