Venafi is a cybersecurity company that protects machine identities by orchestrating cryptographic keys and digital certificates. The company invented machine identity protection and has over 30 related patents. Venafi provides visibility and intelligence about machine identities across on-premise, mobile, virtual, cloud and IoT environments for large organizations. It automates remediation to reduce security and availability risks from weak or compromised machine identities. Venafi recently released a new code signing solution and protects the largest companies in the world.
1. www.ciobulletin.com
10 Best Cyber Security Companies 2019
Defence Unlimited
International: Leaders
in Defence, Security
and Intelligence
Edward Sawiris Banayoti | Founder | Executive Chairman
2. Meet the Industry
Veteran
Jeff Hudson, CEO
Jeff Hudson is a true pioneer with
over 25 years of experience in leader-
ship and management in information
technology and security management.
He has been a key executive in four
previous successful high-technology
startups. Before Venafi, Jeff was the
CEO of Vhayu Technologies Corp
which was eventually acquired by
Thomson Reuters. Prior to Vhayu,
he was the CEO and co-founder of
MS2. He started his career with IBM.
He is also a prodigious speaker who
has talked worldwide at numerous
technology and business conferences.
He also contributes regularly to
business and IT security publications
including Forbes, New York Times,
and Wall Street Journal.
He earned his BA in Communications
at the University of California, Davis.
Venafi: Machine Identity Protection Worldwide
T
he number of machines
in organizations contin-
ues to rise. But every year
businesses spend billions
of dollars protecting the identities
of humans, while little is done to
protect machine identities. Unfortu-
nately, malicious actors online are
exploiting this gap in security.
Venafi was the first to identify
this problem and created the tech-
nology to protect machine identities.
The company is one of the best
cybersecurity companies
around today. We talked to
Jeff Hudson, the CEO of
Venafi, to learn more about
Venafi and how they protect
the security of many Global
5000 companies.
Tell us about
Venafi and its
story.
Venafi’s predecessor company was
founded by Russell Thornton and
Ben Hodson after they recognized
the importance of security for a
consulting project. The cofounders
incorporated the company as IMCen-
tric in Washington State on October
26, 2000.
“With dozens of patents and hundreds of customers, Venafi protects
the largest companies across the world.”
Jeff Hudson, CEO
3. In early 2005, the company’s name
changed to Venafi: a word created
by combining two Latin roots—Vena
(vein or root) and Fides (trust or
faith). Venafi secures the root of
trust—machine identities, including
cryptographic keys and digital certif-
icates. I joined the company in Octo-
ber 2010, and the company moved
to Salt Lake City, Utah in 2013.
As a leader in the cybersecurity
industry, Venafi is a technology
pioneer. We defined the Machine
Identity Protection market, and our
platform protects the largest, most
sensitive networks in the world.
Could you tell us about a
formative project? Share
the experience.
Back when Venafi was just getting
started, a very large European bank
asked us to accomplish a specific task
by a certain date. If we did so, they
would pay us half a million dollars.
However, we found an intermittent
bug as the deadline approached.
Many organizations would have still
shipped the solution despite the bug,
saying they would fix it in the next
version. However, that’s not how we
wanted to run Venafi. We told the
bank about the bug and explained
that we couldn’t ship the product.
Our customer was completely under-
standing, asked us to ship anyway
and paid us. They never experienced
the bug, and our next version fixed it.
Ultimately, they appreciated our
honesty and transparency, and these
values are something we try to put
into practice every day.
Can you talk about your
products and services in
brief?
Venafi secures machine-to-machine
connections and communications.
The modified sentence should read:
We protect machine identities by
orchestrating cryptographic keys and
digital certificates for SSL/TLS, IoT,
mobile, SSH and more. Venafi
provides global visibility of machine
identities and the risks associated
with them for the extended enter-
prise—on-premise, mobile, virtual,
cloud and IoT—at machine speed
and scale. Venafi puts this intelli-
gence into action with automated
remediation that reduces the security
and availability risks connected with
weak or compromised machine iden-
tities while safeguarding the flow of
information to trusted machines and
preventing communication with
machines that are not trusted.
Do you have any new
product/service ready
to be rolled out into the
market?
We recently released Venafi Next-Gen
Code Signing. It is a solution that
secures enterprise code signing pro-
cesses by providing enterprise wide
visibility into all code signing oper-
ations. The solution provides secure,
centralized storage and management
for all code signing private keys. This
means that private code signing keys
never leave the trusted Venafi storage
platform or an optional connected
hardware security module (HSM).
Next-Gen Code Signing provides
information security teams with
comprehensive visibility and detailed
intelligence about all aspects of code
signing operations, including who
has signed what code with which
certificate, who approved the request,
and when each action occurred.
Using the detailed intelligence
gathered, Venafi Next-Gen Code
Signing delivers compliance and
audit reporting across all code
signing activities.
How does your company
contribute to the global
IT/cybersecurity platform
at large?
Venafi invented the technology that
provides the visibility, intelligence,
and automation needed to protect
machine identities in the world’s
largest, most security-conscious
companies.
We all know that the number of
machines on networks is growing
exponentially because the digital
transformation that is happening is
completely dependent on machines,
not people. Organizations across the
globe are waking up and realizing
that their machine identities are
not protected. With over 30 ma-
chine-identity-protection oriented
patents, we deliver innovative solu-
tions for Global 5000 organizations,
including the top five U.S. health in-
surers; the top five U.S. airlines; four
of the top five U.S., U.K. and South
African banks; and four of the top
five U.S. retailers. Organizations use
Venafi machine identity protection to
secure communications, commerce,
critical systems and data, and mobile
and user access.
Companies are
facing increasing
threat to their security,
especially those that
leverage encryption.
Venafi makes encryp-
tion more secure.
“
“
| 10 Best Cyber Security Companies 2019
4. Natuvion
announces a legal
and compliance
package for SAP
solutions
F
or the first time, the
Information Commis-
sioner’s Office (ICO)
used new powers to
fine companies that break laws
protecting consumers’ data.
British Airways and Marriott
Hotels were charged with fines
totaling almost £300m. The
importance of data privacy and
legal compliance for the multi-
ple regulatory frameworks and
regulations should not be un-
derestimated, and definitely not
ignored. In addition to EU-GD-
PR, many new regulations are
coming into force, including the
California Consumer Privacy
Act, Chinese Data Protection,
and—on August 14, 2019—
Brazil signed the new General
Data Privacy Law(LGPD).
For many business reasons—
not just fines—Natuvion has
discovered that companies are
starting projects to analyze and
manage their data and relat-
ed business processes. These
projects are typically led by
legal teams and supported by
IT, as well as the business. This
evolved project and business
process needed a new type of
consultant to provide support.
Natuvion’s privacy consulting
experience can help your orga-
nization gather and document
relevant information using
the SAP Data Privacy Gover-
nance application, which helps
companies collect all processes
where personal related data is
processed. This addresses the
requirements of article 30
EU General Data Protection
Regulation and assesses the
risk in a Data Protection
Impact Assessment (DPIA)
Natuvion unique
expertise is to
provide services
in implementing
the SAP Data
Privacy Governance
application.
Joanne Lang
CEO & Founder’s of Natuvion Americas
Constructive
feedback from
our employees,
transparency
between the teams
and innovativeness
from the experts
show us the way
forward.
“
“
5. How does this compliance package work?
With EU-GDPR and other legal requirements, a
company needs to have the framework, processes,
and documentation to address Personal Information
Management Systems.
The SAP Data Privacy
Governance application
provides a solution
to cross define and
manage the many
regulatory frameworks
and regulations defined
by IT, security, and
legal teams that
Natuvion has built
their expertise around.
Businesses can distrib-
ute customized policies
and use the regulation
app built on SAP Cloud
Platform to define
regulations in order to
guarantee employees
are handling personal
data correctly under all legal guidelines
the company needs to follow.
Natuvion’s legal and IT experts help define these
guidelines with a project roadmap, and help identify
the data tools that can search and find 99% of the
personal data stored in the businesses landscape.
Coupled with Natuvion’s extensive knowledge in SAP
Information Lifecycle Management (ILM), consisting
of experience with over 120 customers, Natuvion
complements the SAP Data Privacy Governance team
by offering years of experience in implementing
an automated and accelerated approach to deleting,
archiving, and blocking personal data across large
SAP and non-SAP IT landscapes.
With over 100 specifically cross-trained IT/Legal
consultants and project managers, Natuvion combines
a pool of technical experts with a pool of lawyers to
handle all compliance topics, including implementa-
tion of the SAP Data Privacy Governance application.
For more details
about the partner-
ship between
Natuvion and the
SAP Data Privacy
Governance team,
sign up for our
free webinar series
designed to deliver
strategies, resourc-
es and training to
with data privacy
programs and SAP
S/4HANA®
data
transformations.
Natuvion’s
SOPHIA Data
Search Tool: As an initial pro-
cess of identifying the personal data that could
put companies at risks if used outside of the different
regulatory frameworks, Natuvion’s “Sophia” is run
across an entire landscape to identify all personal
data that needs to be handled. This step is critical.
Companies with over 15 different connected systems
often find personal data in areas they never knew was
being stored.
Natuvion’s Data Subject Request App (DSR app):
Used to support both EU-GDPR and the California
Consumer Privacy Act, the DSR app helps automate
and manage the full data subject request lifecycle,
from intake to fulfillment and record-keeping. The
DSR app also maintains a complete record of all
actions taken and communications to demonstrate
compliance to regulators. This app was built on an
SAP Cloud Platform and co-innovated with SAP and
addresses the problem many companies struggle with
when having to manage requests from customers
employees to delete or request their data.
We expect to grow development
teams for SAP cloud applications;
support clients with GDPR
related queries with our unique
‘on-demand’ Competence Centre,
and provide high-end project
managers as customer resource.
“
“
To enroll and receive the latest information sign up here: https://info.natuvion.com/transformation-webinar-series
| 10 Best Cyber Security Companies 2019
6. Silent Break Security:
A leader in penetration
testing and information
security consulting
Customer testimonials
“We were really impressed by the detail and re-
sults. It’s almost laughable what your competitors
put out in comparison.” – Jay, Utility Company
“Foot Locker has worked with Silent Break for
over 2 years. During that time we have found them
to be highly knowledgeable both in planning and
execution of any engagement. I have no hesitation
in recommending Silent Break to any company
that is looking for an information security part-
ner.” – Jason Black, Foot Locker
“I want to thank the Silent Break team for an out-
standing experience with collaboration assessment.
You guys blew us away with your knowledge,
skills, and professional demeanor. I have been a
part of annual assessments for over 20 years, and
this was by far the most enlightening and produc-
tive assessment I have ever been part of.” – Jeff
Olson, National Guardian Life Insurance
P
enetration Testing is one of the best ways to
test the security infrastructure. While the tech-
nique has been used for years now for security
assessments, the processes and tools associated
with this approach stick to convention. But the threat
landscape is changing continuously and cybercriminals
are perpetually developing better ways to debilitate
networks. Hence, it is important to use custom tools
and the methodologies need to constantly evolve to
stay ahead of the malicious actors. One of the world
leaders in penetration testing and information security
is Silent Break Security.
Brady Bloxham, very early on in his career identified
a difference in how cyberattacks were happening and
how the private sector merely called it “penetration
test.” The information security industry needed to
modernize to keep up as threats evolved. The founder
felt that there was a requirement for a company that
could provide assessments which were customized for
each organization. With a focus of providing security
assessments, Bloxham founded Silent Break Security in
2011.
The team at Silent Break has had hands-on experi-
ence dealing with national-level threats as many of its
employees have previously worked for Department of
Defense (DoD) agencies like National Security Agency
(NSA) and the United States Air Force Network War-
fare Squadron. Having worked at the highest level, the
team at Silent Break specializes at both offensive and
defensive security.
Black Box Testing
Every organization is different and each one requires
a different kind of engagement to fit its own security
needs. Silent Break Security offers many services in the
form of black-box, white-box, or a hybrid approach.
Silent Break uses its security progression lifecycle to
help its clients determine which combinations of
services will suit their environment.
From compliance
to sophisticated
adversary simulations
to collaborative
assessments to
custom red team
tool-kits and training,
we customize our
approach to best help
organizations improve
their security
maturity.
”
”
7. Tom Kennedy
co-founder & CTO
But we know that the black-box
approach is best when it comes
to representing the actual process
of a hacker. While the company
can handle white-box and hybrid
approach to penetration testing,
their expertise at black-box stands
out in the security industry.
The typical security assessments
involve black-box penetration
testing which involves the use of
open-source products, automated
scans, and attacks to identify vul-
nerabilities, engagements scoped
to last a week or two in effort to
assist clients in becoming compli-
ant. On top of this, the functional-
ity of the tools used by companies
is pretty limited which in-turn
reduces their effectiveness. But
attackers are not bound by time-
lines or by the scope of the tradi-
tional penetration tests. Because of
this very reason we see more and
more organizations being breached
every year.
Silent Break’s black-box penetra-
tion testing breaks convention
and goes beyond. The company
applies its first-hand knowledge
from its DoD and NSA experience
to conduct “real” cyber-attacks
along with usage of custom code,
attack methodologies and stealth
persistence to complete a compre-
hensive assessment. The company
quintessentially goes that extra
mile that other companies refuse
to go.
Training security
enthusiasts
We often see companies use their
knowledge to help themselves
and their clients but Silent Break
Security breaks this industry ste-
reotype. To make this happen, the
company sponsors PwnOS project
which provides free and hands-on
training for security enthusiasts.
Meet the security luminary
Brady Bloxham, Founder & Principal Security Con-
sultant
Mr. Bloxham has been in the information security industry for
more than 15 years. He has worked with top-tier government
agencies where his work has earned him awards for network
security operations.
He is an adjunct professor at The University of Utah’s David Eccles
School of Business (DESB) where he teaches Telecommunications
and Computer Security in his spare time. He’s an avid speaker and
has spoken at various conferences. His PwnOS project is used as an
educational tool for students.
He earned his B.S. in Information Systems from the Marriott
School of Business at the Brigham Young University. He also has a
MBA in Information Assurance from the Idaho State University.
”
Using our security progression lifecycle, we help our
clients determine which service or combination of
services is best suited for their environment.
”
8. Greet the luminary
Donald Case is co-owner of BizCare, founded in 2009.
Nurturing his lifelong passion for doing more with less,
Donald helps communities achieve their digital
transformation with secure, private and resilient
technologies.
A Silicon Valley veteran on the founding teams that
introduced QuickBooks, EMC/Documentum, Cisco
(SmartCare) and Macys.com, Donald earned his M.B.A.
from Saint Mary's College, and his Bachelor of Science
degree in Computer Science from San Francisco State
University.
B
izCare is disrupting the
traditional IT support
model with its unique
Near-sourcing IT solutions.
Savvy eCommerce, Health-Ser-
vices, Construction, Finance and
Non-Profit business owners trust
BizCare for highly available IT
monitoring, management and
maintenance - continuously serv-
ing guaranteed results at excep-
tional cost-efficiencies. Contact us
if your business needs:
• Secure reliable Cloud Appli-
cations, Workstations, Mobile
Endpoints, Networks and
Servers
• Curated automated work-
streams delivered continuously
24x7x365
• First Response Incident Man-
agement Services to Internal or
Customer facing Ops
• To do more with less - achiev-
ing 40% cost efficiencies over
traditional IT support models
Let us get into deeper
conversation with
Donald Case, co-owner
of BizCare to under-
stand the company.
Why was the company set
up? How did you select the
vertical and decide to be a
part of the global platform?
• After on-boarding our clients,
one-by-one, we found they all
really enjoyed the one-on-one
service, all of their technology
needs are met and they have
a clear understanding of their
technology budgets.
• We found ourselves often in
conversations about how to
increase the return on technol-
ogies. We met a lot of business
BizCare, Inc.: For security-conscious business
communities who count on secure, safe technologies
“We stand behind our services and
believe you’ll be satisfied. However,
in the unlikely event that you are not
satisfied with our services, you may
cancel your service at any time.”
Donald Case, Co-Owner
a.
b.
9. leaders searching for the right
technology partner that could
deliver results like:
• A comprehensive technology
solution – knowing technol-
ogy is vital to their organiza-
tion, facilitates their growth,
protects data and drives the
quality of their products and/
or services
• A trusted partner relation-
ship – who deeply under-
stands their business, is hands
on with technology everyday
with the right expertise and
skill sets, is an integrated
extension of their team, local,
culture-driven and gives back
to the community
• Confidence – that their tech-
nology stack fully resonates
and empowers their unique
vision, mission and values
• Value – beyond “pro-active”,
advocating strategic guidance,
driving business technology
outcomes that empower their
organization for competitive
advantage and cost-efficiencies
• Responsibility – a depend-
able partner who cares about
and takes ownership of issues
resolved and timely communi-
cated at the C-Level
What is your company’s
vision statement? And to
what extent are you success-
ful in achieving the same?
We work with small business
executives on their most critical
issues and opportunities to ana-
lyze, create and deliver sustainable
solutions deliver high-value out-
comes in their Financial, Non-Prof-
it and Real Estate industries. Our
unique Five-to-Thrive®
method
helps clients measure and achieve
remarkable results through indis-
pensable information technologies
orchestrated by proven strategies,
finance, digital transformation,
compliance and security.
We are proud of our clients' track
record, like the fact that they all
have historically outperformed
their peers for the last 10 years.
How successful was your
first project roll on? Share
the experience
We started in 2006, consulting
business technology solutions for a
few small businesses, non-profits,
and Fortune 500 companies. By
2016 we were curating millions
of service requests per year - in
real-time through our world-class
team, supported by our automa-
tion, partner and client ecosys-
tems. Today our patrons count on
their comprehensive Five-to-Thrive
business-technology solutions.
What challenges did you
face in your initial years?
What can your peers learn
from it?
• In the early years, we too
were frustrated with delays
imposed by technology related
interruptions, distractions, and
disruptions, and wanted to do
something about it.
• We were fed-up with point
solutions that didn’t work
out, or industry consolidation
that consumed our technology
partners.
• We were also worried about
good cyber hygiene while, at
the same time, ever increas-
ing cybersecurity and privacy
risks, just like our clients. Pro
We help organizations emerge from chaotic
and reactive experiences with IT to success,
predictability and resiliency - empowered by
IT.
”
”