Pankit Desai, co-founder of cyber security startup Sequretek, almost sounds like a nationalist when he says, “India is the only country of its size and complexity which does not have a very strong homegrown cyber security company.” He believes that while dependence on international products is fine in other areas but not in cyber security. And he has a sound reason for it.
“In cyber security, the challenges are aligned to the national security. The issue is very national in nature so an international product will not invest in building something specific to you,” opines Pankit.
He believes that any international product will only address 70%-80% of the baseline requirements that are common across the world. But more importantly, it will have a strong lineage back to its own government. There is a potential of a backdoor that can be used to transfer the sensitive information to the host country. And that’s a worry that all national security establishments have.
To compound the security problem further, it has always been solved in silos. From the perspective of the security landscape, an organisation has to buy some 40-50 different products to actually say that the systems are reasonably secured. Even for a device like a laptop/desktop, there are 9-10 different security products available just to secure it fully. Hence the overall complexity that gets delivered to a customer from a security standpoint is phenomenally high.
These are the complexities Pankit and his co-founder Anand Naik wanted to address when they were evaluating the potential of a security company which understands the domestic market, the challenges and creates an offering that makes sense. The idea was to build a company with a differentiated thinking which addressed all of the above, find a niche and grow from there.
Thus was born Sequretek in 2013. The Mumbai-based startup offers a suite of security solutions for enterprises, namely, Avatar, Kawach, and integrated managed cyber security solutions as well. The solutions claim to provide an all-around protection against threats and vulnerabilities, monitor the customer’s environment on a 24×7 basis for deriving actionable intelligence to assess possible vulnerabilities.
But more than that, what Sequretek does best is simplify security by addressing all concerns together which typically require a host of products.
The Sequretek Lineup: Avatar And Kawach
Pankit reveals that there are two arms to the organisation i.e. a product arm and a services arm. Sequretek’s first product Avatar was rolled out last year in the area of what is called access governance. Explains Pankit, “Just like you have a physical avatar, you have a digital avatar. Any individual in any organisation is provided with a fair amount of technological privileges as simple as having an email id, internet access, folder access, among others. These privileges are linked to the role and the location or sometimes either. This forms your digital avatar.”
Now for a company with a fair number of employees, the complexity of managing these accesses and keeping track of them increases. So the Avatar product leverages everything that an organisation has, sits on top of it, and gives a single control to companies in managing and securing their privileges.
The second product coming out of its stable post-Diwali time is Kawach, which means sheath. Kawach is basically for endpoint security which for an organisation could be a laptop, desktop, kiosk, ATM machine, or mobile phone. Basically, any device which is used for communicating with a central infrastructure.
Thus Kawach will aim to replace at least six to seven security products typically needed to secure the endpoint. It will be a combination of anti-virus, patching product, product to monitor leaking of information with the technology called application whitelisting. Thus Kawach will aim to replace all of these, doing the work of all these products. While its release cycle starts from October, it will continue till March 2018 wherein more and more components will get added to it.
With these products and its integrated-managed cyber security solutions, the startup is targeting any enterprise or hardcore B2B company with over 500 employees. While the startup is sector agnostic, but obviously some sectors are more amenable to its focus because of the risk they perceive on account of a bad privilege being given out. These normally would be the financial sector, IT sector, pharma sector where one has a lot to lose on account of a security problem. Pankit also claims that Sequretek is also one of the few private sector companies to receive data from the Indian government for threat treatment.
He further adds, “When it comes to security you will never know what you saved because the product worked. In cyber security, there are three legs of the stool-people, process, and technology. Unless all three work in tandem, you are at risk. When we work with an organisation, we work on all the aspects. We run security campaigns where we make employees aware of various security risks so that they understand that some of their actions could risk the organisation. We also help companies beef up their processes so that they can strengthen simple base hygiene activities and audit mechanisms.”
Given that none of its clients has borne the brunt of any major security breach, Pankit is rightful in claiming that definitely there’s something that the startup is doing right!
Sequretek: A Startup With 50+ Clients, Monitoring 10 Cr Cyber Security Incidents Daily
The startup offers both a subscription model and a perpetual license model to its customers who can choose whichever suits them. As of today, it counts about 50 customers in diverse fields such as banking, pharma, IT, insurance, retail, and manufacturing with about the bulk of them-almost 70% in the financial services industry. Some of the startup’s clients include HDFC Bank, IDBI Federal, HDFC Limited, NCDEX, and a few customers with a US presence among others.
While Pankit did not reveal the exact revenue figures, he claimed that Sequretek is growing at about 70%-80% year-on-year (YoY), and growth has more than doubled from last year. For the next three years, it aims to continue to double its growth rate at 100%. The team which consist of 200 members will almost stand at around 300 by the end of this financial year on the back of its expansion plans. The startup has just taken up a space in Delhi and also started operations in Bengaluru. By early next year, it also plans to enter international play starting with North America and expanding into other geographies viz. Europe, Middle East, Southeast Asia, Africa and rest of the world.
Pankit attributes this growth to the growing awareness about cyber security. He says, “ Earlier it was a hard sell to convince customers to buy security but now getting an audience is not a problem. Also, the regulators such as IRDA, SEBI, RBI, have become very active and all have made clear their expectations how security in their constituent industries should get covered. That has brought about an enormous change in attitude towards cyber security.”
He reveals that while monitoring customer infrastructure on a 24/7 basis, Sequretek monitors almost 10 Cr events per day. The startup has the ability to convert those 10 Cr events into 900 alerts and finally to 10 to 20 incidents per day. This in turn enables it to sift through the incidents to find what a real incident is or alert is rather than going on a wild goose chase. This approach is paramount given the huge amount of data it generates while monitoring their systems and processes from the security point of view.
Additionally, the startup also has its own threat feed that gets generated from 168 different sources from global threat networks which allows it to compare its customers’ data with what is happening globally.
“If we see something fishy is in a customer environment, there is good chance that he has a potential threat looming over his head.” Thus the startup indulges in what is called active threat hunting or proactively looking for problems.
The idea is simple, to look at the environment holistically 24/7, and not just work reactively but rather be proactive and that too in real time. It is this approach which enables it to arm its customers with a set of intelligence that either stops the attack before it happens or while it just in flight or at the worse helps them identify that they have been attacked, thus aiding them in mitigating the risk of additional losses that could come their way.
As far as funding is concerned, it had earlier raised $300K in 2015 from wealthy individuals, while the founders had put in $691K (INR 4.5 Cr) while launching the company in 2013. In May this year, it raised an undisclosed amount in its Series A round of funding from GVFL and Unicorn India Ventures.
Sequretek And A $100 Bn+ Global Cyber Security Market
As per a Marketsandmarkets research report, the current global spend on cyber security is expected to grow from $122.45 Bn in 2016 to $202.36 Bn by 2021. Meanwhile, Gartner forecasted that security in India is growing to be a $1.5 Bn market by next year. No wonder, many cyber security firms such as Securonix, Lucideus, Kratikal, TAC Security Solutions, and others are competing for this growing pie.
Pankit, however, believes that security is a vast space and lot of work gets done in various components of security. So while some firms are primarily focusing on the analysis or audit space of attacks, Sequretek differentiates itself by focusing more on the protect side and that too by being fairly enterprise focussed. As of now, it has no ambition to be in the commercial space.
He, however, adds that this market is very large and will continue to grow at a steady state of 13% YoY. India will also see a slightly higher growth rate as government spending is also picking up in the security space. He avers that while the customer’s overall budgets may not dramatically change from 8%-12%, but where they spend money is definitely changing with more money now being spent on monitoring technologies rather than just simply managing technologies, which was the case earlier.
He explains, “You just don’t want to manage, you want to monitor now. Monitoring means that you see to it that software is delivering the value and you can put intelligence over it, find patterns and behaviours and find loopholes that someone maybe looking to exploit.”
The rising interest in cyber security is also evidenced by the growing investor interest in such startups. Here’s a look at startup fundings in the space since January this year besides Sequretek’s funding.
Anil Joshi, Managing Partner, Unicorn India Ventures, an investor in Sequretek believes that while the industry is growing at a CAGR of 8%, however, India may witness double-digit growth in the coming years. He said, “Cyber Security Task Force (CSTI), which has been constituted on PM’s exhortation by NASSCOM & DSCI (Data Security Council of India) and industry eminent has charted out vision 2025, “Grow the India Cyber Security product and services industry to $35 Bn with million jobs in cyber security space.” The above vision is very much achievable, rather may surpass the numbers with growing digitisation in India.”
The digital push by the government is changing the way businesses are run in the country and with growing cyber attack threats, more businesses are emphasising on proper cyber security protection. Hence as enterprises understand the magnitude of the problem with growing cyber attacks on businesses, there is equal emphasis on cyber security protection and necessary budget for the same. He thus believes that as Sequretek is among the early movers, it will play an important and significant role in achieving Vision 2025 envisaged by CSTI.
There are no two ways around the harsh reality that cyber adversaries are becoming more sophisticated and resourceful, the impact of cybercrime is increasing, and the attacks are increasing not only in volume but also in variety. This year, among more than 100 countries that were hit by WannaCry (an advanced ransomware attack), India was the third worst affected. A recent PwC-Assocham report on cyber security threats in the country stated that the number of incidents reported by the Indian Computer Emergency Response (CERT-In) was 27,482 until June 2017. No wonder, last month, taking into consideration recent cyber-attacks like Ransomware and WannaCry, the Union Ministry of Electronics and Information Technology (MeitY) asked all the ministries to spend 10% of their IT budgets on cyber security.
Given this rising focus on cyber security by governments, both national and foreign, it is a massive opportunity for startups like Sequretek. But keeping in mind the rising competition, it is safe to conclude that even with a focus on enterprise businesses, Sequretek still will have to face strong competition from the rising brigade of cyber security startups. The saving grace, however, is that the size of the security pie is also increasing along with the rise in those vying for a piece of it as data consumption through smartphones and digitisation of businesses continues to rise in the country.