9 principles for practitioner-focused cybersecurity software
Are we on the right track at Seedata.io? (Spoiler alert: we think we are, but keen to know your feedback!)
Naturally, we got curious. So, during our flight back from an action-packed couple of weeks in San Francisco for BSides and RSA, we seized the opportunity to mull things over. We’d strongly recommend founders in cybersecurity to do the same—it’s an excellent way to assess your current standing!
The 9 principles suggested by Ross, and our take on how we approach each one are as follows:
Headline: offer a free tier!
Ah, accessibility! A crucial aspect often overlooked in the cybersecurity realm.
Most cyber companies tend to avoid free tiers (have a look here) and take refuge behind a “book a demo” approach.
We love showing a good demo (and signing multi-year contracts), but we appreciate people may have different purchasing preferences and we want to offer flexibility. We provide a free forever account, no credit card needed (start planting here), that lets users test the full breath of our platform and plant a bunch of seeds without ever needing to chat with us (though, to be honest, we’re quite keen on a good chat!).
Transparency in how our solution works is important to you
So, we openly share how we determine alert priority (1-5 following NIST) based on three criteria, so that users can see the underlying metrics alongside the final ratings:
- The trigger: What kind of request is it? A click on a link? An SQL injection attempt?
- The observable threat rating: Is it a known bad actor, or just an innocent web crawler?
- The seed impact rating: Is the seed located in an extremely sensitive internal spot, or is it exposed externally?
Transparent pricing is vital, so we make it all about the number of seeds you need. Want more? Upgrade. Starting small? Grab a free account!
Headline: ditch the black-box approach and be open
Headline: offer integrations, don’t lock in your customers
Whilst we think our platform is great, we recognise your security teams would probably prefer to not add another screen to manage or toolset to learn.
That’s why we’re continuously adding integrations that make the features of our platform available within your wider toolsets.
We’re all about playing nicely with others and ensuring your cybersecurity strategy is well-connected, efficient, and effective!
Our aim is to deliver a product that security folks love
Planting a seed should be as simple as hailing an Uber; just a few clicks and you’re up & running. One-click integrations allow for fully automated, unsupervised planting and retiring of seeds, and we keep increasing our catalogue of integrations. And to further enhance the self-service experience, we’re always adding more support pages (you can never have enough, right?)
We truly believe that customer feedback is the key to improvement. So, rest assured, we’ll keep our ears open and fine-tune our offering until it’s a smooth ride for everyone on board!
Headline: make tools easier, friendlier, and more intuitive to navigate.
Headline: allow in-app product customization and fine-tuning
We believe extendibility is essential, and we’re continuously building towards it
Fundamentally, we’ve built the whole thing around exposed API’s, with the expectation that our customers will present new and exciting use-cases. Our platform also offers a range of customization options built in:
- Whitelisting trusted sources: Are you being continuously scanned by an IP address you know and trust? Whitelist it! The same goes for other benign sources including emails, domains and full IP ranges;
- Customizable alert templates: Tailor our email, Syslog, or webhook alerts to your preferences.
And we’re not stopping there! More customization options are on the horizon, including:
- Folder planting flexibility for structured data seeds: Choose specific folders, in addition to random allocation.
- Document seeds creation: Decide on language, length, content, and look & feel.
- Domains: Utilize your own domain to craft even more realistic URLs, files and applications.
Plus, many more exciting features! We’re committed to making our platform adaptable to our customer’s unique needs, ensuring you get the most out of your security solution.
The genesis of the idea for Seedata.io came from our own CTO, Matt
His experience as a CISO seeing too many breaches going undetected for far too long left him wanting to fix this pressing issue. We’re upfront about the fact that we’re no silver bullet. We aren’t the only security tool you should invest in, and likely not the first. We’re candid about where we can help:
- High-fidelity in-network detection: Security teams often struggle with false positives, making it tough to spot the real threats. We’re here to help detect attackers who’ve slipped past your other defences and to reduce that signal-to-noise ratio.
- Gather adversary-generated threat intelligence: One-size-fits-all threat intel feeds just won’t cut it. Get real-time, tailor-made threat intelligence specific to your network and organization.
- Data loss visibility outside your perimeter: Attackers aim to cash in on their efforts, which might include reselling data or access to infrastructure. We help close the gap between attack and detection, speeding up incident response activities.
We only adopt new tech if it serves a purpose – for example, we use (the now heavily hyped) GenAI to make our decoys more believable and scalable. Our focus remains on solving real-world security problems and ensuring that technology serves as an effective tool to achieve that mission.
Focus on problems
Headline: focus on solving problems, not just on the hyped latest technology
Headline: product should be testable and do what you say it can do
Embracing the shift from promise-based to evidence-based security is essential
We’ve designed our product with this principle in mind, ensuring that customers can easily test our capabilities at any point in time. By simulating an attacker’s actions (e.g., scanning the network, opening a file, or trying credentials), you can observe our platform alerting in real-time.
Additionally, you can simply utilize our Test feature to receive a test alert as if it were a genuine incident. This approach demonstrates our commitment to providing testable, transparent, and reliable security solutions that empower our customers to validate their defences effectively.
Understanding the importance of scalability in today’s fast-paced business environment
We’ve designed our platform to be fully API-enabled, allowing for seamless integration and adaptation to various demands. Some of our customers have even built intelligent systems on top of our platform, utilizing it exclusively through APIs. The ability to scale security infrastructure efficiently and effectively is crucial in addressing the ever-increasing workloads, data volumes, and rapid expansion of modern enterprises.
Explore our documentation here to learn more about our API capabilities!
Headline: product should be API-first
Headline: embed software engineering practices into your security engineering
We think detection engineering has a big role in the future of our product, but we’re not there yet
We’re fully onboard with the ideas and concepts behind detection engineering (take a subscription to Zach Allen’s Detection Engineering newsletter to become infinitely smarter about this movement).
We know we have a way to go on this principle, but we really like the direction it’s taking us; we have plans to put the algorithms used for analysis into the hands of our users, and build a community for open exchange of best practice, and we like the idea of gamifying and rewarding the engineers making best use of our platform and contributing most to the community.