Helping People Care More About Cybersecurity
Founded in 2015, Beauceron Security is focused on the human side of cybersecurity. The software-as-a-service platform goes beyond the old school awareness and training approach and towards truly engaging, empowering and motivating organisational team members to make better choices about cybersecurity.
The platform was born at the University of New Brunswick (UNB) which faced an onslaught of online attacks ranging from surges of brute force attempts to break into accounts, a continual rise in phishing and other cyber threats directly related to individual's choices and online behaviours. The choice to focus on people, process and culture while also modernizing the university's security architecture and technology paid off. Shipley and his team were able to reduce the university's phishing click rate from 30% to less than 5%.
During a major wave of phishing attacks in 2016, that work helped the university withstand a surge of monthly phishing attempts that increased ten fold— from 120,000 attempts per month to more than 1.2 million after another Canadian university was hit with ransomware and paid.
Today, Shipley and the Beauceron team have taken their passion for putting people in control of technology to more than 400 clients globally including Fortune 100 financial institutions, Fortune 500 telecommunications firms, government, hospital, higher education and nearly every other major industry vertical. They've delivered the same dramatic individual cyber risk reduction that UNB benefited from to all of their clients, becoming the world's most effective cybersecurity behaviour change platform.
"... it gives me peace of mind when using open source libraries in our product. The platform was incredibly easy to integrate into our build pipelines."
Beauceron Security CTO
Good cybersecurity practices are at the core of Beauceron Security's values. CTO Sean McDougall was aware of the importance of ensuring that the open source components used in their applications need to be secure and free from vulnerabilities.
Over 90%1 codebases contain open source code, and at least 73% have a known vulnerability2, which means that one cannot claim to be fully secure without paying proper attention to the open source dependencies in their projects. Beauceron Security's team of developers created an app for cybersecurity awareness learning and management and must safeguard sensitive customer data. The personally identifiable information (PII) of the members who make up the organisations that use their products are a sensitive dataset and maintaining customer trust is vital for the firm's' continued success.
Boasting a strong team of developers, Beauceron Security needed a tool that was quick, easy to set up and that fit in seamlessly in their SDLC. The tool also needed to manage the research of the changing vulnerabilities that posed a threat to the team's code so as to sustain their rapid build pace whilst keeping security debt low, removing the need to stop, complete the research manually, and start again.
The Solution: Unstoppable security control
After integrating Meterian's vulnerability web scanner into their DevOps process, Beauceron Security was able to promptly and clearly receive insights of the vulnerabilities threatening their codebases in the form of the stability, security and licensing risks posed to the open source components used in their apps. This allowed the team to stay on top of the most recent risk posing a threat to their operations, and access remediation suggestions wherever possible. The tool also supported McDougall in setting the security standard for his development team, ensuring that secure coding best practices are upheld throughout the department.
Meterian's Open Source Security Platform allowed Beauceron Security to focus on helping protect other organisations from security breach, safe in the knowledge that they themselves are free from vulnerabilities and protected from security breaches using vulnerable open source components as a way in. The easy to read summary of vulnerabilities and the comprehensive listing of open source libraries in use in their projects provide the assurance that they need to keep on top of their application security regarding open source dependencies. This increases the confidence in the open source software supply chain that they rely on, and that they would not fall victim to cyber attacks they have made their mission to protect against.
2 Meterian Research Data 2021 survey of 2700 open and closed source codebases
〉Location: UK and Canada
〉Industry: Cyber Security
Beauceron Security CTO
“I love that Meterian is simple to use, it gives me peace of mind when using open source libraries in our product. The platform was incredibly easy to integrate into our build pipelines, which was important to us so as to not add a huge amount of set up and release work to our developers' responsibilities. We were able to start receiving meaningful reports highlighting and tracking the vulnerabilities that we need to be aware about in a matter of minutes, resulting in a safer and more secure workflow.”