“Attacking an SMB provides a double bounty for attackers. They can not only steal the SMBs data and sell it in the dark web while also demanding a ransomware bounty, but also use the data to next break into a larger organization that the SMB is a supplier to. SMBs have limited resources and knowledge about cybersecurity, so they are the most vulnerable and weakest link in the chain. This is why CyberCatch is focused on serving SMBs,” says Sai Huda, Founder, Chairman and CEO, CyberCatch.
CyberCatch, an innovative cybersecurity software-as-a-service (SaaS) solution provider has formulated a unique approach to solving the challenge for SMBs. The company is nipping the issue from the bud by targeting the real reason for data theft and ransomware attacks.
CyberCatch’s patented cloud native platform identifies ‘security holes’ caused by missing or ineffective cybersecurity controls. SMBs are unaware of the holes, but cybercriminals find and exploit them to break in and steal data or install ransomware.
“With our platform’s three dimension automated controls testing and our virtual CISO experts, we help SMBs detect security holes and promptly eliminate to thwart threat actors,” says Huda.
Test. Fix. Secure.
The first step in CyberCatch’s in-depth cybersecurity process is capturing the attack surface visually with a topology m and benchmarking a customer’s existing cybersecurity controls using a proprietary tool, CyberBenchmark, against current standards or regulations to identify the gaps that attackers commonly exploit. Then, with its cloud-native solution, the company helps organizations eliminate those gaps by implementing all the necessary controls.
Upholding its motto of “Test. Fix. Secure.” CyberCatch follows up with automated, continuous controls testing. The cloud-native platform performs three types of testing; outside in, inside-out, and social engineering.
For the outside-in testing, CyberCatch has a tool called CyberXRay that actively scans any internet-facing elements such as a website, web server, or web application. It looks for vulnerabilities, including those listed in the Open Web Application Security Project’s Top Ten vulnerabilities that many organizations are unaware of. CyberCatch alerts the organization about the vulnerabilities present in their network, scores them, and uses its expertise to guide the organization to fix them.
The next tool in CyberCatch's platform, CyberCheck24/7, identifies cyber vulnerabilities from the inside out. A lightweight agent that can be downloaded by the client in just 30 seconds, CyberCheck24/7 is installed on any endpoint, such as a web server. The agent then goes around the network unobtrusively hunting for broken or missing controls and testing for effectiveness of controls.
For instance, in a server with a database, CyberCheck24/7 seeks out the controls that are in place for the web server.
After fixing the controls, the tests are rerun to ensure control integrity. CyberCatch continues the inside-out testing, running various tactics, techniques, and procedures that are normally used by attackers. It is an automated, continuous penetration testing (pen testing) that is also tied to cybersecurity compliance mandates.
The final component of the platform is CyberPhisher, which targets a critical aspect of cybersecurity breach – the human element. As a part of CyberCatch’s security remediation process, CyberPhisher automatically sends phishing emails to try and trick the customer’s employees. One of the ways attackers break in is when an employee clicks on a link or downloads an attachment. CyberCatch can also coach employees on how to identify phishing and report it.
Following the extensive testing procedures, CyberCatch combines the results to produce what it calls a Cyber Breach Score, a patented score that indicates the effectiveness of the customer’s controls. Offering a true view of cyber risk posture, the score informs clients of how susceptible they are to an actual breach because of noncompliant and missing, broken or ineffective controls. The score is dynamic and can change daily, weekly, biweekly, monthly or quarterly depending on the frequency of testing that the customer selects.
With the motto of “Test. Fix. Secure.” CyberCatch provides an automated, continuous controls testing on its cloud-native platform through three dimensions: outside-in, inside out, and social engineering
While assessing the effectiveness of the controls, CyberCatch also calculates a patented Cyber Hygiene Score, which is a measure of the true compliance level of the controls that were implemented. This patented score helps companies identify any existing gap in their controls, helping them remediate promptly and ensure that they are fully compliant.
CyberCatch’s cybersecurity platform is entirely cloud-based and easy to activate, taking just a few minutes to configure. Built to be simple, yet powerful, CyberCatch’s security solution includes a visually pleasing dashboard that helps users monitor the effectiveness of their security controls through red, yellow, or green zones, with their Cyber Hygiene Score and Cyber Breach Score displayed. The visual panel provides detailed information related to every feature in a separate window.
CyberCatch’s automated, continuous, and compliant security solution has a simple annual subscription fee, allowing customers to budget based on the size of their organization.
Exercising Cyber Vigilance
CyberCatch wants organizations to be resilient in their cyber defenses and remain constantly mindful of their security posture. The company releases a Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR) every quarter, after scanning thousands of internet-facing assets of SMBs. In the most recent scan, CyberCatch identified that eight out of 10 SMBs have internet-facing assets that are widely exposed and that attackers can exploit within seconds. Most of these companies, however, fail to realize the extent of their cyber risk exposure. CyberCatch helps them identify these vulnerabilities and guides them to eliminate their security holes with its three-dimensional testing.
The customer entrusted CyberCatch to fill their knowledge gaps about the control requirements that they had to implement. With its innovative cybersecurity solution, CyberCatch helped the customer implement all 110 controls. Being fully compliant with government-mandated controls enabled the customer to win new contracts. The company’s automated testing continues to ensure that the customer remains compliant, which is one of the requirements of NIST 800-171.
In another instance, one of CyberCatch's customer in Canada, a manufacturer, needed to not only beef up cybersecurity but also comply with both NIST 800-171 and CAN/CIOSC 104, Canada’s new cybersecurity standard, but wasn’t sure if they were fully compliant after doing their own assessment and implementation of controls. The CyberCatch team, with its SaaS platform, helped the client benchmark and identify numerous missing controls. In addition to helping the client become fully compliant with both U.S. and Canada requirements, CyberCatch’s continuous, dynamic automated testing is keeping the customer compliant and more secure from threat actors.
“CyberCatch solves the root cause of data breaches by first helping implement all necessary cybersecurity controls, then automatically and continuously tests the controls to detect and eliminate security holes so attackers cannot exploit”
CyberCatch’s platform helps organizations comply with a variety of cybersecurity requirements ranging from NIST 800- 171, NIST 800-53, CMMC, PCI, HIPAA, Zero Trust, CAN/ CIOSC 104, ENISA NIS Directive, among others, all of which require the implementation of controls and testing to ensure continuous compliance. The U.S. government is now requiring federal agencies and contractors to fully comply with Zero Trust within next two years. Similarly, Canada has set the CAN/CIOSC 104 as a new standard for SMBs prescribing 55 cybersecurity controls.
Canada’s governing body authorized to issue national standards, the CIO Strategy Council, is endorsing CyberCatch’s innovative cybersecurity platform to help organizations quickly become compliant. Canada is also pushing for a bill, C-26, which allows for fines for non-compliance with cyber security requirements.
“For too long, it has been the norm that cybersecurity is for an organization alone to figure out what they should have in place. This has led to the problem, security holes from ineffective controls that attackers find and exploit, because there are no mandates on what controls one must have in place minimally. However, this is changing, and change is coming fast. In Canada, I had the honor and privilege to help author the new cybersecurity standard, CAN/CIOSC 104,” says Huda.
“In the U.S., the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) will be issuing the Zero Trust maturity Model soon for federal agencies, federal contractors and supply chain to comply with. CyberCatch’s solution enables continuous compliance with Zero Trust and we see this becoming the law of the land in the near future in the U.S.,” says Huda.
Amid this global shift from voluntary compliance to mandatory compliance, CyberCatch is accumulating a record of successes for SMBs. The company also offers its cybersecurity SaaS solution to not-for-profit organizations and those with valuable data that are potential targets.
As an organization dedicated to helping SMBs achieve both compliance and security, CyberCatch is truly making a difference with an innovative solution in the dynamic cybersecurity space.