FireCompass – SaaS startup working on automating Red Teaming

CXOToday has engaged in an exclusive interview with Arnab Chattopadhayay, cofounder FireCompass

1. How was the idea of FireCompass born?

From the time we exited our previous startup, iViZ (now part of Synopsys), we noticed some of the big companies getting breached for seemingly easy vulnerabilities. So we started thinking of why such big companies would miss known vulnerabilities and be open to the risk of getting breached. We have noticed two key problems: 1) organizations are not aware of their entire attack surface and you cannot protect what you cannot see and 2) organizations typically test only a subset of their assets that too only quarterly and between the tests if a new vulnerability has come in they are left vulnerable.

That means the organizations are only able to test some of their assets, some of the time, whereas hackers are attacking all assets, all the time. We realized that as an industry we need to have the capability to map our entire external attack surface (including Shadow IT) and have the capability to frequently test them on demand. So we set forth to solve this problem through an innovative approach utilizing the latest development in the field of Artificial Intelligence and launched FireCompass.

2. What is FireCompass doing in terms of eliminating security gaps?

Cyber attackers have an edge because they only have to succeed once whereas defenders need to succeed every time. FireCompass  Automated Red Teaming & Penetration Testing is an emerging new platform which can be a game-changer in solving the problem.

FireCompass addresses this issue by focusing on three dimensions (3Ds) of the problem: Breadth, Depth, and Continuity. The FireCompass platform is built on capabilities to address the above-mentioned 3 dimensions.

The breadth capabilities provide the coverage i.e. discovery of all internet-exposed digital assets. This includes domain records, IP, network CIDRs, exposed network services, web applications, leaked credentials, leaked codes, open cloud buckets and more.

The depth capabilities provide in-depth testing of the attack surface. The user has the option to select the critical elements of the attack surface or all depending on its need and the constraints of the environment under which the target systems are operating.

The continuity capabilities provide continuous discovery of assets, the discovery of risks, and continuous probe/attack on the attack surface.

FireCompass platform provides the capability to discover Day-1 vulnerabilities in an organization’s attack surface which allows the organization to respond to new threats in near real-time.

FireCompass continuous attack allows continuous penetration testing of external attack surfaces which helps to prioritize and remediate, thereby, managing the risks in a timely manner. The platform provides capabilities to actually launch attacks on the organization’s external attack surface. It provides Playbooks for the tasks which package tools, workflow and analysis engine and a user interface that allows a user to schedule and/or launch from the FireCompass portal.  The platform comes with pre-built playbooks that include the most important attack vectors widely used by adversaries to attack organizations (e.g. credential stuffing, exposed critical and sensitive services). The platform also comes with prepackaged Playbooks for hunting Ransomware susceptibility. For ransomware susceptibility check, the platform looks for the existence of key indicators (e.g. presence/absence of certain security controls, vulnerability etc.) that are generally part of TTP of the ransomware group.

3. How has the brand grown over the years?

Today we are recognized over 20+ reports by Gartner, IDC and Forrester including 3 Gartner Hype Cycles. We are a leader in GigaOMs Radar report and chosen as part of the RSA 365 Sandbox Innovation Showcase.

4. Any milestones post pandemic?

Some of the key milestones that FireCompass was able to achieve are:

• Raised the next round of funding, well known silicon valley VCs funded the round.
• Release of two differentiating features: event center and risk center. The former provides near real-time visibility of security events that are discovered by the platform and provides functions for lifecycle management. It also automatically applies rules and AI based selection to promote an event to a risk. The user gets a view of qualified risks in the risk center. The risk center allows users to view, close, annotate and prioritize risk which can flow into the organization’s remediation workflow.
• Released feature targeted for telecom service providers IP asset discovery and automated tagger for its infrastructure IPs.

5. How does FireCompass eliminate the need for multiple tools and significant manual effort while providing continuous and proactive security.

FireCompass platform is composed of capabilities that are targeted to achieve objectives that are part of any penetration testing exercise. The Choreography layer ensures the smooth cooperation of various capabilities to achieve the targeted goal of the exercise. The platform has a tool adaptation layer which integrates the suites of tools (open source, licensed and proprietary). The layer provides an interface to other components of the system making a tool’s adaption easy.  FireCompass continuously researches and upgrades/add/modify tools. An organization that subscribes to FireCompass SaaS, can eliminate tools for external attack surface management since they are built-in to the platform. For deeper web application scanning and any other tool for internal attack surface management, organizations can continue existing security tools and other tools specialized for a purpose.

6. What are some of the benefits of FireCompass for its users?

• FireCompass provides comprehensive visibility into an organization’s attack surface, including internet-facing assets, shadow IT exposed services and potential vulnerabilities.
• Fully SaaS, nothing to install, no agent required.
• The organization can start assessment by providing just the primary domain name of the organization.
• The platform proactively identifies and mitigates security risks, reducing the likelihood of successful attack, resulting in a clear understanding of the attack surface and the associated risks. This enables organizations to prioritize their security efforts and allocate resources effectively, focusing on the most critical vulnerabilities and exposures.
• Attackers are attacking us continuously and organizations too need to shift to more frequent testing. With FireCompass continuous and automated testing organizations can achieve better coverage (breadth and depth) due to a combination of both automation and expert involvement.
• FireCompass platform can emulate specific threat actors like nation-state actors, and ransomware actors in a regular and up-to-date manner. It provides automated security testing to free up the security team’s bandwidth for more complex activities while being cost-effective compared to the traditional consultant-driven approach

7. What are the current cybersecurity challenges in the tech industry?

• Partial visibility of an ever-growing attack surface: Organizations must address potential vulnerabilities in cloud infrastructure, data storage, and access control. Misconfigurations, inadequate authentication mechanisms, and insecure APIs are some of the common issues that can lead to data breaches or unauthorized access.
• Organizations with mature security practices getting hacked: The hackers are not targeting the crown jewel directly any more. They are targeting peripheral systems exposed to the internet i.e. the external attack surface to get initial access and establish a foothold and then laterally moved to internal systems. Also, use of test data that includes information that are reused in production are used by the attackers to get initial access.
• Proliferation of Shadow IT: Increased use of virtualization allows proliferation of shadow IT infrastructure which are not created under controlled security governance resulting in exposure of security vulnerabilities to the internet.
• Infrequent security testing leaving a large window of opportunity for adversaries: The increasing complexity and scale of technology environments made it mandatory for more frequent testing resulting in automated penetration testing starting to gain traction. Automated tools can help organizations simulate attacks, identify vulnerabilities, and generate reports with minimal human intervention.
• Skill Shortage and Security Awareness: Organizations struggle to find and retain qualified personnel to effectively manage their security posture. Making it very important to use automation wherever possible.