2. Delve Labs
602-3875 Saint-Urbain
Montréal, (QC) H2W 1V1
1 844 353-3583
info@delvelabs.ca
Get ready for IoT Security right now
with a free trial of Warden:
www.delve-labs.com/trial
3. 1
Introduction
Despite the fact that more and more money is
being poured into IT security tools and products,
no visible improvements have been made on
what that money is being spent on – data leaks
arising from malicious breaches into corporate
networks.
What this reveals is that the current approach to
IT security has reached its limit and that the mar-
ket requires – and demands – a new approach
to this mission critical issue. For any corpora-
tion dealing with sensitive customer data, there
is no alternative, and in reality, ALL companies
deal with sensitive data: employee data, cus-
tomer data, financial data, patient data, etc.
The purpose of this whitepaper is to illuminate
where the problems currently exist and the chal-
lenges that companies face across all indus-
tries. This is a massive issue that, given global
turmoil and unrest, threatens the very core of the
global economy. Without new approaches to IT
security around data, increased investments in
solutions will continue to yield no real solutions
or improvements to current IT security infra-
structures.
Current State of the
Security Industry
In 2015, more than $75 billion USD was spent
on IT security1
. Yet, more than 1 billion personal
records were stolen by malicious attacks on cor-
1 http://www.gartner.com/newsroom/id/3135617
porate networks2
, almost doubling since 2013.
As a result, while most companies have demon-
strated the will to take their data security respon-
sibility seriously by hiring the best security spe-
cialists and using the best products available on
the market and making significant investments
in protecting their network perimeters, databas-
es and critical assets from security attacks, one
thing is abundantly clear:
Current strategies are insufficient
for IoT security.
When analyzed historically, most of the major
corporate data breaches have shown vulnerabil-
ities not on the areas where the most resources
have been deployed, the perimeter and critical
assets, but on the assets where those compa-
nies had deployed little or no resources at all.
These were areas where the ill perception of little
or no risk of penetration existed, creating weak
points in the infrastructure3,4,5
.
The significant investment of time and resourc-
es, typically more than 24 man-hours just to as-
sess vulnerabilities on a single system, is com-
pounded by the need perform a new vulnerability
assessment each time systems change and/or
software is upgraded.
It is generally accepted that there exists a glob-
al shortage of qualified security professionals in
2 http://breachlevelindex.com/pdf/Breach-Level-Index-An-
nual-Report-2014.pdf
3 https://www.treasury.gov/tigta/auditreports/2015re-
ports/201520073fr.html#windows
4 http://www.bloomberg.com/bw/articles/2014-09-12/
home-depot-didnt-encrypt-credit-card-data-former-workers-say
5 http://www.latimes.com/nation/la-na-government-data-
breach-20150616-story.html
4. 2
the industry6
. This has created a situation where,
at best, only 20% of corporate assets are pro-
tected by security tools and experts, leaving sec-
ondary and tertiary systems, the invisible 80%,
exposed to increased vulnerabilities, weakening
the infrastructure as a whole.
“... there exists a global shortage of
qualified security professionals in the
industry.”
So even though the theory on IT security has well
matured, requiring the right governance, engi-
neering and surveillance, the Top 3 requirements
for critical security controls7,8
are often not met.
Companies can hardly do an inventory of all au-
thorized and unauthorized devices and software,
configurations for hardware and software are
6 https://www.cisco.com/web/offer/gist_ty2_asset/Cis-
co_2014_ASR.pdf
7 http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/
SP800-64-Revision2.pdf
8 https://www.sans.org/critical-security-controls
generally not secured on all assets, and contin-
uous vulnerability assessment and remediation
doesn’t scale efficiently as networks evolve to
host an ever-increasing number of IoT devices9
.
Security expertise scarcity and incomplete
asset management limit companies’ ability
to cover their networks, increases the attack
surface and creates a high probability of data
loss over time.
THE COSTS OF DATA BREACHES
CONTINUE TO GROW
It is estimated that every single record lost costs
up to $350 USD, averaging a total cost of $6.5M
USD per single event, with a 23% increase since
2013, and a probability of a data breach involv-
ing more than 10,000 records of almost 1 in 410
.
9 http://www.gartner.com/newsroom/id/3165317
10 http://www-03.ibm.com/security/data-breach/
5. 3
Executives are therefore being held account-
able11
for an uncontrolled IT security environ-
ment and need to find a cost-effective way of
deploying security-specialist-like capabilities
to their entire network.
The Missing Link
Our experience tells us that the only cost effec-
tive solution would be one that could operate au-
tonomously while improving itself over time with
minimal human intervention.
AUTOMATION VS AUTONOMY
Some of the current tools provide security spe-
cialists with forms of automation, but it is import-
ant to discern this from an autonomous solu-
tion. Where an automated system doesn’t make
choices for itself, following a script in which all
possible courses of action have already been
made, requiring human configuration and inter-
vention when it encounters an unplanned-for
situation, an autonomous system does make
choices on its own. It tries to accomplish its
objectives locally, without human intervention,
even when encountering uncertainty or unantic-
ipated events.
Warden is the industry’s first continuous
Smart Vulnerability Assessment Solution: It
provides complete enterprise security for the
IoT through nonstop autonomous pentest.
Building upon existing industry standards, yet
11 http://www.networkworld.com/article/2876191/secu-
rity0/breaches-are-a-personal-nightmare-for-corporate-securi-
ty-pros.html
flexible enough to accommodate in-house tools,
Warden provides a simple to implement solution
that needs neither configuration nor constant
monitoring.
Through its extensive use of Artificial Intelli-
gence, running without human supervision us-
ing deep learning techniques, Warden mimics
security experts’ methodologies, maximizing
path coverage while intelligently eliminating
false positives.
Warden is meant to work 24/7, and will gather
all vulnerabilities, system details, and data it
encounters while performing its work.
All this continuous activity generates a tremen-
dous amount of data that needs to be quickly
computed for decision makers, should vulnera-
bilities be found. This large dataset can easily be
searched and categorized using a flexible tag-
ging and reporting system, giving untrained spe-
cialists an efficient way to extract and correlate
relevant information for the enterprise.
“Warden mimics security experts’
methodologies, maximizing path cover-
age while intelligently eliminating false
positives.”
Using its rapid autodiscovery functionality, War-
den is able to cover assets that had long been
forgotten. In addition, by using modern cloud
technologies it is able to scale to Internet of
Things proportions and ensure that all of this
data extraction still takes seconds.
6. 4
WARDEN COMES WITH AN EXTENSIVE LIST OF FUNCTIONALITIES, FOR BOTH
SECURITY EXPERTS AND EXECUTIVES :
AI-based Smart VA
Designed to run without human super-
vision while reducing false-positives
through the power of deep learning.
Scalable IoT Security
Using modern cloud technologies that al-
lows you to scale your security the way
you scale your network.
Autodiscovery
Quickly discover all the assets on your
network, even those you did not know
were there.
Analytics
Efficiently find and organize an infinite
number of assets, vulnerabilities, and re-
ports.
Executive Dashboard
Understand your security position at a
glance through comprehensive and ac-
tionable intelligence.
Detailed Reports
Get actionable data on what to fix and
where to fix it.
API + SDK
Easily integrate your specific tools and
needs with our detailed API + SDK.
HTML5 UI
Supervise your assets through a modern,
responsive, and touch-ready interface.
Access Control
Manage granular level roles and responsi-
bilities through your multiple teams.
Conclusion
The current security landscape presents critical
challenges for every major corporation. Today,
companies can no longer rely on the same tired
solutions to solve ever-changing problems. By
addressing the situation with a fresh and inno-
vative mindset and focusing on AI-driven auton-
omous solutions, we have proven that it’s possi-
ble to achieve complete asset coverage even in
a context of cybersecurity resource scarcity and
stringent budget constraints.
Just as the automotive industry is starting
to bring autonomous vehicles into their land-
scape, we bring autonomous systems to the
security industry.
7. 5
About Delve Labs
Delve Labs is a Montreal-based company spe-
cializing in autonomous security solutions de-
velopment.
Founded in 2013, the Delve Labs team is com-
posed of experienced security experts in charge
of complex and diverse security environments
including large payment infrastructures, tele-
communications companies and internet ser-
vice providers.
In September 2015, Delve Labs joined the
FounderFuel startup accelerator program, and
subsequently raised considerable investments
in order to continue improving its innovative IoT
Security solution and support its multiple clients.
Meanwhile, the company established strategic
partnerships with local resellers & managed se-
curity services providers, to help the small and
medium-sized business market in securing their
infrastructure. It also forged alliances with expe-
rienced B2B market experts and reinforced its
presence in the U.S. market.
8. 6
Delve Labs
602-3875 Saint-Urbain
Montréal, (QC) H2W 1V1
1 844 353-3583
info@delvelabs.ca
Get ready for IoT Security right now
with a free trial of Warden:
www.delve-labs.com/trial