RedWolf Security

By Craig Hayashi in Portfolio companieson October 29th, 2006Comments Off

In late 2005, John and Paul Sop were walking the RSA security conference floor, when a sweeping realization hit us: despite massive investments in security infrastructures, few organizations were confident that their overall security systems and programs could actually protect them against today’s real threats

Our first prototype was developed in 2006; it was used to test the security of a large number of internal and external organizations. The prototype simulated many types of security policy violations, many of the simplest kind. The results we found were shocking – of the 25 critical networks we tested, all but two were blind to even gross security violations that occurred from the inside. Despite spending millions on security infrastructures, these organizations were not properly protected. Even more of a surprise was that the vast majority of violations were easy and inexpensive to fix. All that was needed, was knowing what to block

The results sparked a research project that stretched for two years, finding out exactly how today’s security infrastructures fared when presented with inside-out threats. Or focus was on understanding how they ‘failed’, and on discovering innovative ways to mitigate these threats cost-effectively. When we decided to begin commercialization, our goals were simple:

◦Create a product that lets you truly prove your security effectiveness
◦Make it easy to use (no reason for it to be low-level or l/hard)
◦Produce GREAT reports (we hired a small army of CISA, CISM, CISSP’s, to load it with recommendations & research)
◦Simulate today’s real threats on your own networks safely (we modeled real behaviors and simulate convincing confidential data)<
Most importantly, we wanted the product to raise the bar in security testing from ‘element based security’, using tools like VA Scanners, or Pen-Test, where the object is determining ‘how secure an IP address is’, to system-effectiveness testing, where it is ‘THREAT vs. the SYSTEM’. Everyone’s security systems are different, but the threats are the same.

Enter 2008, and our first commercial release. We hope you appreciate our vision, and the spirit behind the product, and find the product enjoyable to use and useful in your security assessment efforts.

Share and Enjoy:
  • Twitter
  • Facebook
  • Digg
  • del.icio.us
  • Print
  • email
  • RSS
  • StumbleUpon
  • Reddit
  • Technorati
  • Mixx
  • LinkedIn
  • Yahoo! Buzz
  • MySpace
Comments are closed.