Show HN: AI-backed App security for deterministic incident detection/analysis

4 points

2 years ago

After the acquisition of the last security startup, I got kinda sick of selling Zero Trust when what we can deliver is so far from that ideal of ‘least privilege’ security. So over the last couple years I wrote a new kind of Web/API security tool that detects breaches and other incidents deterministically so true positive alerts outweigh false positives by orders of magnitude.

Combined with AI analysis of the data it collects, it can act as an application-wide incident debugger for security teams. One Security Engineering Mgr. who saw it said:

“Caber can build the call graphs for a given user so that a security investigator can easily see the sequence of events leading up to the authorization failure. It is certainly worth exploring.”

I’ve been bootstrapping this effort but now that the demo is live, I’m looking forward to hearing what you all here think.

Note: Because it’s designed to install into a customer’s AWS application environment, automated deployment/removal is part of the demo. You’ll need to approve an IAM role for the product to demo it. That means I have to ask you to create an account so it can store that credential securely. I suggest creating a test account to run it. Compute costs should be no more than $2 for an hour.

If you’d like to see it in action, a demo video is at https://vimeo.com/923537694

Demo is at https://caber.com (click ‘Try Demo’ at the top of the page)

— Rob https://github.com/caborabo