I was reviewing the RSAC 2020 Innovation Sandbox finalists and wondering what level of security they had implemented for protecting their own sites – that is whether they “walk the talk”?

LogoCompanyHomepageCrunchbaseFacebookLinkedInTwitter
AppOmniappomni.comCB-AO
LI-AO@AppOmni
BluBracketwww.blubracket.comCB-BB
LI-BB@bluebracket
ElevateSecurityelevatesecurity.comCB-ESFB-ESLI-ES@hello_Elevate
ForAllSecureforallsecure.comCB-FASFB-FASLI-FAS@forallsecure
Inkywww.inky.comCB-IFB-ILI-I@inkyphishfence
ObsidianSecuritywww.obsidiansecurity.comCB-OSFB-OSLI-OS@obsidiansec
Security.AIwww.securiti.aiCB-SAIFB-SAILI-SAI@SecuritiAI
Sqreenwww.sqreen.comCB-SQFB-SQLI-SQ@SqreenIO
TalaSecuritywww.talasecurity.ioCB-TS
LI-TS@talasec
Vulcanvulcan.ioCB-VCFB-VCLI-VC@VulcanCyber

Checks were performed using following publicly available services against respective companies home pages.

TestFromLink
Risk Score@UpGuard https://bit.ly/UG_Scan
Web SSL Server@qualys https://bit.ly/QS_Scan  
Security Headers@securityheadershttps://bit.ly/SH_Scan  
EMail DMARC/SPF@fraudmarchttps://bit.ly/FM_Scan  
DNSSEC@verisignhttps://bit.ly/VS_Scan  
Security.txt@scott_helmehttps://bit.ly/ST_RD  
WAF@sucurisecurityhttps://bit.ly/WAF_Scan

The tests is not indicative of the security of respect services or product offerings – but simply a comparison on level of attention to company web sites.

Results

Overall – Securiti.AI was Ranked #1, followed by Elevate Security #2, Inky #3, AppOmni #4, Sqreen #5, Obsidian #6, Blubracket #7, Talasecurity #8, Vulcan Cyber #9 and forallsecure #10.

Note rank order differs slightly from UpGuard score due to additional checks, essentially sorting Left to Right (best to worst) based on results.

Web Server (QS_Scan) – Most sites had implemented TLS (9/10), however some still allowing TLS 1.1.

Browser Security (SH_Scan) Few had implemented security all headers options (STS CSP XFO XCTO RP FP).

Only 1 (Securiti.AI) had fully implemented.

Email security (FM_Scan) was less than ideal (considering Phishing is major threat vector) with only 2 having implemented DMARC with SPF (reject or quarantine).

DNS Security (DNSSEC) – Only 2/10 had implemented DNS Security.

References

DNS Security –Top 5 Threats, CloudFlare, Akamai, Imperva

Security Headers – OWASP / Hardening Guide

WAF –

Justin Lister Uncategorized ,

Leave a Reply

Your email address will not be published. Required fields are marked *