Why IONIX? Why Now?
My team and I founded IONIX (formerly Cyberpion) with one goal in mind: to answer the critical and growing need for organizations to secure their real attack surface and its digital supply chain. The primary concept behind attack surface security is this: today, the security of an organization and its’ assets are now critically dependent on the connections to, and security of, third party assets and their connections in turn.
Let Me Explain What the Real Attack Surface Is
Digital enterprises and businesses have rented, outsourced or partnered for delivering various aspects of their online presence, with cloud and CDN providers, various PaaS and SaaS providers, ad tech vendors, and other technologies. In turn, the vendors of these solutions have done the same and built their offerings on top of even more third-party solutions, and so on and so on. The result is an extensive and hyperconnected online ecosystem of assets and connections.
Not only is the scale of these connections increasing, but the complexity as well, resulting in a convoluted and ever-changing map of the organization’s ecosystem: the organization’s assets, connected assets and the connected infrastructures.
Online Ecosystems, What Could Go Wrong?
Short Answer: A Lot Can Go Wrong in an Online Ecosystem
Specifically, we’re talking about cybersecurity and the new attack surface created by the rise of online ecosystems. Online ecosystems are uniquely appealing to hackers, and extremely complicated for enterprises to secure. The scale and complexity of an online ecosystem provides hackers with a significant advantage when it comes to executing an attack while leaving as little evidence as possible.
In order for a hacker to succeed in their objective they require stealth. This applies to the act of hacking itself, where attacks can last for months as they slowly gain access and credentials and move from one system to another, but also applies to minimizing the evidence they leave behind that could lead to any post-hack arrest and prosecution.
If we consider the hacker’s mindset, which of these two methodologies would they prefer in order to obtain credit card data?:
- Attack a well secured financial institution
- Penetrate the organization
- Move laterally through various systems for weeks to gain access
- Find the desired database
- Attempt to send the database to an external repository
- Decrypt the data to find hashes that still should be cracked
- Attack a less secure online store
- Leverage a vulnerability in an included third-party script
- Run Magecart-like attack via that vulnerability
- Record plaintext credit card credentials as they are entered by customers
- Leave zero trace of the hack on the host systems
The Mindset Gap is a Gap in Your Security: Hackers vs Organizations
My team and I have deep experience in both offensive and defensive cybersecurity roles, what we all agree on is that organizations and hackers (most of them at least) have significantly different perspectives.
- Organizations are scope oriented
- Security is defined by what they own, what they manage, and what they are responsible for
- Investments and activities are made based on the likelihood of specific attack vectors
- Hackers are goal oriented
- Primary concern is achieving an outcome
- No adherence to utilizing a specific attack vector
- Will use whichever attack vector produces the desired outcome and minimizes the evidence
Online ecosystems are prime targets because they maximize the hacker’s objectives and minimize the organization’s security objectives.
Developing an Ecosystem Security Solution
In creating a solution to help organizations secure themselves against the vulnerabilities within their ecosystem we had to consider the fundamental challenges of the problem we were trying to tackle:
- The ecosystem is not being monitored by traditional, perimeter-centric security tools
- The size and scope of an enterprise ecosystem overwhelms current processes to monitor and manage
- The diversity of the types of assets and infrastructures, and the diversity of vulnerabilities for each type
- The dynamic nature of an ever-changing ecosystem means static inventories of ecosystems rapidly become obsolete
I’m proud to announce that our solution to these challenges is the IONIX attack surface management platform. Our goal is to help organizations gain control over their entire online attack surface that lies far beyond the classic perimeter.
Founding IONIX – Our Vision
We know that this is a big problem to solve. When we saw the volume and scale of attacks against external infrastructures, with little to no awareness by the targeted organizations – governments, enterprises and SMBs, we knew we could (and should) do something about it.
Based on the data and the incidents we see on a daily basis, we can say with high confidence that ecosystem security is a significant challenge for organizations, and the risks to them are significant, including:
- Stolen Data
- Infrastructure Disruption
- Abused Assets
- Trust and Reputation Damage
- Violation of Regulations
- Lost Revenue
My vision for IONIX is to provide organizations the active threat protection and peace of mind they currently lack against the threats that emerge from lack of external attack surface visibility.
Raising Venture Funding
Our recent funding announcement is the culmination of a lot of hard work on the part of the IONIX team, and I couldn’t be more proud of them.
From our early days of development to bootstrapping the organization with early customers we continue to be driven by the enthusiasm and affirmation that we see from everyone we speak to. This includes input from our two co-lead investors Team8 Capital and Hyperwise Ventures, who I view as valued partners on this journey.
The funding will allow us to accelerate our operations and build awareness of the security challenges that online ecosystems represent.
I look forward to presenting the attack surface management platform to you, whether as a customer, a partner, or a future member of the IONIX team!