Crogl: Delivering Secure AI Solutions for the SOC with Spectra Assure
Crogl delivers a fully autonomous AI solution for security operations centers (SOC). The goal is to revolutionize how security teams investigate threats, solve problems with multiple data sources, and triage alerts without the constraints of pre-defined playbooks. With customers ranging from Fortune 500 companies and government agencies to technology start-ups, the need for solution privacy and security is paramount. To maintain privacy, Crogl’s solution operates in customers’ on-premise and private cloud environments, which also creates a varied set of software security and safety requirements.
Crogl is a compound AI system that leverages multiple AI models, tools, and custom components to enhance versatility and re-usability, compared with using a single model.
Spectra Assure™ delivers the visibility Crogl requires. “We want to build a product that customers can have confidence in, and they know when they deploy it, that it's safe and it's secure,” said Merza. “We looked around at other products, but we really needed something that can cut across the gamut of requirements that we have. We use Spectra Assure so we can get that full picture.”
Manage Risk Across Large Releases
One challenge Crogl faced was assessing the risks associated with different components in a complex software package. “For us, security is not an afterthought. It is part of how we develop, how we code on a minute-to-minute, hour-to-hour basis, and also how we do product release,” said Monzy Merza, co-founder and CEO of Crogl.
Crogl uses Spectra Assure to detect risks invisible to traditional security tools, including malware, tampering, exposed secrets, and suspicious behaviors. Spectra Assure quickly deconstructs software to deliver a comprehensive software bill of materials (SBOM), including proprietary, third-party and open-source libraries, and artifacts added during compilation.
“We believe that technology that is used by the security teams should be better, it should be robust, it should be safe, it should be secure,” said Merza. “The reason why we use Spectra Assure — it's in the name. We want to be sure that what we're releasing to our customers is safe.”
By mapping specific components and artifacts to detect threats and risks, Spectra Assure simplifies prioritization and provides details to enable remediation. It also detects unsafe functions, suspicious files, and malicious behaviors in AI/ML models and scripts.
We use a number of different products for product security, but Spectra Assure is the only one that will actually stop a release if something doesn't pass.
Monzy Merza, Co-Founder and CEO, Crogl
The Final Build Exam
Crogl integrated Spectra Assure with its build and release processes to ensure every release is analyzed and security requirements are met before release. The Spectra Assure SAFE Report identifies malware, tampering, new threats, suspicious behaviors, or indicators of novel software supply chain attacks. After updates are made, the new build is assessed to ensure that remediation efforts have actually resolved issues before the product is released.
Spectra Assure is powered by the world’s largest threat repository, with 40+ billion searchable malware and goodware files and up-to-date intelligence to stay ahead of emerging threats and increasingly advanced malware attacks.
“We know that when we're using Spectra Assure, we're not just running a vulnerability check underneath that vulnerability check. There is a lot of understanding of malware analysis, supply chain problems, and the relatedness of one library to another. We're getting the benefit of that,” said Merza.
