Tell us, what is the story behind iViz Security and how did it all begin?
We started by building a product that simulates a human hacker by different ways by which a system can be compromised. We went to an organisation to do testing where we were able to hack into their network. The next logical step for us was to identify all the attack points. Then we realised, for a hacker, he needs only one loophole to hack as compared to an organisation, where they need secure their entire network.
At that time, there was no technology available to address this issue. We, then, thought could we build a product to bridge this gap? We thought of using artificial intelligence to find out the attack points such as the attack plans, multi-level attack areas, and so on and so forth.
So, once we tried to address this problem, we found that this was technically a challenging one. Then, we figured out certain ways by using algorithms and approximations, we could solve this problem. Once cracked it, we received many awards.
How have you positioned iViz Security?
Think about a travel industry ten years back where let us say, you needed a ticket from Bangalore to Boston. You would have normally go to a travel agent and tell him the days and routes. Finally, after a few days and iterations, you would get your tickets. That was the experience those days. But now, you go to Expedia or any other travel website and give a search and you are able to get all the details such routes, flights, rates, etc. instantaneously.
So ethical hacking was something like travel planning ten years back. Moreover, our dream was to do what Expedia did. That was the goal. We understood that service is what companies want and we thought could we take this product online and offer it as a service?
We then decided to deliver it as a service — as SaaS — rather than a product. When we began, we really didn’t know that this kind of service was called SaaS but we thought that customers would need this kind of service and hence we could offer it in this form. So we realised that Saas is good, SaaS is hot and we positioned our company as a SaaS company. We then realised that we were the first company to offer penetration testing in the cloud. There was no one offering this kind of service at that point of time. So that is how cloud based testing or penetration for applications and networks was started.
Soon thereafter, we started getting a lot of orders and also the funding from IDG Ventures and things started rolling. We right now more than 250 customers, offices in London, Boston and Bangalore. We also have a sizeable presence in five continents, more that 30 global partners.
How did you go about using this technology and how has it benefited your clients?
Using this technology, iViZ provided On-Demand Penetration Testing for proactive security audit risk management and compliance for standards such as SOX, PCI, HIPAA or ISO 27001. The Software-as-a-Service model has helped the company provide anytime, anywhere and anyhow security testing capability to customers and eliminates the pain associated with the conventional manual security testing which is time-intensive, expensive and not comprehensive.
This analysis is carried out from the position of a potential hacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found are presented to the system owner together with an assessment of their impact and a proposed solution.
What is the next logical step and what’s your goal?
Our dream is to change the way of how penetration testing is done. But why do we need change it if everything is fine? If you see in today’s world, if you want to do good quality testing on all the online systems, we are no where near to the number of people required to do the testing. It is just not possible to check all the websites, networks, and IT systems on a regular basis for high quality penetration testing and not for vulnerability testing. The world does not have enough number of people and the industry does not have the required capabilities. But then, the companies need that high level of testing.
Earlier, car manufacturing was an expensive affair until Ford’s T-Model came along. Ford changed the way we travel by introducing their successful T-Model with their new assembly lines, cutting on the cost of production, large volumes of cars could be manufactured at one tenth of the cost and of good quality. And this led to an increase in the salaries of the workers. Similarly, the pen industry too underwent a similar revolution. Suppose if the same person were to do all that, it would lead to low quality, poor workmanship product.
Therefore, we see there is a way to change penetration testing. So one is that there is a need for that and secondly there is scope for that. That is the reason why we need to change the penetration testing. Only automation will no solve this problem and will not be great quality. We believe a combination of automation and workflow automation and consultant grid penetration testing quality with on-demand experience is the way forward.
Today, the conventional war is changing. Nowadays everything is controlled by computers. You can deactivate all kinds of electronics networks. Today, intelligence agencies work on intelligent systems and networks. Cyber warfare has gone into a different level. Therefore, companies and countries need to build that kind of capabilities. In addition, many a times, building that kind of capability means building deterrence capability whereby they can detect and mitigate such risks. So now, the battle engulfs not only the army, navy and air force but also the cyberwar.
iViz Security was selected by Nasscom as one of the Top 4 emerging product companies in August 2007 and was also nominated by the World Economic Forum for Technology Pioneers Challenge in 2008. It also bagged awards such as Red Herring 100 Asia Winner, TiEger Award: Entrepreneur of the Year and short listed in the world’s Top 8 contenders by Intel-UC Berkeley Technology Entrepreneurship Challenge 2006.
