How many apps do you have on your smartphone? If you have a powerful phone, do you care about what apps you download? And do you ever think, while signing in or using them, how secure they are? And are you worried about whether the company which made those apps is secure, safe from hackers?
You should be. About 80% of all websites on the World Wide Web are vulnerable to cyber-attacks. Our data - in the form of email address, credit and debit card details, and saved passwords – is stored on many websites. One instance of data breach on any such website makes data of millions of us vulnerable.
And unlike most developed countries, India is only on the brink of a digital economy. We are not yet well-equipped to protect our systems from cyber-attacks. A study by IBM on the cost of data breach in India in 2016 states that 41 companies in India experienced a data breach as a result of a malicious or criminal attack, which the most common root cause of a data breach. Also, the total average cost of a data breach paid by Indian companies increased by 9.5% and the average size of a breach grew 8.1%.
Most Indian companies realise the need to invest in cyber security only after their hands are burnt. And now while there are a number of cyber security firms coming up every day, here is one startup that is using Artificial intelligence to detect, prevent and fix almost every type of vulnerability.
Umesh Thota started off working on this with a completely different plan in mind. Just like how solutions provider like Redhat manage their security, updates, stability for Fedora, Thota wanted to build a security platform infrastructure for Ubuntu. Ubuntu is an open source software platform that runs everywhere from IoT devices, smartphones, PCs to the server and the cloud.
To test the validity of his idea, he began attending events, making contacts and went about doing security services for about three months to validate his idea. The initial testing made Thota realise that a number of companies had many vulnerabilities in their systems which could give a hacker access to your data and make changes to the system. He realized that more than fixing the damage, it was important to be proactive and identifying possible vulnerabilities. And this is not something that must be done at a later stage, but when a system or application us being built.
Thota then decided to build a product to address this. And while he was building this, he participated in a pitching event at T-Hub in Hyderabad, through which he got selected for the incubator program. “Working at T-Hub gave me a very different perspective. With so many startups working in so many domains, I was able to interact with a range of people. There were those who were curious, those who were interested and even those who didn’t know about security. This way, I was able to make the product more interactive and user-friendly,” Thota says.
How to avoid vulnerabilities
Towards the end of 2015, Thota founded AuthBase. Simply put, AuthBase is a cyber security company that uses Artificial Intelligence (AI) to help developers secure their applications by finding, fixing and monitoring their web, mobile and networks against current and future vulnerabilities. The product it has built has three modules that comprehensively scan applications, test them and secure them against different kinds of vulnerabilities.
The founding team of AuthBase: (L-R) Suraj Singh, COO, Umesh Thota, CTO and Saritha Singh, CBO
If you are a developer or an enterprise and are looking to completely secure your application, all you have to do it log onto AuthBase’s website, sign up. All AuthBase requires is your URL. Once you sign up, the onboarding process begins where it does a complete scan of all the vulnerabilities that are there and starts fixing them.
This is where the three modules of AuthBase come into play. The first one, called VF3 checks for vulnerabilities, spells them out and fixes them. The second module is Live Shield, which sits in front of your server, monitors them to recognize attacks and mitigates them. The idea here is to be proactive about a threat that can occur anytime. It can also detect and identify frauds. The second module is mainly designed for banks and NBFCs. And the last module is called a self-healing system which makes the system resilient by itself.
“The idea is that, if you have flaws in your system, don’t just put us there to monitor your web. We provide an end-to-end solution. And modules are built in such a way that it is almost like going from one step to another and ensuring there are multiple defenses for your app,” says Thota.
AuthBase has invested around $50,000 so far which was bootstrapped and earned from initial clients Thota was testing his idea with. Currently, it has over 60 clients and is monitoring around 150 applications across India, Australia, UK and a few other countries. It is now looking to enter the US market.
“The 150 applications include paid and non-paid clients. We generally don’t do free trials but if there is an interesting use case that can test the capability of our product, we give it to them for free for a few months,” Thota says.
AuthBase reached a breakeven just around the first year of operations. And while most startups scout for funds, AuthBase has some offers of funding and strategic partnerships that it is trying to pick and choose from.
The differentiating factor
While there are a number of cybersecurity firms all over the world, what makes AuthBase different is that while most look for hackers and bots, it looks for genuine user behavior and profiles them. This helps you identify when a fraudulent user attempts to access data.
If there is someone doing a reconnaissance on your system, you would already know it, thanks to AuthBase, and you already have vulnerabilities listed, so you can be proactive about protecting you system.
“The end point is to give developers an interface that is completely automated and completely self-learning and lets you choose what you want to identify. We are by default blocking any forms of bot and hack attempts anyway,” he says.
The road ahead
With every new customer, Thota says the company learns a new use case and adds the feature to their product. This is also why the module has been kept in a beta phase.
It is also currently building a solution that can automatically prevent ransomware attacks. A Ransomware virus encrypts all your files and demands a certain amount of money to decrypt it for you.
The goal for AuthBase is to create a single system that can manage one’s entire security architecture spanning web, mobile and networks.
"There is saying in security which says that it only requires you to be unlucky once. We want to make sure that never happens,” says Thota.
This article has been produced with inputs from T Hub as a part of a partner program.