I was reviewing the RSAC 2020 Innovation Sandbox finalists and wondering what level of security they had implemented for protecting their own sites – that is whether they “walk the talk”?
Logo | Company | Homepage | Crunchbase | |||
---|---|---|---|---|---|---|
AppOmni | appomni.com | CB-AO | LI-AO | @AppOmni | ||
BluBracket | www.blubracket.com | CB-BB | LI-BB | @bluebracket | ||
ElevateSecurity | elevatesecurity.com | CB-ES | FB-ES | LI-ES | @hello_Elevate | |
ForAllSecure | forallsecure.com | CB-FAS | FB-FAS | LI-FAS | @forallsecure | |
Inky | www.inky.com | CB-I | FB-I | LI-I | @inkyphishfence | |
ObsidianSecurity | www.obsidiansecurity.com | CB-OS | FB-OS | LI-OS | @obsidiansec | |
Security.AI | www.securiti.ai | CB-SAI | FB-SAI | LI-SAI | @SecuritiAI | |
Sqreen | www.sqreen.com | CB-SQ | FB-SQ | LI-SQ | @SqreenIO | |
TalaSecurity | www.talasecurity.io | CB-TS | LI-TS | @talasec | ||
Vulcan | vulcan.io | CB-VC | FB-VC | LI-VC | @VulcanCyber |
Checks were performed using following publicly available services against respective companies home pages.
Test | From | Link |
Risk Score | @UpGuard | https://bit.ly/UG_Scan |
Web SSL Server | @qualys | https://bit.ly/QS_Scan |
Security Headers | @securityheaders | https://bit.ly/SH_Scan |
EMail DMARC/SPF | @fraudmarc | https://bit.ly/FM_Scan |
DNSSEC | @verisign | https://bit.ly/VS_Scan |
Security.txt | @scott_helme | https://bit.ly/ST_RD |
WAF | @sucurisecurity | https://bit.ly/WAF_Scan |
The tests is not indicative of the security of respect services or product offerings – but simply a comparison on level of attention to company web sites.
Results
Overall – Securiti.AI was Ranked #1, followed by Elevate Security #2, Inky #3, AppOmni #4, Sqreen #5, Obsidian #6, Blubracket #7, Talasecurity #8, Vulcan Cyber #9 and forallsecure #10.
Note rank order differs slightly from UpGuard score due to additional checks, essentially sorting Left to Right (best to worst) based on results.
Web Server (QS_Scan) – Most sites had implemented TLS (9/10), however some still allowing TLS 1.1.
Browser Security (SH_Scan) Few had implemented security all headers options (STS CSP XFO XCTO RP FP).
Only 1 (Securiti.AI) had fully implemented.
Email security (FM_Scan) was less than ideal (considering Phishing is major threat vector) with only 2 having implemented DMARC with SPF (reject or quarantine).
DNS Security (DNSSEC) – Only 2/10 had implemented DNS Security.
References
DNS Security –Top 5 Threats, CloudFlare, Akamai, Imperva
Security Headers – OWASP / Hardening Guide
WAF –