Bow Sineath, CTO
Comprehensive security assessments are crucial for businesses to reduce risks effectively, and to stay protected. Unfortunately, widely practiced security assessments amount to merely listing out the vulnerabilities and performing security tests solely via automated tools. That’s a job half-done at best. In-depth security assessment entails manual testing, pointing out issues that automated tools can miss, and recommending feasible solutions that address those issues without much cost and process burdens on the IT staff.
However, many times security assessments are closely associated with IT, where skills required to understand risk are often lacking. To further complicate things, the severity scores presented by many security assessment companies are hard to comprehend. In a world where enterprises tend to hasten tasks using automated tools, remediating security issues requires a defense mechanism that is actionable, feasible, and easily applicable to enhance the security posture, without burdening IT teams on the technical or infrastructure fronts—a feat not every company can master.
Enter Alpha Defense!
Founded in 2014, Alpha Defense flips the script in the security assessment landscape by creating customizable, flexible, and practical solutions. The company addresses organization-specific security goals and provides actionable and detailed steps to accomplish them.
To illustrate, Bow Sineath, CTO of Alpha Defense, says, “Each client is unique, and therefore each solution is catered to the distinct needs of their organization. Our services go beyond a simple test or assessment; we understand our customers’ concerns and make them our own. This allows us to provide them a comprehensive information security solution.”
Going against a one-size-fits-all approach, Alpha Defense strives to give its customers comprehensive, value-based services. The company’s sustainable and ‘purely engineering-focused’ solutions include application assessment to provide detailed reports of vulnerabilities in the client’s application or architecture. Being a proactive security assessment company, Alpha Defense is an expert in the field of incident response, penetration testing, and performing security assessments of embedded or IoT devices.
Along with their services, Alpha Defense follows a detailed approach in reviewing their client’s security systems by bringing in the combination of automated tools, and prowess of manual testing, that targets all rooted issues.
Our services go beyond a simple test or assessment; we understand the concerns of our customers and make them our own
“We adopt a ‘source-assisted’, white-box security assessment approach, where the customer provides the source code, which we review as a guide for dynamic testing to expose problems. We also have extensive reverse engineering expertise, so for cases where the source is unavailable, we follow a reverse engineering approach to test the target,” elucidates Bill Terwilliger, the CEO at Alpha Defense.
Unlike other players in the security assessment industry, Alpha Defense conducts detailed analysis for assigning severity scores, and identifying mitigating factors. The information that they provide entails the likes of score, screenshots, lists of vulnerable methods, attack replication information, and more. Additionally, when it comes to core IT architectural issues that are difficult to remediate, the company offers both an ideal best-case remediation alongside recommendations for reducing the severity or likelihood of exploitation. As an assertion to this, Sineath says, “The goal is to identify and reduce real world risk even if the issue cannot be fully remediated.”
Following this approach, the company helped a client in finding vulnerabilities in their device. The client had assembled the best engineers, PhDs, and scientists who worked on the device and claimed it to be ‘un-hackable.’ Alpha Defense compromised their device security, and guided engineers to start thinking about security issues from a different perspective. As a result, the engineers came forward with other ideas on how they could compromise other parts of the system, helping them to improve its security. To this end, Terwilliger says, “The most valuable service we offered was not our recommendations to remediate the vulnerabilities, it was changing their company’s mindset and our effect on their company culture.”
The incident clearly dictates how Alpha Defense works alongside their clients as partners to build trust, and then lead them through the problem-solving process to produce effective solutions.
The company’s inception dates back to when Terwilliger and Sineath met at Raytheon, where they were working on classified security research. What was then only a notion of a purely engineering-focused company is today an established market leader in the security assessment landscape. Continuing to provide engineering-focused and need-driven services, Alpha Defense is planning to increase its staff.
On the technology side, the company is looking to enhance static analysis techniques by deploying new technologies and tools to increase efficiency. This will eventually help the company serve its clients better.