Cybersecurity professionals, such as penetration testers or bug hunters, often face a major challenge: they must spend a lot of time finding tools to combat advanced cyber threats. This slows down the process of assessing and responding to these threats, hindering their ability to respond quickly to new risks.
How to resolve such an obstacle? Enter the Serbian startup Trickest and its platform for workflow automation and orchestration tool for bug hunters, penetration testers and enterprise security teams.
Based in 2020, the company’s platform aspires to democratize access to advanced cybersecurity tools aimed at a broader audience, including academics, security researchers, educators, and bug bounty hunters.
In 2021, Trickest raised a A €1.4 million funding round supported by investors such as Credo Ventures and the Earlybird Digital East fund, as well as angel investors including Daniel Dines and Marius Tirca of UiPath. An additional round earlier this year saw Credo and Earlybird invest again, with participation from Underline Ventures and angel investor Vlad Ionescu, bringing the company’s total funding to $3 million.
Its two founders, Nenad Zaric and Mihailo Tomic, have years of experience in the sector. Zaric himself is a hacker and security professional who held top ranks for companies like Uber, Paypal, and Snapchat on the bug bounty platform HackerOne. The company’s headquarters and core team are located in Belgrade, where they have been developing their platform for a few years.
Focusing on future cybersecurity tendencies such as AI-based security mechanisms and automation, the Serbian company is now looking to revamp the cybersecurity landscape by introducing new approaches.
“The traditional offensive security engineering methodology is over 30 years old and consists of junior tool installations and updates, infrastructure configurations, and, as most of the community calls it, automation scripts complicated. With everything happening in the “Terminal CLI (command line interface), this approach is similar to that of a few decades ago,” says Nenad Zaric, co-founder and CEO of Trickest.
This is what the latest community edition of the Trickest platform aims to change, by allowing individuals to focus more on the productive and creative aspects of security without having to manage complex security solutions and infrastructure.
“The cybersecurity field faces a significant challenge with millions of unfilled jobs. To address this issue, we are seeing a trend where professionals are increasingly doing the work of two or more people. This approach puts immense pressure on individuals in the cybersecurity field. As a solution, it is crucial to develop effective tools to help manage these challenges, continue to evolve and ensure global security,” Zaric emphasizes.
For cybersecurity professionals like Milan Popov, a cybersecurity engineer based in Skopje, such solutions and tools can indeed make life easier for those working in the sector.
“VSAs a result, security engineers would be more aware of exposure to potential risk points, threat intelligence would be more effective and could be used across internal SOC (Security Operations Center) teams. Bounty hunters and pen testers can respond more quickly and efficiently to certain vulnerabilities, and achieve the most easily solved goals much faster if the process is automated,” Popov tells The Recursive.
Additionally, Trickest’ Community Edition users can connect their own self-hosted machines, also allowing workflows to run on private infrastructure.
Personalized solutions as a future trend in cybersecurity
According to Zaric, one of the biggest threats today isattacks against digital infrastructures, which are becoming more and more sophisticated and specific by precisely targeting companies and their infrastructures.
“Like living organisms, these infrastructures are specific to each entity, and we cannot rely on generic means to protect them,” he explains, adding that it is increasingly common for companies opt for personalized solutions.
“An example of such a use case is a company with a few hundred companies under its umbrella where traditional products still perform the same analyzes and discovery techniques need to help understand the full context of the business. targeted infrastructure. That’s why they were looking for a custom solution to find their assets, services, web applications, technologies, etc., and scan them for vulnerabilities before bad actors do,” Zaric tells The Recursive.
Another trend is that the offensive approach to security is growing rapidly, both among ethical hackers and malicious actors, leading to greater recognition that cybersecurity involves much more than just executing attacks. analyzes or compliance with compliance requirements.
“Over a decade ago, I received offensive security advice that still holds true today: “Think evil and do good.” The methods used today for offensive security are much more varied than in the past, but the main challenge remains the same and will likely continue for as long as humans exist. We need to think like bad actors to be able to secure our world,” says Zaric.
Regarding AI and how it changes the world cyber security gaming, while it improves flexibility, performance and overall user experience, it is also crucial to recognize that the technology has its vulnerabilities, just like any other feature.
These vulnerabilities can pose significant risks to businesses using AI, including issues such as rapid injections, insecure results management, disclosure of sensitive information, and model theft, he points out.
“With AI at work, new types of vulnerabilities and breaches will occur in large enterprises, where this problem will become increasingly complex as employees incorporate classified and confidential data into reporting models. AI, which could become the new emerging target in the security sector. », concludes Zaric.