GEDI Exchange

Member profile: CoGuard


CoGuard logo

CoGuard is a Static Analysis tool for IT/Cloud Infrastructures that provides pre-deployment checks of all your operating system, network, and application software configurations and their dependencies. IT organizations wanting to build true defence-in-depth make CoGuard part of their IT infrastructure and application development and deployment workflow.

In a short pitch, how would you describe CoGuard's offerings (products and services)? What makes it innovative? What industry sectors and/or customers are you focused on?

CoGuard is the first-of-its-kind static analysis tool for IT infrastructure configurations, including for application deployment, and it may be used on the cloud or on premise. Have you ever wondered why it’s 2022 and small misconfigurations can still make the headlines for big and small companies alike with expensive breaches and significant downtime? This requires a change in thinking: Infrastructure needs to be expressed as code from the network, firewall and compute instances definition all the way down to the application configuration layer. Similar to the code produced in application development, in this case, it should also be versioned and pre-deployment tested. In code, we can catch those human errors with static code analyzers. In infrastructure, we now have CoGuard to catch them in the infrastructure set-up, namely pre-deployment.

Providing more detail, what is the value proposition of CoGuard's offerings? Examples could include the underlying technology, new capabilities, cost reduction, risk reduction, improved performance, new business model, etc.

CoGuard’s experience with customers is that automating the scanning of infrastructure-as-code is very valuable: we have yet to get access to the configurations of an infrastructure and not find anything to report. The value that our customers get from our offering is risk reduction for their IT infrastructure by scanning configurations at every layer and taking a white-box approach instead of the currently most common managed detection of unwanted activity and after-the-fact response. We have seen companies with a great set of tools implemented, but configured poorly, which leaves open doors for attackers. With our offerings, IT departments can test their configurations using our infrastructure modeling before deployment to ensure no downtime occurs when those changes are deployed for real.

 What is CoGuard's biggest achievement/success story to date?

We have many examples, but this one is typical: our tool found a breach path at a company in one afternoon which consultants that were hired before us could not find after a week.

What does the future hold for CoGuard?

We are expanding the capabilities of our tool. The long-term goal is to become the one-stop shop for infrastructure configuration management. Our vision is to see the IT department adapt tools common to application developers, but in an infrastructure-as-code setting. Developers, as a result, would become much more satisfied with their jobs, as they are able to do their work with confidence that most of their human errors are found. With CoGuard’s tools we can reduce risk to companies, accelerate the deployment of new IT capabilities, while at the same time make the jobs of IT people more enjoyable.

What is CoGuard's connection to the University of Waterloo?

Both founders are UWaterloo alumni.

Why did you decide to join the GEDI Exchange? What are you looking for? What do you want get out of it?

As with every startup, the more our message gets out there and the more people know about us, the more leads we can generate. At the very least we expect more visibility. Furthermore, it is a great opportunity to have an exchange with other companies in different spaces and see potential for collaboration.

Hand poking cloud