AsTech, a leading independent security consulting company based in San Francisco, will provide a $1 million warranty against breach-related costs if an organization suffers unauthorized access to non-public information through a vulnerability that AsTech fails to discover for its Paragon Security Program (PSP) customers.
With this program, risk management budgets will become much more predictable, leading to more certainty relating to how much companies would pay out in the event of a breach.
PSP subscribers also enjoy irreversible security improvements in their application development processes regardless of the size of the organization.
“AsTech has analyzed more than 100 million lines of code over the course of 20 years helping customers manage cyber risk. In that time, we have never had a customer experience a breach due to a vulnerability that we missed,” said Greg Reber, CEO, AsTech.
“We are proud of that track record. While other companies offer similar services, none have the certainty to back stop their results with a warranty. We are confident enough in our expertise that we will pay for breach costs if we miss something, guaranteed.”
Internet applications have become the attack vector of choice for attackers.
AsTech will find security issues, prioritize and categorize risks to reflect the real-world threat that they represent and create an effective, executable remediation plan.
AsTech is the only company providing source code security assessments confident enough in their diligence to offer this warranty against breach-related costs.
The standards that support operation of web applications can be used to simplify and constrain dynamic assessments (penetration testing), but source code assessments are a different story: static analysis is notorious for overwhelming quantities of findings, usually containing huge swaths of false positives and false negatives.
Though source code presents patterns which can be used to track down security issues, each source code assessment has to be a learning experience in order to yield high-quality and usable results.
AsTech has spent 20 years refining its approach to source code assessments so that the results are accurate, concise, and complete. Further, AsTech’s program is committed to the systemic remediation of vulnerabilities with each iteration of assessment.
“We stand behind our work with more than just offering a money-back guarantee – we will pay up to $1 million in breach-related costs for remediation, customer notification, legal fees, or anything else,” said Andrew McDonnell, president of AsTech.
“In this day-and-age, companies of all sizes need to know how secure their applications are. As the leader in our space, we take the risk out of source code security analyses – and we guarantee that nothing will be missed.”
AsTech joins SentinelOne, WhiteHat Security, Cymmetria, Trusona, KnowBe4 and few others in offering some form of financial guarantee to customers in the event of cyberattacks on their networks that their solutions do not catch first.
“Security vendors routinely make outlandish claims about their products and services, which often fall short of expectations,” said Jeremiah Grossman, chief of security strategy at SentinelOne and pioneer of vendor security guarantee programs.
“When disaster eventually strikes, customers find themselves left holding the bag while their security vendors hold zero liability,”
“As an industry, this is unfair and the customer-vendor relationship must change. Information security has never been more important and it is great to see more vendors, like AsTech, coming forth to help change the paradigm by offering a financial guarantee to customers for its services.”
AsTech is a leading cyber risk management firm dedicated to helping organizations discover and remediate vulnerabilities to secure critical information assets.
AsTech helps mitigate risk by offering a suite of cyber security services, which includes deep technical expertise in building highly effective security programs that empower development teams to employ strong, security coding practices throughout SDLC.