Privately-held Indusface is an innovative information security company set up in 2004 as a consultancy firm to help organizations meet compliance requirements. Today, the Vadodara based company caters to more than 700 customers, including Fortune 500 companies.
Indusface offers end-to-end protection for web and mobile applications for organizations using its integrated suite of application security solutions. The decade old company safeguards over 3000 websites across 16 countries including India, Middle East, Asia Pacific, Africa and North America.
Ashish Tandon, Chairman and CEO, Indusface elaborates on how the ‘Indian bred’ product company combats large security vendors, both global and local
Excerpts from the interview.
Indusface is a 100% ‘Make in India’ company. How tough has it been to make a mark amidst considering you are competing with established global brands?
We are all proud to be a ‘100% Make in India Company.’ All our business activities, including product development, R&D and management, are based out of India.
But we keep ourselves abreast with all the latest global trends and developments in the application security world. We have successfully thwarted malware and threats like Heartbleed, Poodle, and Shellshock among others. We have protected all our customers with accuracy and speed like any global security organization. That’s why we are trusted by major ‘Fortune 500’ organizations across the globe. We cater to over 700 customers worldwide, with a strong belief in ‘Make in India.’
We agree that the security market is crowded with many players of different sizes. The rapid development cycle of cyber-attacks demands continuous innovation and quick action by security vendors. Quite often the larger players are slow to respond to such needs due to their stringent and elaborate processes. Only agile players can keep pace with the ever smart hackers. Indusface is the only player that claims to be a true ‘Total Application Security’ (TAS) provider that can ‘Detect, Protect & Monitor’ all applications for its customers on a continuous basis, backed with zero false positive promise.
How can CIOs build a robust security posture across the multi-vector threat landscape spanning mobile, social, web?
As audiences are moving quickly into the social web, so are the attacks. Additionally, as emerging operating systems/platforms and mobile devices become more popular, they are more likely to be targeted. At the same time, attackers are also increasing the number of traditional attacks on personal computers, by quickly changing tactics and adding new twists to old plots. CIOs and CISOs must opt for products that are intelligent and pre-emptive, from companies that are continually innovating and developing new solutions and not merely announcing version updates.
Focused solution providers like Indusface not only provide cutting-edge security solutions, but have the ability to focus on issues at hand and quickly evolve and adapt to the new challenges. Indusface helps safeguard web and mobile applications using its flagship product IndusGuard, giving customers the distinctive edge of having total application security.
IndusGuard suite of products provides next generation customizable application security and compliance solutions with cloud-based, Security as a Service (SECaaS) models that are easy to deploy and manage. SECaaS application security solutions are delivered as a ‘pay as you go’ model which is entirely a cost-effective Opex.
Indusface transformed from an erstwhile system integrator into a product company in 2010. Has it been beneficial?
Having gained a good understanding of the security space, we wanted to create a niche as a vendor-agnostic company and launch our own IP. In 2010, Indusface built a website security product, IndusGuard Web, a zero-touch, non-intrusive, cloud-based solution that safeguards web applications through a daily automatic scanning for systems and application vulnerabilities and malware.
Indusface gradually built on its offerings and currently offers a comprehensive range of security products—IndusGuard Mobile (Mobile Application Pen-Testing), IndusGuard PCI ASV (PCI Compliance) and the latest IndusGuard WAF (Fully Managed Web Application Firewall). Recognizing the rise of mobile applications, IndusGuard Mobile gives a complete security posture, risk profile and readiness of enterprise apps to be used safely on mobile devices.
Indusface was recognized by Gartner in 2013 and positioned on the Magic Quadrant for Application Security Testing. We were also a finalist at the NASSCOM-DSCI Excellence Awards in the Information Security Product Company category.
What business strategy proved successful for an India-bred company like you?
Cyber-attacks have now become more sophisticated, focused and extremely damaging. The losses, financial or otherwise, are generally hard to recover from. There is a pressing need for an exhaustive range of application security solutions to not only provide total application security to a company’s business but also to aid them in meeting the compliance requirements. At Indusface, we aspire to position ourselves as a global market leader in the application security space through our truly integrated "Total Application Security” solution.
We have good customer base across verticals, mainly Banking, Finance & Insurance, Internet/E-commerce. Indusface follows a two-pronged strategy wherein large enterprises are served directly through our Enterprise sales team as well as through our marquee MSSP partners such as Wipro, HP, TCS in India. SMBs and mid-market customers are addressed through our Cloud partners such as AWS, NextGen and others.
In times of socially-engineered and persistent attacks, organizations need security solutions that provide hybrid analysis—i.e., web application scanning with a managed web application firewall, which works on behavioral analysis. Indusface team lays emphasis on the need for combining ‘human intelligence’ with security products to offer ‘total application security (TAS)’ for its customers.