enterprisesecuritymag

Security Innovation: Bridging the Software Security Gap

CIO VendorEd Adams, President & CEO
Over time, enterprises have become increasingly dependent on software applications to run their infrastructure and operations. However, the rapid adoption of this approach has outpaced the ability of organizations to secure their networks. Today’s complex and hostile ecosystems have made software vulnerabilities easy and open targets for attack from multiple points. The mission at hand for IT teams is to build software-secure environments—and no one understands this better than the team at Wilmington, MA-based Security Innovation. By combining its in-depth knowledge of software security and experience in providing clients with threat factor information through its cloud-based training platform, Security Innovation helps solve the security challenges facing modern enterprises and SMBs. “We have built engaging solutions that both mitigate risk and speed the software development process,” says Ed Adams, the President & CEO of Security Innovation.

Security Innovation has secured a wide range of IoT products including factory automation equipment, robotics, medical devices, SmartHome systems and locks, cryptocurrency wallets, breathalyzers, cement trucks, PoS devices, satellites and even motorcycles for organizations, including several of the Fortune 500. The firm utilizes comprehensive and proven methodology to assist clients in remediating vulnerabilities. After conducting an organization-specific security assessment, Security Innovation provides detailed vulnerability reports that provide guidance on how best to mitigate and eliminate existing risks. “Finding vulnerabilities is the easy part; what we do next is add value for our customers by showing them how to fix it as well,” explains Adams. Security Innovation proactively enables clients to speed software development by teaching IT teams to write secure code that eliminates security vulnerabilities from the outset.
This allows software engineers to focus on building features into the software, rather than constantly addressing security concerns.

Security Innovation’s computer-based training library includes more than 100 modules organized by role, platform, and technology. Their proficiency in technical analysis, extensive knowledge of business processes, and effective security training capabilities have resulted in Security Innovation winning over many of the worlds most reputable Fortune 500 brands. “Whether it be embedded and smart-devices or software applications, we have the expertise and competence to make our clients more secure,” adds Adams.

In one instance, the firm helped a large consumer electronics provider significantly improve the maturity level of its product development lifecycle. The electronics provider had different applications deployed throughout its organization to operationalize its infrastructure and was struggling with products that were embedded in IoT devices and enterprise cloud-based applications. Security Innovation introduced regular testing and training practices for all engineers across the enterprise to establish an application security program paradigm, ultimately improving its product development lifecycle.

In order to keep pace with the rapidly evolving security landscape, Security Innovation has introduced the next generation of training for software development teams with its CMD+CTRL cyber range. CMD+CTRL, the only authentic pure play application security cyber range of its kind, provides teams with a safe sandbox environment, where they can work their way through hundreds of vulnerabilities that lurk in application code today. This helps them comprehend and understand how to fix coding issues and prevent vulnerabilities from occurring in the future.

Founded as a university spin-off by a professor and a group of graduate students, Security Innovation has come a long way in securing software for businesses around the globe and educating users on how to eliminate threats and stop attackers in their tracks. As a leader in the industry, the company is now focusing on making immersive training a standard protocol for organizations. “We provide engaging, effective security training that can change the world, one developer at a time,” says Adams.