Get Your Pillar World Awards Entry Kit Now
Welcome How To Submit Enter Online Advertisements & Sponsorships Tickets Volunteer as Judge Merchandise Winners Home
A CIOs guide to managing security risks in the face of malicious attacks

Cenzic provides the leading application security intelligence platform to continuously assess cloud, mobile and web applications to reduce online security risk by providing risk reduction recommendations for business, application developers and specific applications. Cenzic’s solutions scale from single applications to enterprise-level deployments with hybrid approaches that enable testing of applications at optimal levels. Cenzic's solutions are used in all parts of the software development lifecycle, and most importantly in production, to protect against new threats even after the application has been deployed. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs.

Rake Narang: Has security become a moving target for most companies? What is it that companies are most ill prepared to handle?

John Weinschenk:
Yes, the application security threat environment changes every week. With the threats continuously changing, companies are challenged to keep all of their applications (Mobile, Web Applications, Supply Chain integrations) secure.

Most companies are testing applications in development before they are put into production but ill prepared to maintain security during the production life cycle. Companies are challenged since development resources are reassigned to new applications the minute the application goes live in the production environment and also don’t have the clearances/trust to have access to production applications. Production teams don’t have the skills, resources or knowledge to fix security coding issues or address the moving threat model to maintain a secure application. A solution to this problem is for production teams to work with a company that can safely monitor the applications for new threats and utilize a Web Application Firewall (WAF) to block any new threats that arise from the moving threat environment. The key here is the “Safe Monitoring” of the applications since production environments need to maintain performance, data integrity and uptime.

About John Weinschenk

Rake Narang: How have mobile applications and BYOD changed the enterprise security paradigm?

John Weinschenk:
BYOD increases the enterprises security risk. The increased risk is created in four areas. First area is caused by employees downloading insecure applications or rogue applications that can leak data from real business application. Second, with carriers moving away from unlimited data plans, more people are connecting by Wi-Fi connections. These connections can be insecure allowing the bad guys to capture information being sent from the mobile device. Third, BYOD devices need to be protected if stolen. Devices contain local data storage can expose proprietary/sensitive information. Last, BYOD devices might not be patched properly created by bad user habits. Improperly patched systems can leave security exposure’s that could be exploited.

Rake Narang: What is Cenzic's intelligent behavioral technology? How does it help enterprises manage security risks in the face of malicious attacks?

John Weinschenk:
Cenzic's intelligent behavioral technology goes beyond a signature-based approach by emulating a true hacker with a Stateful Assessment approach that maintains the state of the application while accessing the application at the browser level. This non-signature based approach has made Cenzic solutions the most accurate in the industry, yielding few false positives and finding more "real" vulnerabilities. Intelligent behavioral technology uses a browser interface to access applications in an active state, Cenzic finds all critical vulnerabilities including application logic tests, such as session hijacking, strong passwords, privacy policy validation, etc. as well as all the core vulnerabilities like XSS, Buffer Overflow, SQL Disclosure, and others.

Cenzic's intelligent behavioral technology allows companies to focus on the real risk that threaten an enterprises business by finding real vulnerabilities before the bad guys do.  Our patented technology delivers the most accurate results at the lowest cost.

Company: Cenzic, Inc.
655 Campbell Technology Pkwy #100, Campbell, CA 95008 U.S.A.

Founded in: 2000
Pillar: John Weinschenk
Public or Private: Private
Head Office in Country: Campbell, California - United States
Products and Services: Cenzic’s application security solutions are powered by Cenzic Hailstorm and enable organizations of all sizes to continuously scan and assess Cloud, Mobile and Web applications to reduce online security risk from hacker attacks.  Products include: Cenzic Enterprise; Cenzic Desktop; Cenzic Managed Cloud; Cenzic Cloud; Cenzic Hybrid (Software + Cloud); Cenzic Mobile.
Company’s Goals: Cenzic’s aim is to help businesses and governments rely strongly on Cloud, Mobile and Web applications to run their organizations as well as to interact with customers and partners. Cenzic helps its customers do this without the fear of these applications being at risk of exploitation by hackers, because of security vulnerabilities.
Key Words: Application Security; cloud, mobile and web application security

Interested in a written Industry Interview with Pillar World Awards?
Want to tell us more about your company, products and more? We are currently doing written interviews with executives and PR professionals from all over the world in the business world. If you are interested, please submit your requests for interviews here.