Posted on

watchTowr can tell an organisation in real time if it can get compromised

watchTowr Founder and CEO Benjamin Harris

His parents wanted him to be a professional cellist, but Benjamin Harris was more of a computer geek. Harris, who touched his first computer at the age of 7, built a small web hosting company at 12. Five years later, impressed by his hacking skills, Portcullis Computer Security (acquired by Cisco) offered him a job.

“I spent two and a half years at Portcullis. In all, I spent more than a decade at consulting firms in the UK, Europe, and Asia simulating sophisticated cyber attacks for organisations. Over the last decade, the time taken to exploit a new vulnerability has reduced from weeks to hours,” said Harris, a British national. “However, I felt there must still be a better way for organisations to look at their attack surface with the same speed, agility, and aggression as real-life adversaries. watchTowr was established with this objective in mind.”

Launched in August 2021, watchTowr is a cybersecurity startup that helps organisations understand and identify high-impact weaknesses in their cybersecurity defences.

In February this year, the company bagged a US$2.25 million seed funding from Paul Allen’s Vulcan Capital and Wavemaker Partners.

In this interview with e27, Founder and CEO Harris spoke about the company and shared insights into the overall cybersecurity market.

Excerpts:

Why is it important that today, chief information security offices (CISOs) understand their susceptibility to the emerging weaknesses in hours, not weeks?

Hackers were much faster at exploiting software bugs in 2021, with the average time taken to exploitation going down from 42 days in 2020 to just 12 days. watchTowr combines world-class technology with years of offensive security experience to continuously identify high-impact vulnerabilities in an organisation’s attack surface.

We analyse organisations and discover vulnerabilities in real-time, so what used to take weeks, now happens in hours.  watchTowr offers a data-driven approach that seamlessly makes the technology for attack surface testing extremely scalable and increases efficiency. It also offers real-time reporting and insights.

Also Read: Best cybersecurity practices for startups to stay ahead of the curve

For a CISO, identifying a vulnerability in their organisation provides real assurance so that it can be resolved before an attacker exploits it in this fast-paced environment.

What is watchTowr’s secret sauce?

watchTowr’s secret sauce is two-fold. Our offensive security expertise has been built by experience — not by reading about attackers and attacks but by breaking into the world’s largest and most protected organisations.

We combine this expertise with an ability to leverage technology to collect, analyse and understand data at scale continuously. This enables watchTowr to build and deploy our continuous attack surface testing solution, which mimics real adversaries’ persistence, ingenuity, and aggression. watchTowr continuously probes entire external attack surfaces for high-impact vulnerabilities.

This approach offers CISOs peace of mind that their organisations are constantly being reviewed for weaknesses to keep their information secure. We offer an always-on security system that highlights issues before they are exploited.

How does watchTowr differ from existing solutions in the market?

watchTowr tells organisations in real-time if they could get compromised. It automatically and continually analyses the organisation’s attack surface, generating reports and alerts as appropriate.

The old way was manual, driven by consultants, and gave organisations a static snapshot of their defences. Consultant-driven exercises are outdated and they rely on humans to work through an asset to identify vulnerabilities that might exist at any point in time. As these exercises are point in time and executed on a quarterly —  or annual basis — they do not keep up with the speed at which the cyber security threat landscape evolves.

On the other hand, watchTowr leverages a data-driven approach with incredibly agile, extremely scalable technology that discovers vulnerabilities in real-time by discovering and examining an organisation’s attack surface and security posture.

How can banks, insurance and e-commerce firms benefit from real-time assurance like watchTowr?

Once engaged, watchTowr’s rapid approach and technology typically provide enterprises and CISOs a 300-400 per cent increase in attack surface visibility. Armed with greater visibility, CISOs can continuously discover high-impact vulnerabilities across their attack surface — reducing their reliance on outsourced consultancy and other cyber security assurance initiatives.

The challenge for an organisation today is not only to understand where they are exposed to a cyber attack but where they are vulnerable to a breach or a compromise.

In today’s world, where cyber attacks are constant and new weaknesses and vulnerabilities are being discovered at an increased speed, checking for vulnerabilities twice a year no longer makes sense.

Also Read: How to tackle cybersecurity threats during the holidays

watchTowr combines a genuine ability to look at the organisations’ attack surface that mimics sophisticated attackers, such as the North Koreans. For CISOs at banks, insurance companies and e-commerce companies, this is a game-changing approach that offers real assurance while enabling agility.

With the proliferation of Web3, a new wave of security threats has emerged (the Axie Infinity hack is a case in point). How equipped is watchTowr to leverage this “growing opportunity”?

Axie Infinity is a fantastic example of the growing sophistication of attacks carried out. It has become more critical than ever that organisations test their defences with the same aggression, agility and persistence as the threat they face — groups like the North Koreans, who are well resourced and highly motivated.

If you were defending Fort Knox (a US Army installation in Kentucky), would you employ an average individual on the street to test your physical defences? Likely not; you’d find a capability that reflected your most credible threat and use that to test your physical defences.

Then imagine that your most credible threat is constantly upgrading its capabilities, you’d want to test your physical defences constantly in line with these upgrades.

This is where watchTowr differentiates by building technology injected with sophisticated offensive security capability, which provides organisations with testing aligned to their most credible threat continuously.

watchTowr is backed by prominent VCs such as Paul Allen’s Vulcan Capital fund and Wavemaker? How did you manage to get them on board?

Vulcan and Wavemaker are both under no illusion that most of the technical innovations we will see over the next ten years — whether in banking, Web3, e-commerce, or any other space — will need to be underpinned by cyber security. watchTowr offers a rare mix: a team experienced in the real world coupled with a clear gap in the market that watchTowr has purpose-built their technology for, and the endorsement that comes with an impressive list of enterprise clients, acquired in less than a year of operations.

Why did you choose Singapore to launch the firm? What opportunities do you see in the island state?

Singapore is an incredible launchpad to engage with the established and growing enterprise market across the region. The Singapore government considers increasing fines up to SGD1 million for financial institutions that suffer security breaches due to oversight. This will push companies into employing cybersecurity expertise to avoid the security breach itself and the fine that may be associated with it.

In addition, the Singapore Computer Emergency Response Team (SingCert) has advised companies to strengthen their cybersecurity, vigilance and online defences to protect themselves from cyber-attacks such as web defacement, and distributed denial of service (DDoS) and ransomware, especially now with the current Russian-Ukraine war.

Fundraising or preparing your startup for fundraising? Build your investor network, search from 400+ SEA investors on e27, and get connected or get insights regarding fundraising. Try e27 Pro for free today.

The post watchTowr can tell an organisation in real time if it can get compromised appeared first on e27.