Cryptosense Analyzer software helps our customers find security weaknesses in the cryptography they use in their infrastructure and applications, and then fix them before they’re exploited.
Our software is currently used to analyze the systems that protect: the majority of interbank messages worldwide; more than half of all global Forex trades; the world’s largest financial transaction database; and the cryptography used by the world’s largest cloud providers.
We trace crypto use in applications, network protocols and cryptographic hardware, and pass it through our analysis algorithms to find vulnerabilities in key management, randomness generation, crypto use and more.
You don’t need to be a crypto expert to join our team, just enthusiastic to learn about this fascinating subject, and keen to apply good software engineering practices to real-world problems.
Engineers at cryptosense work on the tracing engines that get visibility on crypto use, the analysis platform and the back-end analysis algorithms, which employ a mixture of logical rules and data-based approaches using results from academic research, standards, and our own in-house work.
Cryptosense was founded in 2013 as an academic spin-off of INRIA and Ca’ Foscari University of Venice. We’re based in downtown Paris. Our seed funding round was lead by Elaia Partners, one of the best-known VC firms in Paris.
Our mission: to fix the world’s broken cryptography.
With the emergence of technologies such as mobile, cloud, Internet of Things and blockchain, companies are relying more and more on cryptography as a risk control for authorising operations and protecting sensitive data. Modern cryptography is powerful, but also fragile and complex to deploy. In practice, it is often breakable, leading to serious security issues.
Why? Because deploying crypto securely is hard.
Using crypto securely is more complex than choosing the right crypto algorithms. It requires secure implementations, secure APIs, secure use by applications, secure key-management, secure randomness generation, and secure protocols. Expertise in these areas is rare and expensive.
Cryptosense software detects these kinds of problems and shows you how to fix them.
Financial services & payment infrastructure
Our current customers include five of the top ten European banks, two SIFIs (providers of critical infrastructure to the financial service industry), government agencies in Europe and the US, and cryptographic hardware and software developers in the EU, China and Israel.
How does Cryptosense software work?
Our software works in two stages. First we get visibility on enterprise crypto-use using a combination of passive and active tracing and sniffing, on networks, endpoints and applications. Then, we apply our continuously updated crypto analysis rules to examine security and recommend actions to take. Our analysis algorithms and risk evaluation rules take into account the latest academic research results, our own in-house vulnerability research and requirements in standards.
We deliver our software to clients in software-as-a-service (SaaS) mode or as an on-premises solution. In the former, a customer will download from us the software required to capture details of cryptography usage on their infrastructure, and send the traces obtained to our server in the cloud for analysis. In the on-premises solution, we supply our analysis server as a virtual machine for the customer to install in the corporate private cloud.
Integrated into the dev process
Getting crypto right produces a robust core around which security can be built and the consequences of breaches can be limited. Once problems have been fixed, Cryptosense software can be integrated into the development process to give continuous testing of the crypto used in applications, or set to monitor infrastructure regularly to detect weak keys or configurations. The result is a real-time view on crypto security across IT infrastructure.