Tinfoil Security has a founding team of MIT and intelligence community alumni, with extensive backgrounds in security across many organizations around the globe. The organization builds cybersecurity solutions which scale, for large enterprise companies. It streamlines the client’s security needs with tools that easily integrate into any DevOps process or SDLC. Tinfoil’s technology empowers its clients’ DevOps and development teams to become the critical first line of defense, thereby increasing bandwidth for security teams to prioritize and enhance more strategic security initiatives.
Tinfoil Security’s enterprise offerings include access to a multitude of tools that help integrate security into its clients’ DevOps process.
When Two Undisputed Leaders Took Charge
Back in 2011, Tinfoil Security was founded by Ainsley Braun and Michael Borohovski. Since its launch, the organization has provided security solutions to numerous customers, ranging in size from SMBs to the Fortune 100.
Ainsley is the CEO of the company and makes sure to instill a company culture that prides itself on community and giving back. This is reflected in the contributions made by its engineering team to open source their code, whenever possible, to the global community in the battle for cybersecurity. Ainsley realized that she wanted to be a leader and innovator in the cybersecurity industry during her time consulting with Booz Allen Hamilton, where she worked upon graduating from MIT. As a member of their Strategic Technology and Innovation division, she has worked primarily with United States Department of Defense (DoD) clients.
Michael serves as the CTO of the organization. His technical abilities have helped the organization create a superior product that is on the cutting-edge of today’s cybersecurity needs. Michael is phenomenal at starting and building relationships with anyone he meets and has played an integral role in growing and closing the Tinfoil Security sales pipeline as well. His pure passion and deep knowledge of the cyber security industry has allowed him to often play the trusted advisor role for Tinfoil Security’s customers, who lean on him for direction and advice for protecting their sites and IP.
Ground Breaking Products
Tinfoil Security currently offers two products; Web Scanner and API Scanner.
- WEB SCANNER: Tinfoil Security knows most CISOs at enterprise companies deplore their current security solutions or are just too jaded to even deal with third party integrators, especially for scanning web applications. Tinfoil checks for over 70 classifications of vulnerabilities, including the OWASP Top 10 Web Application Security Risks, and is always adding more as new zero-day vulnerabilities are discovered. The product scans each time a new version a customer’s site is deployed, and can also log into any website, including SAML / Single Sign-On authenticated sites.
- API SCANNER: The Tinfoil Security API Scanner is able to detect vulnerabilities in almost any API, including web-connected devices such as mobile backend servers, IoT devices, and web services. The few tools that are currently available lack coverage depth in API security or are focused on acting as a firewall or unintelligent fuzzer. Vulnerabilities focused on authorization and access control concerns, or even web-like vulnerabilities like XSS, manifest in different ways and with different exploitation vectors than they do for web applications, and the Tinfoil Security API Scanner takes that into account.
Tackling Uneven Roads
In the early years, Tinfoil was focused exclusively on SMBs, because of it being an underserved market which sorely needed help with their application security tooling and process. As the company grew and gained SMB market share, it discovered that enterprise organizations actually had very similar problems and lacked solutions to bridge the gap between the vastly increased speed of development and their relatively smaller security teams. The organization quickly realized that in order to steer Tinfoil Security in the direction of becoming a globally competitive player in this space, it had to switch its focus into the enterprise. This strategy led the company well into profitability, while still maintaining, supporting, and selling to tens of thousands of customers in the SMB market.
The profitability turnover was in large part due to Tinfoil’s ability to adapt and implement an innovative strategy, while leading with an agile sales and operations process within the firm. The organization made sure to keep track of and provide superior support to each and every customer, even as they reached the tens of thousands. Through this involvement with customers, the company designed its product for better UI and UX functionality, making it seamless, integrated, and usable for DevOps teams.
Tinfoil Security has just launched its API Scanner, and will be focusing on educating CISOs on Tinfoil Security’s patent-pending technology. Built from the ground up, Tinfoil provides an integral, fully developed tool that CISOs can use to bring their developers and DevOps teams into their cybersecurity strategy to build highly secure products, easing their burden and increasing efficiency. This is in contrast to the few competitive solutions that take web scanners and have jury-rigged them to act as an API scanner, lacking coverage depth in API security. The only other options are those focused on acting as a firewall or unintelligent fuzzer. Tinfoil, instead, focused on solving the problem as its own problem, rather than rehashing what it already knew. Tinfoil Security works continuously to improve the state for the industry’s tools in combating attackers around the world.