ShadowTrackr is a cybersecurity company focused on attack surface management. Our software is designed to automatically track your systems, scan for security problems, and send you alerts when things go bad. We aim to track everything you have connected to the internet, because, well, that’s where most attackers are. That also means we don’t offer scans or monitoring for your internal systems. If you need that, you should look into an EDR.
ShadowTrackr runs in the cloud, is easy to use and does not require any installation. Also, we play well with others and have options to integrate with your existing systems.
That’d be me, Bas van Schaik. I’ve been working in cybersecurity and intelligence for about 20 years now. During this time I developed tools, been in the incident response trenches, and got to go to some interesting courses and conferences. I even scored some of those SANS coins. Since Americans have trouble with Dutch surnames you’ll have to look me up under the v instead of the S though.
My first programming adventures started in elementary school and I loved it ever since. Things went well and after some other distractions I ended up studying Computer Science at the University of Oxford. It's a magical place and one of the most rewarding things I’ve ever done.
I really enjoy both cybersecurity and software development, and ShadowTrackr is where I get to combine them.
I always had trouble finding good data on the security problems that I really need to worry about. There’s so much going on these days that it’s easy to get lost in chasing false positives, managing compliance or listening to the endless proposals of slick cybersecurity marketeers. Most security seems to be oriented towards satisficing the auditors or enabling the management to say they bought X and really, honestly did the best they could have done.
No evil hacker will care about what management or auditors think. And no client will be convinced by your shiny audit report when your website is blacklisted or your servers start spamming them. The security problems that become visible online and how you handle these are what matters. I want to be the first to know when servers are blacklisted, when security on an internet facing machine is downgraded or when internal company data or private employee data is dumped somewhere on a copy-paste site. I want to know what a hacker sees when he looks at my infrastructure from the outside. Since this was not readily available, I rolled my own.
ShadowTrackr started as a business on the way home from the (excellent!) T2 conference in 2016.