Protecting critical sectors: Strategies for cybersecurity resilience by Indusface CEO

In 2012, Indusface was founded with a vision to secure critical web, mobile, and API applications, and since then, it has evolved into a pioneering player in the world of cybersecurity. The company, co-founded by Ashish Tandon (CEO), Nandini Tandon (Chief People Officer), and Venkatesh Sundar (CMO), offers a fully managed platform that integrates various security features, such as web application scanning, web application firewall, DDoS and BOT mitigation, CDN, and a threat intelligence engine. With over 5,000 global customers, Indusface has become a trusted partner for enterprises seeking to protect their digital assets.

In an exclusive interview with Bizz Buzz, Ashish Tandon, co-founder and CEO of Indusface, provides insights into the company's evolution, its core promise as a security partner, and the role of AI and ChatGPT in raising awareness about cyber-attack trends. He also shares strategies for protecting businesses and critical sectors against cyber threats

How has Indusface evolved?

Since our inception in 2012 as a provider of web application security scanning services, Indusface has continuously transformed. In 2016, we introduced a pioneering cloud Web Application Firewall (WAF), marking a significant expansion of our offerings. We’ve since evolved into a comprehensive Web Application and API Protection (WAAP) platform provider.

Our current focus empowers application teams to seamlessly discover, efficiently scan, robustly protect, and diligently monitor web applications and APIs, solidifying our leadership in cybersecurity. Our unwavering commitment to advancing digital security solutions has positioned Indusface as a trailblazer in the industry, consistently adapting to the evolving technological landscape and the ever-changing demands of online security.

What products and services does the company offer?

The company provides the following products and services:

AppTrana WAAP Platform: This is a comprehensive managed platform designed to protect WebApps and APIs from various threats including vulnerability, zero-day, DDoS, and bot attacks. It integrates a range of features such as WAF, DDoS, and Bot mitigation, along with a DAST scanner, asset discovery, CDN, and API security.

Indusface WAS Platform: This platform offers a combination of services including asset discovery, DAST scanner for identifying vulnerabilities and malware in web applications and APIs, and managed services ensuring a zero false positive guarantee, along with manual penetration testing.

What is your vision for Indusface, and what advice do you have for emerging entrepreneurs in the cybersecurity domain?

My vision for Indusface is to empower customers to safeguard their web applications and APIs on the internet. As for advice to emerging entrepreneurs in the cybersecurity field, I would recommend focusing on addressing significant market challenges, prioritizing investments in both product development and a talented team, and maintaining a steadfast focus on unit economics.

How did Indusface build trust with its clients and rise to fame?

In the initial stages, we identified a gap in the mature WAF market – security teams were dissatisfied due to excessive false positives and disjointed risk detection and protection processes. To address this, we developed a product that presented open vulnerabilities and protection status in a single dashboard, resulting in an instant product-market fit. Some of our initial clients came from the highly regulated banking sector. Once we secured our first clients in these regulated markets, our journey became considerably smoother. Over the last three years, we have achieved the status of being a customer choice in Gartner Peer Insights Cloud WAAP report, marking us as the only Indian vendor among the ten companies listed in the report.

How can the adoption of AI and ChatGPT help raise awareness around cyber-attack trends?

The adoption of AI and ChatGPT can significantly enhance awareness of cyber-attack trends. Industry bodies like OWASP and MITRE ATT&CK have played a pivotal role in advancing knowledge about application security. For example, OWASP recently released valuable insights on the most critical threats, including those identified by ChatGPT and other Large Language Models (LLM). To stay informed and proactive, it’s essential to acquaint oneself with this comprehensive resource, serving as a crucial starting point for strengthening cybersecurity practices. Leveraging AI and platforms like ChatGPT streamlines the dissemination of such vital information, making it more accessible and widespread, offering a better understanding of evolving cyber risks and strategies to protect digital assets.

What are the vulnerabilities in the banking, financial, and insurance sector?

The BFSI sector faces specific vulnerabilities, with three notable threat vectors observed during this financial year:

Sophisticated Bot attacks: These attacks are designed to execute complex strategies, including account takeovers, card cracking, and probe attacks aimed at systematically identifying vulnerable points within applications.

Botnet Orchestrated DDoS attacks: Botnets are leveraged to launch distributed denial-of-service (DDoS) attacks, using extensive IP farms to flood applications with a seemingly low request rate, leading to overwhelming traffic and potential disruption.

Zero-Day attacks: Instances of zero-day attacks have been reported, highlighting vulnerabilities in MOVE-IT SQL injection and Adobe ColdFusion. These vulnerabilities pose significant risks to the security of the sector.

What strategies can be implemented to better protect the government, public, and private sectors against cyber threats?

The following strategies can be implemented to protect against cyber threats. Transition to Cloud-based WAAP (Web Application Firewall): This is a good step for enhancing security and minimizing the risk of DDoS attacks. It’s essential to ensure that the cloud-based solution chosen is reputable and provides a high level of security.

Identify and prioritize assets: Catalog all critical assets and categorize them based on their importance and potential risk if compromised.

Regular scanning and testing: Regular scanning and in-depth penetration testing should be conducted to identify and resolve vulnerabilities before they can be exploited by malicious actors.

Implement security measures: Deploy the necessary security measures, including firewalls, intrusion detection systems, and other relevant tools, to protect critical assets.

Patch management: Regularly update and patch all software and applications to ensure that known vulnerabilities are mitigated.

Enhance employee training: Human error remains a significant factor in cyber threats. Regular training and awareness programs can help employees understand the importance of cybersecurity best practices, such as strong password management, identifying phishing attempts, and being vigilant about suspicious activities.

Implement Multi-Factor Authentication (MFA): Enforcing MFA adds an extra layer of security to user accounts, making it significantly harder for unauthorized users to gain access, even if they have obtained login credentials through a data breach or phishing attack.

Data encryption and regular backups: All sensitive data should be encrypted, and regular backups should be performed to ensure that critical information is not lost in the event of a breach. This also helps in minimizing the impact of ransomware attacks.

Incident response and disaster recovery plan: Establish a well-defined incident response and disaster recovery plan to swiftly respond to any potential breaches. This should include regular testing and updating of the plan to ensure it remains effective in the face of evolving cyber threats.

Regulatory compliance and auditing: Ensure that all security measures are in compliance with relevant industry standards and regulations. Regular audits can help identify any gaps in the security framework and address them promptly.

Collaboration and information sharing: Foster collaboration between different sectors and organizations to share information about emerging threats and best practices. This can help in creating a more secure environment for everyone. By implementing these strategies, organizations and governments can significantly improve their cybersecurity posture and better protect themselves against cyber threats.

What role does Indusface’s customized product offering play in protecting businesses?

We are the only WAAP provider in the platform that offers complete risk-based protection that not only allows you to discover all internet facing assets but also protect them on a fully managed WAAP where we give all our customers a 24-hour SLA for virtually patching critical vulnerabilities on AppTrana.