Safety Detective’s Aviva Zacks sat down with Ilia Kolochenko, CEO and Founder of ImmuniWeb, and asked him about his company’s AI platform.
Safety Detective: What got you interested in cybersecurity?
Ilia Kolochenko: I got my first cybersecurity job when I was 17 and have been in the sector ever since. First, it was a hobby, then it became a job. Today it is a passion.
SD: Can you tell me about the ImmuniWeb AI platform and all the four different aspects of it?
IK: At ImmuniWeb, we offer all-inclusive application security testing services. We provide our customers with the most comprehensive portfolio of products they need to keep their applications secure and compliant. We offer services such as Attack Surface Monitoring (part of ImmuniWeb Discovery) where if you simply provide your company name, we can identify its exposure on the internet: how many servers, websites, APIs, mobile applications, code repositories, CDNs, and public clouds you have exposed. Likewise, it will provide you with a helicopter view of your exposure and that of some of your suppliers on the Dark Web, so you can have the most comprehensive, consolidated dashboard to properly understand and prioritize your cyber and digital risks.
Practically speaking, ImmuniWeb serves an extremely important purpose in 2020, to enable you to make informed, consistent core decisions about your application security. What we are seeing is that many organizations, especially those that are medium and large-sized, struggle to prioritize resources, which at the end of the day cause many challenges—if you miss something, you cannot protect it. Just one vulnerable application can easily undermine the efforts you take to safeguard your organization’s data. So, we try to provide our customers with the most efficient and effective application security and compliance services.
Our three other products—ImmuniWeb On-Demand, ImmuniWeb MobileSuite, and ImmuniWeb Continuous—provide application penetration testing.
- ImmuniWeb On-Demand is a one-time web application or API penetration test, with a zero false-positives SLA, unlimited patch verifications, and a full-stack DevSecOps integration.
- ImmuniWeb MobileSuite is similar to On-Demand but for mobile apps and their endpoint APIs.
- ImmuniWeb Continuous monitors your applications 24/7 and detects new or modified code. As soon as we see even a minor change that can affect the security or integrity of your application, we will immediately test it, providing our clientele with a cost-efficient, scalable and just-in-time penetration testing
SD: What kind of companies use your technology?
IK: We provide our services mostly to regulated sectors such as banking, healthcare, government, and e-commerce. Recently we’ve had an influx of new customers from different industries amid COVID-19. Many traditional businesses are trying to shift their operations and workflow online. We’re here to help them with this and to provide them with exactly what they’re looking for without selling them an overlapping, superfluous, unsuitable solution. We will be able to properly illuminate and prioritize their cyber risks and threats, so they can create a well-informed, up-to-date, and efficient application security strategy.
SD: What do you feel is the worst cyberthreat out there today?
IK: I think that the most challenging issue we have these days is a lack of visibility, where people don’t know how many digital assets and related cybersecurity threats they have. Whether it’s a web application; a server exposed to the internet; a VPN server enabling their employees to work from home; a third-party company that has access to their data and, therefore, stores and processes their data; or public cloud storage.
IT infrastructure is becoming so complicated, so intertwined, so convoluted that it’s almost impossible to ensure visibility as to who has access to your data or why and how they’re processing this data. At the same time, it’s one of the most essential baseline requirements of many regulations including GDPR, California Consumer Privacy Act, and many others.
Practically speaking, organizations of all sizes are now struggling to ensure holistic visibility, while the majority of data breaches, data leaks, and intrusions stem from incomplete visibility and a clouded view of the cyber risks.
Zero-day vulnerabilities, like advanced persistent threats and nation-state hackers, are often presented high on the media agenda. I believe these risks are frequently exaggerated simply because today zero-day exploits may cost millions of dollars, making their acquisition and usage only relevant to a few buyers. While you will almost inevitably detect some abandoned and vulnerable IT assets that are publicly exposed to the internet, being an open door to your crown jewels.
SD: How do you think the pandemic is going to change cybersecurity for the future?
IK: I think people will have to invest considerably more into cybersecurity given that many processes will move online. However, people will likely start investing thoughtfully and will make well-informed decisions, without pouring money down the drain. Prior to COVID-19, we observed many organizations spending on overlapping solutions and services. COVID-19 will probably be a compelling reason you need to wisely optimize your spending to cut redundant costs and to make sure that every dollar you invest in cybersecurity is effectively spent.