7Global Product Excellence Awards and winner of 2007 Editor’s All Star Shield
SPI Dynamics' comprehensive suite of products and services identify and remediate web application and web services security vulnerabilities throughout the application development lifecycle. These award-winning solutions also enable security professionals, QA testers, and Developers to work together to verify compliance with 22 security policies such as SOX, HIPAA and PCI. SPI Dynamics has the most application security testing customers worldwide - over 1,000 clients among Global 2000 enterprises, including four out of five of the world's largest banks and nine out of 10 of the largest banks in the U.S., four out of five of the largest software companies, three out of four of the largest aerospace and defense companies, the four largest accounting firms, the five largest telecommunications companies in the U.S., six out of eight of the largest technology hardware and equipment companies, two out of three of the largest healthcare companies, and over 90 U.S. Federal agencies. The Company is one of the fastest growing in the security industry, ranked 83rd on Deloitte and Touche's "Fast 500" list of growing technology companies nationwide and 220th on the Inc. 500.
Brian Cohen, President and Chief Executive Officer
S.P.I. Dynamics
Brian Cohen is the president and chief executive officer of SPI Dynamics, the expert in Web application security testing and assessment, and has 24 years of experience in high-level and executive positions within the information technology industry.
Recognizing that the next wave of Internet security would strategically occur at the application level due to lack of security development in this critical area, Brian took on his role with SPI Dynamics in 2001 which provides an ideal venue for him to share and combine his application software and Internet security expertise. With Brian’s guidance and expert credentials, SPI Dynamics has grown to be the expert in Web application security with several hundred customers worldwide. These customers include large organizations in virtually all major categories; financial services, health care, transportation, manufacturing, distribution, retail, services, state and local government, and federal government.
The last 10 years of Brian’s career has focused exclusively on Internet security. His successful background includes key positions at Technologic, eSoft, Dun & Bradstreet Software, MSA and EDS. After 14 years of leadership positions in the application software business, Brian became a pioneer in the Internet security industry when he founded Technologic and developed the first software and hardware combination firewall appliance. As his career with Technologic progressed, Brian guided the company to produce the first all-in-one firewall, Virtual Private Networking (VPN) and Internet connectivity appliance.
Brian is a frequent speaker to C-level audiences on the importance of application security throughout the lifecycle and was recently invited to speak at the annual Microsoft Global Briefing, an internal Microsoft global marketing and sales conference, on security best practices in development. In addition, Brian was recognized as a Top 50 Entrepreneur in Atlanta by Catalyst Magazine for 2005 and 2006.
In the following interview, Brian Cohen, President and CEO, SPI Dynamics discusses with Rake Narang, Chief Editor of Info Security Products Guide, the growing needs of customer base, focusing on web application security and what customer trust really means to the entire company.
Rake Narang, Chief Editor - Info Security Products Guide:SPI Dynamic products have earned the highest trust votes from customers globally. And I would like to congratulate you and everyone at your company for this remarkable achievement. Your company has also earned the 2007 Editor’s All Star Shield given only to one company with the most number of product awards. I am sure this was not an easy task and you must have got an excellent product team behind these successful products. What makes your company products really unique and what is the secret behind this? Brian Cohen, President and CEO, SPI Dynamics: SPI Dynamics’ sole focus is on web application security and the growing needs of our customer base of over 1,000 – the largest customer base of any web application security assessment and testing vendor with 30% more customers than our nearest competitor. We have achieved this customer milestone through the breadth and strength of our solutions, which enable customers to seamlessly incorporate enterprise-wide web application security testing throughout the software development lifecycle. We are constantly reaching out to our customers for feedback, working with them on our beta products and taking their suggestions to heart when designing our solutions. We want to ensure that we are making the right advances in our web application security technology to help them be successful in their enterprise security programs. So, I’m not sure I’d call it a secret; we listen to our customers.
During the past several years, our company has moved its web application security products beyond “traditional” security solutions and developed a series of highly configurable security products used by multiple constituencies across the entire application development lifecycle, including software developers, quality assurance practitioners, security professionals, and compliance/audit managers. Our goal is to enable organizations to produce more secure web applications. While other vendors’ products force change in the way people work in order to address web application security, SPI Dynamics’ focus is to deliver solutions that complement current working environments by integrating directly into development and QA testing platforms such as those from Microsoft, IBM, and HP.
We understand that security is no longer the problem of just the security department and is an overall development lifecycle issue that must be addressed as web applications are designed. According to a July 2006 report by the industry analyst firm, Gartner, Inc., titled, Analyze Vulnerabilities, Threats, Cost and Risk to Determine How Secure Your Application Should Be, “More than 50 percent of vulnerabilities are usually injected at analysis and design phases, so by the time of testing, most vulnerabilities have already been injected.” SPI Dynamics is the only web application security vendor that has built an entire suite of products to address application security as a lifecycle issue – from development to post production – with innovation such as the combination of web application security dynamic testing and source code analysis in a cooperative testing process, called Hybrid Analysis™, to pinpoint security defects during development with unmatched accuracy and provide remediation of those security defects.
In addition, our latest assessment technology provides the most accurate results the industry has to offer, significantly reducing false positives and finding more vulnerabilities than ever before. We are the first company to modernize our scanning technology to adequately address today’s Web 2.0 applications. We deem traditional scanning technology introduced earlier in the decade to be nearing obsolescence due to its inability to fully assess active client technologies, such as JavaScript, AJAX and Flash, resulting in too many false positives and false negatives. Traditional application scanners perform well when discovering vulnerabilities in some of the more mature web technologies like HTML and CGI, but they lack the intelligence required to scan emerging Web 2.0 technologies like AJAX, SOAP, SOA, JavaScript and Flash. Three years ago, we implemented a comprehensive program to address these emerging issues. We dedicated a team of researchers and developers to redesign our products to meet the needs of the new dynamic web environment. We foresaw the decreased effectiveness that traditional scanners would face when trying to interpret dynamic applications, and we understood that a complete re-architecture was required. The new architecture, named Phoenix, has become the foundation of all our products.
"SPI Dynamics is the only web application security vendor that has built an entire suite of products to address application security as a lifecycle issue – from development to post production – with innovation such as the combination of web application security dynamic testing and source code analysis in a cooperative testing process, called Hybrid Analysis™, to pinpoint security defects during development with unmatched accuracy and provide remediation of those security defects."
Brian Cohen, President and Chief Executive Officer - S.P.I. Dynamics
Rake Narang:What are the common problems that users (security) face today? Are most users under secured or over secured when it comes to protecting their digital resources? Brian Cohen : Historically, customers have been security professionals conducting application assessments on production applications. These days our customers include security professionals and others that are building global, sophisticated enterprise-wide security programs that span the application development lifecycle and involve development and QA teams.
Today, security professionals, in all industries, are dealing with an overwhelming number of applications, vulnerabilities and technical experts around the world. They must scale their assessment processes, identify critical applications, maintain a holistic risk management view, and give numerous stakeholders visibility into the state of application security across the enterprise and throughout the development lifecycle. Organizations are striving for proactive application security programs that find vulnerabilities early in the lifecycle, to avoid excessive costs associated with fixing defects in production applications. To do so, all of the stakeholders and participants need easy access to robust application security testing tools that do not require security expertise.
SPI Dynamics’ customers’ and prospects’ approach to application security have matured dramatically over the last 18 months. However, there is still much to be done to secure web applications throughout the development lifecycle, especially with the emerging application development trends that incorporate Web 2.0 technologies like AJAX, SOAP, SOA, JavaScript and Flash. Legacy web application scanners were simply not architected to navigate and interpret today's web applications with active content, mandatory two-factor authentication and other advancements. Simply put, traditional scanners aren't able to see the entire application. As a result, traditional scanners fail to discover exploitable security vulnerabilities that exist in the more dynamic and complex regions of modern web applications. This results in an unacceptable level of false negatives. That is why SPI Dynamics has taken the industry lead in being the first company to offer a new scanning architecture designed to handle this challenge to ensure our customers receive the best and broadest web application security coverage. Our assessment technology can find vulnerabilities associated with new web technologies that other legacy scanners simply can’t. And our product suite is the only one in the industry that is specifically designed to address security throughout the development lifecycle, so our customers are able to build secure applications from the beginning.
"Security products have continued to evolve rapidly in the past few years and advanced technologies are now making it possible to take a pro-active approach to most security scenarios. End-users or consumers of these products have to deal with real-live threats which may differ vastly from lab simulated environments. These users build a strong ‘Customer Trust’ for products that best meet their requirements and therefore also play a key role in the security evolution cycle."
Rake Narang , Chief Editor - Info Security Products Guide
S.P.I Dynamics,
115 Perimeter Center Place, Suite 1100, Atlanta, GA 30346
Tel: 678.781.4800
Fax: 678.781.4850 www.spidynamics.com
