I have written recently about two friends of mine from the security industry, Carl Banzhof and Billy Austin and a company they started called iScan Online. Carl and Billy first told me what they were thinking about last spring or so. Over the next months they kept me in the loop as they continued to develop. Over the summer they showed me early versions of a new kind of security scanner they had developed. They started offering free scans in the fall and today they officially launched iScan Online.
I have been very impressed with what Carl and Billy are doing. So impressed in fact that I have been helping them with the launch activities and consulting with them over the last few weeks. I really like what they are doing and the space they play in. Utilizing the cloud for a SaaS based security scanner, they actually do internal scanning on any device, anytime, anywhere. The internal scan is done on the endpoint itself, so no hardware or virtual appliance necessary, no complicated software. Fast and accurate, it is a great security tool for a BYOD world. They call it Opportunistic Scanning.
The company has written a white paper that I really like and even helped with, that explains what they do. It talks about the dark matter of your network. What is the dark matter of your network? Well like the dark matter of our universe, it makes up a large percentage of the mass of your network. These dark devices access your network, but are largely invisible to your current vulnerability management solutions. They are not always on, are not in your office regularly and are not static desktops, servers or infrastructure. Nevertheless they represent a significant risk to your security. Using iScan Online you can gain visibility to this dark matter. You can download the white paper (without the usual “give me your contact info”) right now from the web site here.
The scans are quick and easy delivered via a web browser plug in, command line or API. They work on PCs and Macs, with mobile apps coming very soon. The scans themselves are done on the endpoints so thousands of scans can be done at once. iScan Online can scan for traditional vulnerability scans, compliance scans (PCI, HIPAA) and data scans (PAN, PII). You get instant reports per device and there is a cloud based portal for organization wide reporting that is pretty sophisticated. You can get a free scan right now so you can see for yourself what it is does and how it works. Go check it out.
Carl and Billy have a lot of experience in this area. Both guys worked at Citadel Security, makers of the Hercules Patch management solution. Carl was the CTO there. Billy went on to be the CSO at SAINT, a vulnerability management company. After the sale of Citadel to McAfee, Carl was a VP over there continuing to work on endpoint security. Both Carl and Billy are really passionate about what they are doing. iScan Online has already attracted seed investment from a strategic investor and will be expanding in the near future with more capabilities, as well as sales and marketing activities.
I really do like what they have done and how they are doing it. I think this represents a “next gen” approach to vulnerability management, just when we need one. BYOD, mobile and remote workers and offices have left a gap in our vulnerability management coverage, iScan Online’s opportunistic scanning is a great solution to fill that gap. I am looking forward to seeing how the market responds and am happy to be helping them.
Also many thanks to Mike Rothman of Securosis for allowing iScan Online to put a quote from the Securosis Evolution of Vulnerability Management research in the release. What Mike wrote is dead on to the issues that iScan Online solves.