Riscure: Security Evaluation with Cryptography Roots

Netherlands-based connected-device security specialists Riscure is among the top players when it comes to side channel analysis, fault injection, connected device architecture and software analysis, with an approach of making cyber intrusion so costly and difficult, bad actors will look elsewhere for an easier target.

Marc Witteman, CEO of Riscure, spoke with MESA about how the advent of the internet of things (IoT) has upended the security game, how Riscure has weathered the pandemic with remote lab technology, and why the company believes cryptography is at the heart of all things content protection.

MESA: What was the impetus for Riscure, how did the company first come on the scene?

Witteman: Founded in 2001, Riscure started as a security evaluation lab with a main focus on the financial industry. Later, the evaluation services expanded to the pay TV industry, following up with the development of the first Riscure security test equipment in 2005.

The expansion of Riscure continued to new markets, industries, and countries. This led to the opening of Riscure North America in San Francisco in 2011 and Riscure China in 2017.

After more than 20 years of existence, Riscure became an internationally leading security laboratory in security evaluation of software, chip technology, and embedded/connected devices, as well as the supplier of hardware and software security testing tools.

MESA: Riscure’s roots are based in cryptography. How does that inform the company’s services, and in what ways does it make Riscure stand out vs. competitors?

Witteman: Cryptography is at the heart of content protection. With our expertise and 20 years of experience, we have learned to identify and evaluate threats. Perfect security is impossible, but fortunately also not needed. You just need to make sure that the cost of an attack is higher than an attacker is willing to spend.

With our insights, we have helped our customers to recognize their strengths/weaknesses and mitigate their risk. This way, our customers were able to build more secure solutions at an affordable cost.

MESA: What are the biggest security needs Riscure sees among media companies today, and how does Riscure help them go about confronting them?

Witteman: Many media companies have difficulties understanding the severity of security threats and incidents. Typically, each breach is blown up to epic proportions, and these companies are unable to evaluate the urgency of the threats and the priority of solutions. Sometimes, they even start ignoring threats, as they become numb to all the loud noise.

We help them throughout their development process, all the way from awareness training up to certification, by systematically analyzing threats and offering options to address these.

MESA: What are some of Riscure’s favorite use-case examples (that you can share), where clients made especially good use of your services?

Witteman: While we deliver strong results in certification, we add even more value earlier in the development cycle. Many customers that have worked with us for a long time have started to take our developer solutions, where we help them discover and fix vulnerabilities while they still have time.

In this way, we have prevented expensive delays or updates for their products.

MESA: How has the pandemic impacted Riscure’s business, in what ways has the company adjusted its services?

Witteman: Like everyone else, we learned to work from home. Having three offices around the world, we had the advantage of strong digitization and remote collaboration already, but the support tools for this have become so much better now! During the first year of the pandemic, we developed ‘remote lab setups.’ This technology allows our analysts to use a setup in our lab and run days of analysis work over a secure remote connection.

Fortunately, our customers were very understanding and allowed us to do remote work.

Obviously, we supported this with strong policies and technology to maintain customer security requirements.

MESA: What’s next for Riscure, what advances or added services can we expect from the company on the horizon?

Witteman: With the advent of IoT, we see a steeply increased need for security. Think about your cellphone, 15 years ago, you did not care about its security.

Nowadays, you cannot imagine a life without mobile security! The need for security grows much faster than we can grow in personnel.

Therefore, we need to become more scalable. That is, to help much more customers with modest growth in people. We are working hard on more scalable solutions that package our security insights and can be easily applied by our customers.

For example, we are constantly working on advancing our online security training in Riscure Academy as well as improving our next-generation security testing tools to support security assessment at all product-life stages.