About CBIS Labs


 

The Independent Consultant

CBIS Labs (formerly known as Clearbridge InfoSec) is also an independent information security consultancy and test lab based in Singapore that specialises in niche high-value consultancy services, one-stop information security testing services as well as customised information security training for clients.


Regional Partner of Veracode to provide Application Security services

CBIS Labs has been a regional partner of Veracode since 2011. Veracode is an application security company based in Burlington, Massachusetts. Veracode provides an automated cloud-based service for securing web, mobile and third-party enterprise applications. CBIS Labs partners Veracode to provide a complete suite of services which includes static analysis, dynamic analysis, mobile application behavioral analysis, software composition analysis and consultancy on enhancing applications' security and assurance.


Software Security Training

Together with Veracode, CBIS also assist companies to train their in-house software engineers to protect their organisations against data breach through cloud-based training. Veracode's course-based eLearning empowers software developers, testers and security leads to develop secure applications from inception to deployment. With this, Organisations can quickly onboard all employees, including geographically diverse development teams, with the security knowledge needed to prevent a potential breach and meet compliance requirements.


Bridge Security Gaps

In CBIS Labs, we believe that “perfect security” exists only in paper designs. All products and information security system designs take place under a set of assumptions and contexts which heavily influence the security properties of the products or systems. However, each client’s deployment scenario and use case is unique and may differ from the original set of design assumptions. This results in a mismatch between the product’s security properties and the actual deployment threats. This mismatch is a security gap that can be exploited and seriously affect client’s business.


Client Oriented Approach

We aim to help our clients bridge this security gap in clear and effective way. Firstly, we seek to listen and understand our clients’ deployment scenarios. Our team of highly skilled, multi-disciplinary and experienced consultants will then optimise our clients’ security investment by identifying and proposing customised and effective mitigation measures to bridge the security gap, matching the clients’ security needs.

Our mission is to help clients to make informed decisions through a transparent approach to security assessment, tailored to meet each client's unique deployment environment.

We also believe in building trust and long-term relationships with our clients. Privacy of our clients’ information is of utmost importance to us. To constantly deliver the best value added services to our clients, we continuously keep abreast of latest information security vulnerabilities and threats, translating the knowledge acquired into high value services to help our clients in bridging identified security gaps.

 

The Experienced Team

CBIS Labs is founded by a group of experienced and multi-disciplinary security professionals. We are the people who understand important fundamental principles such as “testing of security features is different from security testing”. Having extensive experience working on systems and deployments with virtually zero tolerance for security gaps, we are able to serve the needs of niche markets such as military, homeland security, government as well as commercial clients with critical and high fidelity systems.


The Security Philosophy

We believe strongly in a signature phrase of the late ex-US President Ronald Reagan: “Trust but Verify”. This is true in today’s context where applications, products and software are increasingly complex and well-connected.  The increased complexity coupled with each client’s own unique deployment scenario and tolerance to risks makes verification of software, applications and products behaviour under normal and adversarial situations critical.