Last week I attended my first RSA Conference in San Francisco representing Bright. I wanted to share my impressions and thoughts as a first-timer at the RSA craziness.

Let’s start with the bottom line:

• >2,000 leads collected
• >60 meetings attended
• >500 new LinkedIn followers
• 1,000 kites given away
• 2,000 stickers given to attendees
• >XYZ ounces of alcohol consumed
• <3 hours a night sleep
• Hundreds of new friends
• 0 CoronaVirus (so far…).
  

If you walked around San Francisco last week and didn’t see a NeuraLegion kite, you must have not actually been in San Francisco as they were everywhere!

The conference is a non-stop 24-hour event that starts on Monday and ends late Thursday evening. However, this is an understatement. Having a larger team from Bright represent at RSA this week, the team actually came to San Francisco on Saturday (a couple of days before the conference) so we could do some team building and PRACTICE, PRACTICE, PRACTICE to make sure we take advantage of RSA.

The conference started in earnest on Monday and most of the day was spent in pre-scheduled meetings. 

The B-Sides conference was held in San Francisco in parallel to the RSA Conference. It was great to attend some of the sessions and catch up with Tanya Janca (@shehackspurple) to discuss DevSecOps and empowering developers to write more secure code.

After the opening reception on Monday it was time to start the evening festivities. There were many events, but my favorite was the ClearSky Ventures cocktail reception. Thank you to the Clearsky team for hosting us and all the great people we met.

Shoham & Me sneaking a picture with the team before the rest of the guys showed up.

In addition to the meetings and sessions this was the busiest day at the booth and our team had hundreds of discussions with people excited to discuss AppSec, DAST, DevSecOps and many other application security related issues.

We will skip the evening festivities, but I’ll add 2 pro tips here.

Wednesday morning kicked off with a bang at the Glilotcapital breakfast. We had quite a few great discussions with representatives from Atlassian, Intuit, Barclays and others.

Wednesday wrapped up with a CICC at JVP event and many more exciting discussions about cybersecurity, AIAST, DAST & AppSec.

The team was feeling a lot more relaxed (or sleep-deprived) by Thursday…

Overall this was an excellent conference and the follow up is keeping us very busy and will likely keep us busy for months to come.

Feel free to ping me if you have any questions, or want to learn more about RSA and how to navigate it correctly. After all, I survived my first #RSAC so I must be an expert.

Table of Contents

1. About Bright:
2. About Bind:

The partnership will focus on Bind distributing Bright’s solutions and offering services associated with these solutions.

Tel Aviv, Israel: Bright today announced a new partnership with Bind. This partnership will enable Bind to distribute Bright’s DAST and Fuzzer solutions and offer additional services associated with these solutions.

We are very excited to partner with Bind and have them distribute Bright^TM. Bind has extensive expertise selling AST solutions and providing associated services and we are proud they selected Bright as their partner following extensive research to identify the best solutions in the industry. We look forward to a great partnership

Shoham Cohen, CEO at Bright

Bind is a reseller of cybersecurity services and products that bring distinct values to its customers. Bind looked for an applicative scanning product that meets the highest standards of scanning versatility, CI/CD integration and 0-false positive to customers. Bright’s unique solutions were chosen over other competitor products we evaluated due to the remarkable technical results and energetic team standing behind the products. We are looking forward to a strong and fruitful partnership with Bright

Ronen Carmona, CEO at Bind

The combined offering will enable organizations to implement leading DAST and Fuzzer solutions alongside additional services to ensure the highest level of application security at a lower cost than they are used to paying.

Bright & Bind will be presenting at Cybertech Israel January 28-30. Come visit the Bright booth to learn more about the solutions and services we offer.

About Bright:

Bright eliminates the shortage of security personnel by enabling developers & QA teams to run their own security tests. We incorporate our automated DAST solution into customers’ unit testing process so they can resolve security concerns as part of their agile development process. Test results are provided to the security team. Follow us on LinkedIn at: www.linkedin.com/company/Brightsec and check out our website ay: www.brightsecurdev.wpenginepowered.com

About Bind:

BIND is at the forefront of global cyber and intelligence expertise, offering high-value cybersecurity and intelligence services worldwide. Using a variety of services and products we are helping organizations improve their security posture and be ready to withstand or prevent cyber-attacks.

We exhibited at Black Hat Europe, one of the Industry’s flagship events, drawing more than 3,000 Cyber Security professionals last week.

This conference marked the first in a list of conferences we will be presenting in over the next few months to help share the joy that is Bright and how we help organizations seamlessly integrate DAST solutions into the DevOps practices. Upcoming events include Cybertech Israel (at which we won top honors as the most innovative startup last year), The RSA conference in San Francisco, FIC in France and the annual Checkpoint customer conference (CPX) in both the US and Europe where we were invited to present and speak to share our innovative solutions with their customers.

Conference attendees would have found it hard to miss our unique stand which drew a lot of traffic and interest thanks to our fun “Whack a Vulnerability” activity. Delegates showed off their skills whacking vulnerabilities and the best won prizes. By our count, roughly 25% of the conference attendees joined us and played the game. Many of them came back multiple times and stayed to learn more about our offering and saw our demo in action, this is an amazing achievement. The discussions with CISOs, security experts and DevOps professionals were very interesting and it was exciting to hear that they were all very interested in our DAST and Fuzzing solutions that enable developers to remediate vulnerabilities early in the development process. Attendees shared information on the challenges they are currently facing with other solutions and the frustrations they have in implementing security as part of their DevOps process.

Below are some pictures from the event:

We look forward to the upcoming conferences and learning from every interaction.

Last week Bright was honored to be one of a select group of Cybersecurity companies invited to participate in a road show organized by the Israeli Export Institute and the Israeli economic mission to North America.

The delegation was focused on introducing new and innovative technologies & companies in the Cybersecurity space to both corporations and government entities in the North-East.

We kicked off the roadshow at the Rise accelerator which was created by Barclays bank to help them incubate and collaborate with startups. The team at Barclays shared their insights into the challenges and opportunities the bank is facing in the Cybersecurity realm. The insights provided regarding how to engage with Barclays and partner with them were very valuable.

From Manhattan, we boarded the bus and headed down to Philadelphia for a meeting with local businesses in the Delaware Valley area hosted by the Philadelphia – Israel Chamber of Commerce.

We saw a number of presentations and held a few panel discussions. Some of the presenters shared their focus areas and the Cybersecurity challenges faced by organizations today. We received strong confirmation that most organizations are looking to deploy DAST solutions that can integrate into their SDLC and help drive automation to reduce risk.

The presentations were followed by a pitch event where each company presented for 3 minutes.

Here’s a short clip from our presentation:

We wrapped up with B2B meetings with local businesses.

On day 2 we traveled back to Trenton, NJ and met with a delegation from the NJ Govt and Homeland Security for an insightful discussion about their view and insights about Cybersecurity threats and challenges. The issues of shortage in security professionals and the need for spreading the responsibility for security across the organization and from the security organization to the development organization were prominent. This again provided strong validation for Bright’s approach and our ability to help organizations of any size improve their Cybersecurity posture.

We then headed back to Manhattan and had a marathon session of meetings with a long list of companies at the SOSA offices in NY.

On day 3 we were hosted by Citibank in their Manhattan HQ and met with a group of Cyber and development professionals. It was very interesting to learn that large companies like Citi face similar issues to all the other companies we met, al-be-it at a far larger scale.

A special thank you to Mr. Inon Elroy, Economic Minister to North America and his entire team and Ms. Yaara Sabzerou, Manager, Cyber Security Unit, the Israel Export and International Cooperation Institute for organizing the event and all their support.

We are already engaged with a number of prospects from the event and look forward to participating in future events.

Table of Contents

1. What does that mean for you?
2. Why does it matter?

Implementing a DevSecOps process was never easier!

CircleCI, a leader in cloud-native Continuous Integration, according to Forrester, and Bright, the maker of the world’s first AI-powered Application Security Testing Tool (AIAST ® ) partner to make the process of delivering secure applications faster and easier than ever.

What does that mean for you?

Continuous integration gives teams the confidence to ship quality software at a rapid pace. That’s why leading companies like Samsung, Spotify, and Coinbase rely on CircleCI to enable market-leading value delivery.

But delivering fast, without paying attention to security will not get you far!

Bright helps eliminate the huge shortage of security personnel by enabling developers and QA teams to run their own Dynamic Application Security Tests. Our application security solution is fully integrated with the CircleCI Orb enabling you to incorporate our automated DAST solution into your DevOps process. We enable you to resolve security concerns as part of your agile development process resulting in significant time saving and improved collaboration between the security organization and the development organization. Test results are provided to security teams so they have complete visibility into vulnerabilities found and remediate.

“We are very excited to partner with an amazing company in CircleCI and integrate our solutions within their Orb. This partnership enables organizations using CircleCI for their DevOps to not only ship code quickly, but deliver secure code as well. We look forward to helping many CircleCI customers achieve a higher level of security”

Shoham Cohen, Bright’s CEO

Why does it matter?

With the huge global shortage in security professionals, integrating security into the DevOps process and enabling developers to detect and remediate vulnerabilities early in the process provides significant advantages to companies. It reduces the reliance on overworked security people while improving developer happiness levels and enabling faster deployment of a higher quality application.

Writing secure code is becoming a greater challenge every day. Even large multinational companies that attract the best developers from all around the world, face this problem. They suffer vulnerabilities from SQL Injection, Cross-Site Scripting, to backdoors in their code.

The effects of integrating security too late, or as we have seen in some cases, not at all, into the SDLC, is a dangerous and expensive game to play. Whether being fined and suffering financial and reputational losses when breaches occur, or being more costly to remediate vulnerabilities when they are discovered late or in the production environment.

Table of Contents

1. About Bright

Bright is proud to announce and welcome Company’s new VP of R&D, Sijawusz Pur Rahnama.

Sija has a wealth of experience gained from years of hands-on experience as a startup founder, CTO and various engineering roles. His diligence fueled by a product-oriented approach and a keen eye for detail has turned him into a pillar of a number of development communities and enabled his clients to achieve technological advantage and market visibility.

At Bright our focus is on acquiring and developing the best talent so we can serve our customers and continue driving technological innovation empowering DevSecOps. We are very excited to have a leader like Sija leading our development organization and we are already benefiting from his knowledge and experience

Shoham Cohen, CEO

Before joining Bright, Sija lead next-generation software implementations and shaped team cultures as a founder & CTO of a few companies. His abilities and acute technological instincts are the results of more than  16 years of hands-on experience working closely with software engineers, product teams, UI/UX designers and of course – users. Driving synergy between vision, technology, product, and achieving business objectives lies at the heart of his decisions.

At Bright, Sija will be in charge of developing sound organization culture, organizing internal development processes and creation and implementation of new technological solutions to advance DevSecOps and QA markets.

About Bright

Bright created AIAST(R) technology that automates a human’s critical thinking process when detecting vulnerabilities. Bright’s full suite of Dynamic Application Security Testing solutions deliver full automation of your AppSec testing, at scale, allowing organizations of all sizes to stay ahead of even the most ruthless of hackers, by comprehensively testing, assessing and improving their cybersecurity posture regardless of the industry, whether for software and web applications, Blockchain exchanges and applications, FinTech, Smart industries, Automotive, Healthcare, IoT and more.

For more growth stories and cybersecurity news, make sure to follow our LinkedIn page.

A synopsis of our experience whilst exhibiting at the Innovation Zone at Cybertech Europe 2019 by our SVP Sales & Partnerships, Oliver Moradov.

CyberTech has historically been a great event for us, winning the CyberTech TLV 2019 competition as the most innovative and disruptive solution in Cyber – and the event in Rome was as successful, in different ways.

The event was a great opportunity for Italian Cyber, InfoSec and IT professionals to get up to speed with the latest and cutting edge CyberSec technologies, especially with those exhibiting in the Innovation Zone, as we were.

It was also a great opportunity for us to learn more about the Italian market and more importantly, the current status of Italian enterprise and public body organisations in terms of their InfoSec and cyber security practises and posture.

Globally, it is clear that the cyber security industry is growing, fuelled by companies realising that simply being compliant will not cut it, especially in the wake of the high profile attacks and breaches over the last 12 months. 

I had an absolute whirlwind of a week with my colleagues, enjoying back-to-back-to-back meetings, speaking to almost 100 people / organisations across a complete cross-section of industries and sectors, who specifically wanted to understand how they could approach developing and releasing more secure applications, faster, whilst also being able to scale the testing of their applications in production.

There were several common themes across every engagement we had, but I will use one example that highlights all the salient lessons I learnt.

Speaking to InfoSec representatives of one Public Services organisation, who will of course remain unnamed, they were completely disjointed from the development team. They were candid in their responses – they knew absolutely nothing about the security measures, in particular the AppSec testing, that their development colleagues had in place prior to release, even though they headed up InfoSec. They would perform periodic (but not regular) testing, that would consist mainly of manual testing internally, but admitted they didn’t have a sizeable team with the requisite experience to cover the 950 applications they continue to manage. Over 700 of the applications they have are legacy ones (a common theme across industries and sectors we spoke to), on old frameworks and languages and current DAST tools simply do not work. When asked how much they spend on manual PT, the universal “Mama Mia..!” explained its magnitude perfectly. 

Interestingly, whilst speaking to them, another delegate approached our stand and started talking to my colleague, only for me to notice from his pass around his neck, that they were from the same organisation! They had never met (which with thousands of employees was understandable) and after making our introductions, we realised we had the development to left of me, InfoSec to the right, “here I am…..at CyberTech with you…”

Normally played out over a webex, I had the benefit of now being able to watch two departments that are intrinsic to an organisations security, whose actions directly effect each other, discuss their issues.

The immature DevOps process relied solely on SAST. They were not happy with it and the false positives created, a major drain on their resource. They wanted to implement DAST, but after a few evaluations and PoCs, they realised that the tools would slow them down and not give them the coverage they need.

The InfoSec guys complained that too many vulnerabilities were getting through, the detection of these was too late and the mammoth task of effectively prioritising remediation had snowballed so much that they didn’t even know where to start..!

Sounds familiar..? They and you are not alone and is why the concept of DevSecOps is one that is gaining more and more traction, but is at the embryonic stages in Italy at the moment.

It’s well known that software vulnerabilities are the main cause of successful cyber attacks and data breaches, an issue that needs to be addressed immediately.

The processes adopted by companies to develop software and organisation’s dependency on these applications has changed exponentially, resulting in a greater exposure to risk.

Everyone agrees that application security is a business critical process, but is one that historically does not compliment or indeed fit the application / software development methodologies like DevOps and so is doomed to failure, failure at being used or integrated into the processes at all, so as not to impact on the commercial business goals. 

All of the engagements that I had agreed that in order to succeed, the gap between security and development needs to be eradicated all together.

The interest in our innovative approach and the pain points we remove was amazing – we spoke about how easy it is to embed and to seamlessly integrate comprehensive, accurate and automated security testing into the DevOps process, regardless of the maturity of the DevOps process, or indeed if they had one yet at all.

They were able to understand that with the solutions on our AIAST platform (like Bright), that deliver simple to use, intuitive and unrivalled testing capabilities that require no cyber security experience, security testing can be put into the hands of their developers, integrated into their agile development or unit testing processes and / or enabling even their QA to introduce automated AppSec security testing.

Based in the UK, the number of Brexit jokes I had to endure over the trip was understandable, but whilst we determine if its better to be in or not, to be unified or not, one thing is for certain….a union of DevOps and security is of paramount importance to reduce exposure and AppSec Testing automation is the only way of effectively achieving this.