Thought Leaders in Cyber Security: Craig Hinkley, CEO of WhiteHat Security (Part 2)

Sramana Mitra: You said you have 30,000 websites and apps that your solutions protect in the process of developing these websites and applications. When you look at the universe out there of millions and millions of websites and applications, what percentage of them are actually vulnerable?

Craig Hinkley: What we found is that pretty much 100% of customers will have a vulnerability at any time during a year that we’re providing service. The scary statistics is that every customer that we’ve looked at and provided service for as well as customers we’ve done research work with has a serious vulnerability open and available to be exploited.

The analogy would be, if you try to equate software security and how that shows up on the web as websites and applications, equivalent to protecting your home. We’ve all done it before. We’ve all left our home and either forgot to put the alarm on or left the back door unlocked by accident. In the time that vulnerability is exploitable, the bad folks find us. They take advantage of it.

The leading indicators of the company being able to protect themselves and to detect, correct, and manage their vulnerabilities so that they do not get exploited is the number of vulnerabilities that we find. The second metric is the remediation rate. If we find 10 vulnerabilities, do customers remediate all 10? The third one that we look at and measure is the remediation time. How long does it take for a customer, once they’re aware of the vulnerability, to correct that? Those are the three metrics that we look at as a way of assessing a customer’s health.

We’ve developed a proprietary algorithm called the WhiteHat Security Index, which we’re going to release to the market soon. We took those three primary metrics and some other sources and came up with a security index. You can actually equate that to the FICO scores. It’s between 0 and 800 – higher is better. Sincewe’ve been in the industry since 2002, we’ve got 13 years worth of data. We can also provide them peer benchmarking, which we see as a very important capability. The CIO and the CEO are sitting together and saying, “Tell me how do I measure my cyber security posture?” The WhiteHat Security Index helps them put a number to it. The next question is, “How do we compare against our peers in the industry?” We can provide information as to how they stack against their peer groups so that they can see if they are remediating in a fast enough time.

This segment is part 2 in the series : Thought Leaders in Cyber Security: Craig Hinkley, CEO of WhiteHat Security
1 2 3 4 5