Seven Australian cyber companies scored a coveted invitation to pitch their wares to federal government decision makers.
Cyber solution providers – Fifth Domain, Ionize, MailGuard, Forticode, Enosys, Cynterra, Aleron – presented the benefits of their solutions to assembled Australian public service stakeholders at the GovPitch event held in Canberra this week.
This was followed by a mini trade show where the companies provided additional details.
It’s the second such event organised by AustCyber, the not-for-profit set up by the government to execute its Industry Growth Centres Initiative.
The first federal GovPitch was held in August last year, and according to new AustCyber CEO Michelle Price, it has already paid dividends.
"There are several projects now in the sales process as a result of GovPitch, including a significant uptick in subscriptions to Hivint's Security Colony service, a three-year contract signed between Airlock Digital and the Australian Centre for International Agriculture Research, and Kasada and Bugcrowd securing several proof of concept explorations with government agencies," she said.
"These are just a few of the deals in the pipeline from the first GovPitch."
Seven companies (see below) were invited to pitch this time around, with solutions ranging from cloud-based gateways to cyber security training solutions.
Speaking at the event, Elizabeth Kelly from the Department of Industry, Innovation and Science said GovPitch is an opportunity for Australian companies to show their capabilities.
“We’re looking for small and medium companies for which a government contract would be a game changer,” she noted at event.
“All of the companies here are innovators in their own niche.”
For Matt Wilcox, CEO of Fifth Domain, the solution to Australia’s shortage of cyber security professionals is internal training.
According to Wilcox, there will be a shortfall of 11,000 cyber workers by 2020 in Australia, and so government and businesses will need to try to grow those capabilities internally.
Wilcox was pitching Fifth Domain’s Penteract training platform as a solution to that problem.
“Penteract solves the cyber security skills problem by solving the cyber security training problem,” said Wilcox during the pitch.
Penteract provides a customisable framework for the development of in-house training tools for both specialist cyber professionals as well as general knowledge workers who need to be upskilled in cyber security basics.
Penteract can provide the training programs, or they can be developed in-house.
Wilcox also noted that Penteract is compliant with the National Initiative for Cybersecurity Education (NICE) skills framework, which AustCyber is recommending that all government agencies should align with.
Through its subscription service, Ionize provides simulated cyber attacks on business and agencies with the aim of detecting vulnerabilities in their cyber defences.
According to Ionize Managing Director Andrew Muller, this subscription works “like your regular flu-shot...I’m talking about a continual attack and breach simulation.”
Ionize has previously worked with the Australian Electoral Commission to simulate attacks and test the defences of its electronic systems.
Muller noted that there are many foreign firms providing automated solutions, but he believes a customised and constantly evolving solution is better.
“There are automated solutions in this space that just don’t work,” he said.
“We’re talking about constantly evolving, like your adversary.”
“Whenever a new technique comes up, we’ll hop onto the tools, develop a solution and try it out.”
MailGuard provides what CTO Bill Rue extravagantly describes as “the world’s foremost cloud email security service.”
MailGuard checks incoming emails for phishing, viruses, spam and other undesirable content before sending them onto to an office mail system.
“One in four people won’t recognise a well-crafted attack email,” noted Rue, adding that “90% of threats are coming through email. Why isn’t that 90% of our focus?”
According to MailGuard, its hybrid AI solution is consistently between two and 48 hours ahead of the competition when it comes to preventing fast-breaking attacks.
It also has an advantage, Rue said, when it comes to Australia because it recognises Australian brands such as MYOB, Telstra and the AFP better than the multinational competition and it can therefore make better decisions when it comes to phishing attacks.
“What would you give for a solution that allowed you to get rid of all your passwords forever, but still be safe?”
“Passwords are out of date, and if we continue to use them then everyone in this room will be subject to a password breach in the next few years.”
This was the opening pitch by Ramsay Smith, Forticode’s VP of Sales, for the company’s Cipherise platform.
Cipherise is an authentication solution that uses QR codes and mobile biometrics instead of passwords.
It provides what Forticode describe as “invisible multi-authentication.”
A site provides a QR code, which the user scans with their registered mobile device (iOS and Android are currently supported).
The user then provides a fingerprint or facial recognition authentication to finalise the authentication process.
According to Smith, Cipherise doesn't share any credential information over the network and even if the registered device is lost then nothing is vulnerable.
It links to SAML and RADIUS in the back end for identity provision.
Managed security services provider Enosys provides 24/7 security operations for organisations that don’t have the skills or manpower in-house, said George Soumilas, Director of Managed Services at Enosys.
“At a high level, Enosys provides vulnerability management, threat management and security event monitoring,” said Soumilas. “We compete with the world’s largest providers.”
According to Soumilas, Enosys has already had a number of notable wins in the government space, including providing cyber security during the 2018 Commonwealth Games.
“We’ve found that most of our customers have similar challenges,” said Soumilas. “They don’t have visibility across their organisation...and they can’t keep up with the flood of alerts that hit their organisation every day.”
Cynterra claims to be the world’s first Information Security Manual (ISM)-compliant Gateway-as-a-Service company.
“For agencies that connect to the public cloud, they have to pass through a gateway. These gateways are expensive and they are complicated,” said Cynterra Director Paul Heaton.
“Cynterra has moved this gateway to the cloud.”
According to Heaton, a new Cynterra cloud gateway takes one hour to deploy, “as opposed to three months to 18 months” for a hardware solution.
Cynterra works as a metered service, and delivers firewall, network segmentation and encryption capabilities.
The final pitch came from Aleron, which was promoting its cyber security analytics and risk reporting tool eDNA (pronounced “ed-na”).
“eDNA allows you to collect all your cyber info in one place so you can make informed and effective decisions,” said Aleron director Mark Wroniak during the pitch.
“It lets you identify where you should focus your efforts and your budget to reduce your cyber risk.”
According to Wroniak, eDNA helps solve the cyber worker shortage problem by allowing you to optimise your existing workforce around identified high risk areas.
It also allows you to identify how your data aligns with Australian privacy principles and identify where sensitive data is stored.
It will then present the data in a “CEO-friendly format,” said Wroniak.
“Why are we still using things like spreadsheets to solve our cyber security problems?” he asked.
Australian companies interested in pitching their cyber solutions to federal government departments at GovPitch can apply here.