To Catch a Criminal, You Have to Think Like a Criminal
As we all know, more and more people are becoming aware of the importance of network and IT security, which unfortunately is a result of the increasing amount of security and data breach in the headline news. The target might be GoDaddy today and Nintendo and Zoom tomorrow but someday it might be some of you. With more and more regulations and laws of data privacy like GDPR and CCPA, more pressures are put on the corporations to find out why their million-dollar defense systems cannot prevent data breach.
The founders of Ridge Security have been working in the network security industry for over 20 years and have successfully built billion-dollar security companies and innovative security defense products, but the harsh reality is that attackers can still think faster than us. We have to re-think from a different perspective and come up with a totally new approach. From this ideology stem Ridge Security. To better protect ourselves, we must better understand how our enemies – the hackers – work.
A major reason behind what makes defense so difficult is the discrepancy between the mindset of the defenders (us) and that of the hackers.
We as the defenders often try to solve the security problems by investing large amount of money and time into advancing our defense technology, pumping out innovations such as next generation firewall, server breach detection systems etc., and try our hardest to cover all corner cases with big investment.
But the hackers don’t really follow our playbook. No matter how well-defended a system is, it could never be perfect. All the hackers need is one possible vulnerability, and with automated tools, which are considerably cheaper than most of the defense technology, and knowledge on common hacking tricks such as injection, they could find such vulnerability without much effort.
To catch a criminal, we must think like a criminal, so adjusting our mindset to that of a hacker is an important first step.
Let’s us quickly review again how RidgeBot works.
RidgeBot provides continuous security validation services.
It is very easy to deploy the RidgeBot, as either an appliance or a virtual machine in the enterprise’s network. To start, you do not need to install any agents. Simply connect to the network and configure the proper IP addresses. It is plug and play, and only takes less than a minute to start a task from the intuitive web GUI.
After the task starts, all the penetration testing, including asset scanning, attack surface discovering, vulnerability scanning, and most importantly automated exploit and post exploit are performed automatically by the AI. RidgeBot has extensive attack knowledge built-in and keeps upgrading, It assists security testers in overcoming knowledge and experience limitations and always performs at a top-level.
After the task finishes, the RidgeBot provides comprehensive information in the web GUI and generate extensive report. This shift from manual-based, labor-intensive testing to machine-assisted automation alleviates the current severe shortage of security professionals. It allows human security experts to let go of daily labor-intensive work and devote more energy to the research of new threats and new technologies.
With RidgeBot, we could save our customers days, even weeks of manual labor within minutes.