Cyber-security startup founder shares tips and insights to defend your business from hackers (podcast episode)

In today’s episode of the Brains Byte Back podcast, we speak with Venkatesh Sundar, Founder & CMO at Indusface, a company offering web app security, WAF and SSL Certificates to keep businesses safe.

In the conversation, Sundar shares tips to help listeners defend their businesses from hackers. He starts off by stressing the importance of ensuring that all software and systems are kept up to date with the latest security patches and updates. Doing this can help to shut down any known vulnerabilities that hackers may look to exploit.

Additionally, he underlines that it’s important to make use of strong access controls and authentication measures to allow only trusted users access to sensitive data or systems. This consists of measures such as two-factor authentication, strong password policies, and limiting access to only those who require it.

Sundar adds that regular security assessments and penetration testing can be effective when it comes to identifying vulnerabilities before hackers can take advantage of them. This can entail simulating real-world attacks and attempting to exploit weaknesses in the system, to find potential areas where improvement is necessary.

Alongside the above, Sundar highlights specific tactics that listeners can use to defend against ransomware attacks, such as ensuring that data backups are regularly performed and stored securely. This can help to reduce the impact of a ransomware attack by allowing businesses to restore their systems and data from a previous backup.

And finally, Sundar covers why it is important to teach those within your organization about the danger of phishing attacks and other social engineering tactics that hackers frequently use to gain access to sensitive data or systems. 

He encourages business owners to provide regular security awareness training to make sure that employees are more knowledgeable and fully aware of the latest threats and how to avoid falling victim to them.

You can listen to the episode below, or on Spotify, Anchor, Apple Podcasts, Breaker, Google Podcasts, Stitcher, Overcast, Listen Notes, PodBean, and Radio Public.

Alternatively, you can find a transcript below:

Venkatesh Sundar: Okay. So, I am Venkatesh Sundar, the founder of Indusface. I was the founding CTO who wrote the first line of code and built the minimum viable product, which gave us the right to win and get the first set of customers. I was the first presales engineer in the deployment of the first few set of customers.

Venkatesh Sundar:  As we evolved and the product market fit was established and we had large enterprises, banks, insurance, manufacturing, and large manufacturing, adopt our product and use it for securing their Web API, and mobile apps. And as we scale, I was able to get better people than me to solve the scale problem and take on a marketing, digital marketing role to build, what we have built with our success closer to our home base in Asia. And India, I took on a marketing role to see how I bring the message out to the international market. So an accidental marketer from a technologist and then that problem again the day zero problem of marketing to get international customers were solved.

Venkatesh Sundar:  And we are at a point where we have 100 plus customers in the US, we have 5,000 plus customers globally, including the freemium versions 1500 plus customers, using the freemium version. But the paying customers, large enterprises, a big market segment in the US, is also 100 plus and building on that. I’m now taking the third day zero problem to build on the enterprise US business as a president of America’s, so now in the process of moving from here to the US Right now, I travel quite a bit but yeah, replicate our enterprise success here. Build on the mid-market success that we acquired digitally from internationally and now focusing on the US market to build the pre-sales sales business development, customer success in the US Enterprise Market. So that’s my long answer. I can keep talking about this but yeah, we have established product market fit at every stage proven, the product at every market, and then building on scale, on top of it. And in a nutshell, I Think I would define myself as solving the day zero problem. I mean, startup by different day zero but you break it down into many d0 problems. As we scale up. Then the day zero problem, I’ve tried to find somebody better than me to scale it up and then I try to move on to do something else.

Samuel Brake Guia: Fantastic. Well, congratulations on all this growth. You’ve seen and I was really curious about how the company started and you gave quite a good summary there. But I’d like to know how did you come up with the name Indusface, what’s the story behind that?

Venkatesh Sundar: Yeah the story is more related to a roots. We’ll I mean I’m obviously living in India and my origins in India and India has gone through different transformations, different stages, especially in technology, India ended up becoming the go-to place for services, outsourcing software development, those kinds of stuff, but the product innovation from India was still lacking when we started this. So, I think it is more an emotional type to route. We wanted to be the face of India. And India’s roots are in India’s civilization. For a product made in India, that goes internationally, right? And in this day and age of global globalization, they have a right product, anybody in the world anywhere can buy it, but we want to have the footprint of the roots and the founders.

Venkatesh Sundar:  Also, tied to our team. So Indus civilization represents the ancient civilization, which had phenomenal, innovation progress, two thousand of years back. We want to do that now in the New Age, era of information technology, In cyber security, which is where, which is my domain, and that’s about it, so nothing, very exciting. But yeah, that’s probably more an emotional founder’s emotion attached to it.

Samuel Brake Guia: I’d say that’s very exciting, that’s cool. I did not know that. I’m always so curious to know what the story is behind a company’s name because I always find it so important. And that you usually find actually that’s quite an interesting story. And I like the fact that this is a fusion of different words. So, that is really cool. And you mentioned there about cybersecurity and last year, you folks publish an article, to keep your business prepared for It hacking season and obviously as you mentioned in the article 89% of organizations, reportedly experience holiday ransomware attacks. But as we know these attacks can happen at any time of year. So what advice do you have for listeners to best defend their businesses from hackers?

Venkatesh Sundar:  So I mean ransomware is not an attack. Ransomware is an outcome of an attack where somebody’s data is held for ransom, and during holiday seasons, people are most vulnerable, they are looking for shopping and users are looking for deals. Businesses are trying to come out with new promotions and speeds of more importance to get those promotions in their applications out. And in that process, there might be many vulnerabilities, that leaves them open, which is what gives an open playground for hackers. So it happens during holiday season.

Venkatesh Sundar:  It’s an automatic function of speed for the businesses to roll out their promotions exploit, make use of the holiday seasons, and for consumers who are looking for deals combination of all those things leaves open many vulnerabilities. So my advice to people especially businesses because we are in the business of protecting applications for businesses because applications are central to the way they interact with their consumers employees partners and everybody, right? So we protect applications. so we tell that makes security and integral part of your software development life cycles and all the way into production. So that at least your application does not become the segway through which your customers, your consumers on your data at risk. So, do not compromise speed, but make security an integral part without compromising speed and, that cannot be done unless and until you accept that this is my domain, this is my area of expertise in terms of what we do, it can be a CRM application. It can be a D to see. E-commerce application. It can be a cab riding platform, whatever it is right at the end of it. Central to any of those businesses interacting with their consumers and application. And businesses have to focus on the security of their application because that is the heartbeat of any digitization initiatives. And speed of business is now imperative for anybody to stay relevant.

Venkatesh Sundar: It’s not about how big you are, but how fast you adapt to the changing needs of consumers, trends and everything, is how every business operates to stay relevant. And with speed comes risk, and the need for speed is even further higher during the holiday season, especially for certain types of businesses, which have different promotions. And hence, you see a correlation between a higher amount of attacks and public reports during holiday seasons for ransomware. Because it’s not my chance or correlate or coincidence, right? There is a very strong cause and effect there because of speed people end up having more vulnerabilities that are, can be exploited and hackers are waiting to exploit those vulnerabilities and during holiday seasons. The customers might be even more vulnerable to succumb to ransomware attacks as opposed to. Even though they’re ethical call and reasons, might be never to succumb to it, and not pay a single buck. Even if it is going to cost me less even it’s going to or even, it’s going to cost me more for the downtime it creates, but that ethical reason goes for a toss when they are when their businesses shut down. And even further, so during holiday seasons So my advice, which is the question you asked is to consumers, do not click on any random links or do not click on links. That you do not know, do not share your OTP to unknown people, and make sure that the endpoint that we have which are interacting is trusted. It is encrypted

Venkatesh Sundar:  Have an eye for detail that is only through consumer education, education and awareness that can address that, but to businesses, which becomes a segue through which because you consumers interact with them, they had to make sure that their own application that their own services that they provide lives up to the trust, the consumers and the businesses and other people place on them and to live up to the trust. They had to make sure they proactively, take effect effort to mitigate those risks. And if it proactively take those effort and mitigate those risks, it can also deal with when those attacks happen, much better. And it also wins consumer confidence because most of the breaches, the problem of erosion of consumer confidence is not because of the attack or the downtime itself, but because of the lack of transparency that businesses have in communicating, clearly what is that happen. Those transparency doesn’t exist, but if they show that clear,

Venkatesh Sundar: These are the things we have in place in spite of this happen. But we learn from this, and we are improving it, and This is the impact and these are on the workarounds then. Actually those situations turns around to build the trust further. So, the long answer again is to businesses, pay important attention to applications security, and do not compromise on application security practices in the, in favor of speed, make it an integral part and do not compromise on speed, but make it integral part of How do I keep the agile development going on with speed as an integral. With security is an integral part of that.

Samuel Brake Guia:  You got some pretty solid advice and what you mentioned about transparency and being clear. I think that’s what’s so important and I also I’m very curious to know like Oh there are other companies operating in this space and if so like how do you differentiate yourself from the competition?

Venkatesh Sundar: Yeah, I think it goes back to the story. You asked the first question, How did you start in space? I mean, right from day zero and this was like when we went to the I mean again, if you look at the history, the first product that we build in in this phase was basically a risk detection product, a malware detection product. and once we got a critical mass of customers and some traction from it, it got acquired by trend micro, right? And it was a set purchase. We’ve got acquired by Trend Micro with a little bit of money that we made from that and we went back to the drawing board and said that we want to start something else and obviously my domain expertise was on security application, security specifically. And it was a crowded market. We were not the only vendors. We are not creating a new category, but in an existing category, how do I create a blue ocean? How do I create a differentiation especially when there are many players and there has to be a compelling enough aha for in terms of value to the customer. Even if we are a new startup coming up, the version one product, right?

Venkatesh Sundar:  And that differentiation that we identify 10 years back that even though we are building a software product even though we are building a tool that is trying to solve a specific problem in this case protecting applications and establishing the intent of the traffic and the user that is coming into the transaction. Is it? Good or bad? Other players are doing it.

Venkatesh Sundar:  But there is a set of policies that we had to build, but the key differentiator was We just don’t throw it all in and walk away. We combine management of it updates of it, making sure that your applications are protected from new threats. Your applications are protected relevant to your current application risks, like a holiday season example, that you mentioned that you are rolling out this feature, but there is this vulnerability that exists because of speed and they’re not going to the proper QA, do not worry about it, let that vulnerability exist, but we as a gateway, that instantly virtually patch it as a part of the managed services. So it’s a tool that we combined with managed services offering As part of my 24 by 7 support license, became that one singular Aha factor that we provided to the customers, and guess what? 10 years later since the drawing board situation when it was just PPT vision mission statement and differentiation and everything. The same differentiation holds good today. And imitation is the best form of compliment. Some of the biggest players in the competition, who are our competitors are actually copying the same capability. Now, So we have the first advantage. We have the critical mass but the fact that they are copying the same value feature differentiation that we have is actually some kind of pride for me as an individual and also the company because yeah we have done something right? And we have to follow the report game and innovate further so management. Combined with the application, security, and within application security. If you really lay down the landscape, that is this detection of the application which requires specialized skills.

Venkatesh Sundar:  That is accurate surgically, accurate risk protection? Specific to the risk of your application, that requires a specialized grid skill, which is a web application firewall. And there is detection, typically security, scanning pen testing. And there is continuous risk monitoring, which is not just configure and walk away. There are new threats, your application itself is changing, it is integrating with third-party components. New APIs are being added.

Venkatesh Sundar: All of these three together under one umbrella with the 24 by 7 support management, to you becoming a single SOAP application security, vendor rent management will just don’t throw a tool and walk away becomes a most compelling differentiator and then the delivery of it to the customer and references and everything then helps to sustain it. So, in terms of capability piecing together, all the aspects of the application security, and providing our expertise, on top of the product, became our, a hard differentiation, which was my minimum viable product launch based on which you want it and it continues to remain a key differentiation today based on our ability to build on the first more advantage and process integration, a lot of other things and now our competition and the industry itself and even analysts are telling that OEM vendors have to up their game. In terms of the services component, they provide as part of support, you cannot just be incident management. It has to be this, which further validates our original vision, and our differentiation as well.

Samuel Brake Guia: Mm-hmm. Yeah, I think what you said definitely makes sense to me, the fact that imitation really is the greatest compliment and I can understand how you have such a competitive offering when you offer all of that and it does sound like you’re working on a lot at the moment and I’d love to know. Like what’s next on the horizon? 

Venkatesh Sundar:  Yeah, so if we look at how the application has evolved, right? I mean there’s Web 1.2.or, people are talking about 3.0 The fundamentals of communications and applications and providing some service doesn’t change. But what has changed? is like if you look at Internet traffic today, The user to website, related conversations is a small, it’s certainly a big part, but it comparatively, it’s the Internet traffic. The bigger part of Internet traffic is going to be at communication more than human to app communication. Device to App, Communication App to add communication. An example, you go to your website or a golden app, you go ahead and engage in a transaction. You want to buy something or you want to download a document or upload a document. Then finally, there are other pieces like a payment gateway. That’s a third-party component that those applications integrates with.

Venkatesh Sundar:  And that payment Gateway is an API call between the application and communicating with and some other application that application is communicating it for providing the service to the consumers, right? So the app-to-app communication is going to be such an integral part of the app economy evolution that API security has become a big pain point. APA Security paradoxical is easier to solve from a technical standpoint, but from an operational standpoint, people are talking about Shadow API. People are talking about How do I discover those unknown APIs. How do I make sure I have a surgically accurate policy for my API definition, which really requires a swagger file, or some sort of documentation, which people don’t have because, you know how developers and documentation work together, right? So, those are big challenges and we try to address those challenges and APA security is a big thing. The second big team is ransomware, then, the power for a hacker to bring down a system is becoming cheaper and cheaper. Independent of vulnerabilities and risks and waiting for a targeted attack. They can just do a blind DDoS attack.

Samuel Brake Guia: Fantastic. well, we’re gonna include a link to your website in the show notes of this episode but otherwise Venky, those are my questions today and I just want to say thank you so much for joining me.

Venkatesh Sundar: Fantastic. It has been a pleasure. Thank a lot.