In the consumer world, warranties are commonplace, but that's largely not the case in the cyber-security market today. A handful of cyber-security companies, however, have started to offer their customers warranties, AsTech being one of them. On July 13, the security consulting vendor announced it is increasing its cyber-security warranty from $1 million to $5 million if a customer is breached.
While the expanded warranty is new, AsTech is not a new vendor, having been in business since 1997.
"Over the last 20 years we've seen a lot," Greg Reber, CEO of AsTech, told eWEEK. "In our business we work to find and fix vulnerabilities and then we train developers not to reintroduce vulnerabilities in new code."
AsTech's Paragon Security Program is a managed security program that helps organizations secure applications, according to Reber. The $5 million guarantee applies specifically to the program. As to why Reber decided to increase the warranty from $1 million to $5 million, it has to do with data breach costs. The 2017 IBM-sponsored Ponemon Cost of a Data Breach report estimated that the current average cost of a data breach is $3.7 million.
"We have supreme confidence in our abilities," he said. "We have not had a customer breached in 20 years."
The $5 million guarantee is not, however, applicable to any type of breach; it only applies to breaches that are the result of vulnerabilities in applications that the Paragon program manages. A common path to publicly disclosed data breaches are phishing attacks, which when successful give attackers administrative access to systems. Reber emphasized that phishing and credential attacks are not covered under his firm's data breach warranty.
"We have very clear and concise terms and conditions for the breach warranty," he said. "We cover vulnerabilities in web applications, and phishing isn't something we cover."
AsTech is planning on expanding the Paragon service to go beyond just application security to manage network vulnerabilities as well, Reber said. The network services will be augmented with technology from security vendor Qualys for network vulnerability scanning.
A guarantee like the type provided by AsTech is not intended to be a replacement for cyber-insurance, according to Reber. With cyber-insurance, organizations pay for coverage to help recover costs related to a security incident. AsTech's guarantee is not a comprehensive warranty for every type of cyber-risk that an organization may face, which is why cyber-insurance might also be required, he said.
Reber added that having a guarantee does provide a degree of confidence both to organization and insurance organization about risk and can lead to lower cyber-insurance premiums.
WhiteHat Security founder Jeremiah Grossman pioneered the idea of providing a financial warranty for cyber-security software in 2015. Grossman brought the same idea to security vendor SentinelOne in 2016, where he currently works as chief of security strategy. SentinelOne offers a $1 million guarantee against ransomware for its customers.
Reber said AsTech had been working with WhiteHat and saw what it was doing with the guarantee, which is what led him to bring it to his own company.
"We've been watching the space, and offering a security warranty is the wave of the future," Reber said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.