Safety Detectives: Please share your company background, how you got started, and your mission.
Cyver: Cyver first launched in 2020, when we began development on our platform, Cyver Core. Today, we’re fully operational, working with clients from 7+ countries to deliver pentests to private companies and public sector organizations.
We want to digitize pentesting, to adapt to the changing market, and to improve how cybersecurity is handled across organizations. After all, the world around us is digitizing and more than 60% of all organizations use work management platforms. It doesn’t make sense to continue delivering pentests as PDFs. It doesn’t make sense to continue handling processes like pentest checklists and quality assurance manually. Cybersecurity threats are increasing, and most organizations don’t have the resources to break lengthy pentest reports into actionable work items.
Cyver uses our platform to automate that process, delivering findings as tickets – which can be tracked, monitored, and resolved as tickets. That also integrates into our vulnerability management and metrics solution, which is included for free, as part of the platform, for any Cyver customer. Plus, with features like onboarding relevant teams and sharing real-time notifications, teams can see new vulnerabilities as they are added to the platform. That gives them the freedom to immediately roll that vulnerability into the next Agile sprint, so they can build a patch or find a fix ASAP.
SD: What is the main service your company offers?
Cyver: We deliver pentesting, using a Pentest-as-a-Service model. That means we perform pentests manually and then deliver them via our cloud platform. We also use work templates, checklists, and standards to rapidly set up and duplicate projects, so we can save the client hours on project setup every time they need a new pentest.
SD: What is something unique that helps you stay ahead of your competition?
Cyver: Most competitors are not yet delivering pentest-as-a-service. However, we offer several USPs. These include direct integration into client teams with real-time notifications, onboarding, etc. We also offer free retesting on any vulnerability remediated within 30 days of the pentest. That allows organizations to validate whether patches work. It also provides incentive to remediate quickly. Finally, we actually take considerable steps to put pentest management and cybersecurity in the hands of the stakeholders. So, not only do we onboard project and app managers, but we also use a credit system, so finance can budget upfront. Then, when feature updates and new code are pushed, stakeholders like project managers can easily request a pentest out of the existing budget.
Plus, we offer live chat, so you can more easily ask for additional information in case our remediation tips or replication data isn’t clear. We want to make it as easy as possible to actually remediate vulnerabilities.
SD: What do you think are the worst cyberthreats today?
Cyver: Zero-day vulnerabilities definitely provide the worst risk to most businesses, simply because they consist of exploits in previously “secure” software. That’s important because many of them are simply exploited, patched, and then exploited again with only small shifts in the attack. However, there’s little that most organizations can do about these vulnerabilities except to maintain good security policies. In addition, phishing and social engineering create massive risks. It doesn’t matter how much you pentest if you don’t maintain good cybersecurity policies across the organization. However, this is a complex question and new threats are always on the rise—so the best option is to be aware of risks, to manage security settings, and to reduce those risks as much as possible.