Fixing the World’s Broken Cryptography
With the emergence of technologies such as mobile, cloud, Internet of Things and blockchain, companies are relying more and more on cryptography as a risk control for authorising operations and protecting sensitive data. Modern cryptography is powerful, but also fragile and complex to deploy. In practice, it is often breakable, leading to serious security issues.
Why is deploying crypto so hard? I thought it was a solved problem?
We know (mostly) what are the right crypto algorithms to use, but using crypto securely is much more complicated than that. It requires secure implementations, secure APIs, secure use by applications, secure key-management, secure randomness generation, and secure protocols. Expertise in these areas is rare and expensive. Cryptosense software detects and shows how to fix exactly these kinds of problems.
How does it work?
Our software works in two stages. First we get visibility on enterprise crypto-use using a combination of passive and active tracing and sniffing, on networks, endpoints and applications. Then, we apply our continuously updated crypto analysis rules to examine security and recommend actions to take. Our analysis algorithms and risk evaluation rules take into account the latest academic research results, our own in-house vulnerability research and requirements in standards.
We deliver our software to clients in software-as-a-service (SaaS) mode or as an on-premises solution. In the former, a customer will download from us the software required to capture details of cryptography usage on their infrastructure, and send the traces obtained to our server in the cloud for analysis. In the on-premises solution, we supply our analysis server as a virtual machine for the customer to install in the corporate private cloud.
Getting crypto right produces a robust core around which security can be built and the consequences of breaches can be limited. Once problems have been fixed, Cryptosense software can be integrated into the development process to give continuous testing of the crypto used in applications, or set to monitor infrastructure regularly to detect weak keys or configurations. The result is a real-time view on crypto security across IT infrastructure.
Our current customers include five of the top ten European banks, two SIFIs (providers of critical infrastructure to the financial service industry), government agencies in Europe and the US, and cryptographic hardware and software developers in the EU, China and Israel.
Cryptosense was founded in 2013 as an academic spin-off of INRIA and Ca’ Foscari University of Venice. We’re based in downtown Paris. Our seed funding round was lead by Elaia Partners, one of the best-known VC firms in Paris.