Group 31Group 31Group 27Group 31Slice 1Group 31

Commercial Services

Selection Pressure has created the Ion Channel as a software as service (SaaS) platform that allows organizations to risk-manage their software supply-chain end-to-end, from provenance thru continuous development and integration. Ion Channel organizes the chaos of software delivery and sustainment by simplifying software ingest and updates and rationalizing policies for risk management.

Ion Channel consists of a data platform and software-as-a-service architecture. The data platform continuously watches for changes in open source software (OSS) code and the ecosystems that maintain it: new vulnerabilities and severity-escalations of existing vulnerabilities, but also the frequency and tempo of fixes and the size and composition of developer communities – the resilience of the supply chain for any given application and component. Ion’s SaaS continuously delivers validated software and artifacts with situational awareness of nested dependencies (i.e. hidden vulnerabilities and break points that go beyond malware). With an automated, policy-aware pipeline for ingress, CIOs and CISOs can adapt to the speed of change in modern software with better risk management, smaller backlogs and more effective use of overtasked technical personnel.

Technical and organizational benefits include:

  • Deeper situational awareness about code, sources and dependencies
    • Continuous mapping and monitoring of transitive dependencies
    • Monitoring and analysis of supply-chain ecosystems
  • Deployment-ready intel and version updates “at the loading dock” 24/7
  • Granular and continuous ‘body of evidence’ trails for decision support, historical analysis, audit, and reproducibility
  • Integrates into and supplements existing continuous integration & delivery infrastructures

Software Supply Chain Intelligence

Ion Channel continuously ingests large amounts of data to map the ecosystems that build and maintain software: who, when, how, why, types of source code, software languages, when was it modified and dynamics in the developer community. Analytics on these data sources enable a deeper understanding of current and future software risks and how to mitigate those risks. A deep contextual understanding of source code ecosystems allows organizations to identify risks that don’t reside in code but are present in the complex systems that spawn and evolve code.

Software ecosystems don’t have to contain Bad Actors to be risky. The maintenance cadre can be small, sparse, unmotivated, non-responsive. Software ecosystems can be immature – or senescent because core committers have moved on to other projects. Once-robust supply chains can become brittle and frail and therefore ripe for exploits because the software itself has become highly disseminated but there’s no-one minding the store. Malware designers may move into a software supply chain precisely because it is hollowed-out. Conversely, weak supply chains can be shored up, whether by volunteers or institutions (corporate, government or academic) that deem the effort worthy of investment.

World class manufacturers have deep visibility into their supply chains. They understand raw materials, labor practices, distribution mechanisms and political risks upstream of their factories. Ion Channel does the same for software. Deep and automated insight into the strengths and ecosystem vulnerabilities of open source development communities gives clients wider-aperture view of risks in their software inventory and roadmap, as well as a better understanding of how to mitigate or offset those risks. The ability to do this at speed and scale differentiates Ion Channel’s data platform and SaaS from the retrospective analysis of cyber forensics. Dynamic awareness of the software supply chain allows CIOs and CISOs to proactively improve the robustness and resilience of their enterprise.

Ion Channel: SaaS Micro-Services

  • Ion:SaaS is a Software as a Service (SaaS) capability enables monitoring of a software portfolio mapped against published software vulnerability data, proof of virus scanning. For open source software, evidence includes
    provenance and ecosystem risk analysis. Software data is delivered within the Software Evidence Archive (SEVA).
  • Ion:SaaS can be accessed three ways: via web URL GUI dashboard (e.g. http://console.ionchannel.io/), API (application programming interface), and command line utility. Each method of access enables different uses cases.
  • Ion Channel can also have the software + analysis (SEVA) delivered to an AWS S3 bucket or other delivery point at setup.

Ion Channel: Base Level

Ion Channel Enterprise Edition: Base Level (“Base Level”) is a web service supported by Ion Channel and available on the open web to individuals or organizations. Base Level is designed for organizations that require open source software situational awareness and machine-readable data and that are largely self-sufficient with minimal support requirements.

Base Level includes the most-recently available, enhanced, tested, integrated, documented and supported versions of open source vulnerability data essential for DevOps and enterprise wide security that can be accessed via:

  • Web GUI URL (i.e., http://console.ionchannel.io/)
  • API (application programming interface)
  • Command line utility

Provided Support for Base Level:

  • Access via API key and username/password.
  • Platform updates: iterative capability improvements
  • User cap: 10 (most use is machine-to-machine)
  • Multi-tenant Cloud
  • Technical support provided via email with two days max response time
  • One (1) authorized customer contact
  • Software + SEVA delivery

Ion Channel: Enterprise Level

Enterprise Level (“Enterprise Level”) is a web service supported by Ion Channel and available on the open web to individuals or organizations. Enterprise Level is designed for organizations that require open source software situational awareness and machine-readable data and that are largely self-sufficient with minimal support requirements, generally serving a limited number of users or geographic areas.

Enterprise supports customers on the open web via a separate and private subdomain on Ion Channel infrastructure. Support is maintenance and upgrade of software and update of vulnerability database.

Enterprise Level includes the most-recently available, enhanced, tested, integrated, documented and supported versions of open source vulnerability data essential for DevOps and enterprise wide security that can be accessed via:

  • Web GUI URL (i.e., http://console.ionchannel.io)
  • API (application programming interface)
  • Command line utility

Provided Support for Enterprise Level:

  • All features of Base Level
  • User cap: 25
  • Private web sub-domain
  • Two (2) authorized customer contacts
  • Telephone and email technical support with one-day max response time
  • Software + SEVA delivery

Ion Channel: Strategic Level

Strategic Level (“Strategic Level”) is a web service supported in a private on premises cloud by Ion Channel. Strategic Level is designed for organizations that require open source software situational awareness and machine-readable data, generally serving a limited number of users or geographic areas.

Strategic is meant to operate on a closed and internal network for the customer. This offering includes support maintenance and continuous upgrades of Ion Channel software and continuous updates of the vulnerability database.

Strategic Level includes the most-recently available, enhanced, tested, integrated, documented and supported versions of open source vulnerability data essential for DevOps and enterprise wide security that can be accessed via:

  • Enterprise internal corporate web URL
  • API (application programming interface)
  • Command line utility

Provided Support for Strategic Level:

    • All features of Enterprise Level, plus
    • User cap: 50
    • Support for internally Cloud Hosted Ion solution
    • Update of database within 6 hours
    • Support across the airgap for one network instance
    • Three (3) authorized customer contacts
    • Telephone and email technical support with 4-hour critical max response time

Software + SEVA delivery

Ion Channel Commercial SaaS Base Enterprise Strategic
Type SaaS SaaS+ Hybrid
Roadmap Input Emailed Emailed Direct Input
Platform Updates and Improvements Unlimited Unlimited Unlimited
Core Developer Service Hours 40 per month 120 per month TBD
Number of Software Packages Monitored 1500 4000 TBD
Types of Software Monitored OSS, Binaries w/ specified CPEs OSS, Binaries with specified CPEs, Internal OSS, Binaries with specified CPEs, Internal
Point of Delivery Web, AWS:S3 Web, AWS:S3, Other TBD
Software Delivery Timeframes 24 Hours 6 Hours TBD
Private Sub-Domain No Yes Yes + on premise
Maximum Response Time 2 days 1 day 8 hours high severity, 1 day low severity
E-mail Support Yes Yes Yes
Phone Support No Yes Yes
Contact Hours Business Hours Business Hours Business Hours
24 x 7 Support No Additional Fee Additional Fee
Authorized Customer Contacts 1 2 3
Number of Users 10 25 50
Training 1 2 4
Travel No 1 4
Notes Requires customer engagement

 

Base, Enterprise and Strategic tiers are annual subscription licenses.

For pricing information, e-mail
sales@ionchannel.io