Earlier this month (Oct 4), Sequretek, a Mumbai-based startup, launched its next generation Enterprise Endpoint Detection Prevention Response (EDPR) solution. The company, founded in late 2013, offers security products and solutions. It also has its own Security Operations Centre (SOC) in Mumbai. Pankit Desai, Co-founder and CEO, Sequretek explains how security has evolved and what are the factors that led his company to create EDPR. The solution employs artificial intelligence algorithms to make security updates less painful, and to improve CPU utilisation. It uses AI and some unique approaches to solve some long-standing industry challenges in the security domain.
DC: Why has the epicentre of security shifted from Firewalls to Endpoints?
Pankit Desai: Endpoints have become the new perimeter. Ten years ago, the entire enterprise stack was built on the assumption that you would have an insular organisation, with offices in regions; (in this setup) your data centre and devices would have a perimeter (firewall). Enterprise IT was secured by a perimeter. At that time, endpoints (access devices) were inside the enterprise infrastructure. So the endpoints had minimal security as the perimeter took care of the security.
(Ed: The ‘perimeter’ is a piece of hardware and software called a Firewall).
That changed in the last few years and the endpoints have started getting dispersed. Today, the organisation’s value chain extends its boundaries. No longer do organisations work with employees within the company (internally). Organisations give access to consumers, to the supply chain, to stakeholders, to outsource partners, to influencers. So many people (outside the organisation) have access to your systems. This was not the case earlier.
Many people told us there would not be any endpoints and this is going to go away. Our hypothesis was that the form factor will change but endpoints will not go away. While data centers will go to the cloud, endpoints will continue to exist.
DC: What are the other big changes you observed with enterprise IT architecture?
Pankit Desai: The second change we see is with access devices. Ten years ago, Windows was the predominant operating system. Smart phones and apps are a much recent ingestion into the enterprise network. The form factor and the heterogeneity of operating systems has started going up; moving on from Windows, you now have Android and its flavours; iOS, Ubuntu, Fedora and other technologies that are sitting at the endpoints.
Today you have dispersing of the devices that interact with you, and yet these are no longer in your control. What comes to your environment and who accesses (your infrastructure) may not be the same shape and form of what you were dealing with (in the past).
So now the traditional perimeter is inadequate to protect the dispersed endpoints — outside the perimeter.
When an endpoint talks to my server, it is a trusted device. It is a device that is known to the organisation.
This is the environment we had forecast when we started grappling with this problem, three and a half years ago.
Today, the organisation’s value chain extends its boundaries. No longer do organisations work with employees within the company (internally). Organisations give access to consumers, to the supply chain, to stakeholders, to outsource partners, to influencers.
DC: But people were predicting that there would be no endpoints in time to come. What was your belief back then?
Pankit Desai: Many people told us there would not be any endpoints and this is going to go away. Our hypothesis was that the form factor will change but endpoints will not go away.
Enterprises may move to cloud; IoT, automation, and robotics will come in. While data centers will go to the cloud, endpoints will continue to exist.
Regardless of what comes into enterprises, there will still be employees working with them. Employees need a technology layer to interact with the organisation. Some technology will be used, whether endpoints, wearable devices, smart devices, we knew that some device will be there to interact. People will always deal with other people in the enterprise through technology.
We started our journey based on these two hypotheses.
We asked ourselves if we could take a completely different approach and build a product from the ground up that stitches the various elements of security that we know of today. At the same time, it should have the capability to ingest more elements as we go along.
DC: So what is the security construct that an organisation will need for this new perimeter? And how does your new EDPR solution address that?
Pankit Desai: When I look at the technology landscape from a security perspective for this new perimeter, the first thing that comes to mind is that, you have a multitude of different technology elements each doing its own small thing to secure my infrastructure.
You have anti-virus, anti-APT, patch management, DLP, and white-listing products. Typically, an enterprise uses five to six separate security products. More so now, because different devices are connecting to the enterprise network. And each security technology is an answer to a specific problem that the device poses. So the reality is, you need to buy six products to address six different problems.
We asked ourselves if we could take a completely different approach and build a product from the ground up that stitches the various elements of security that we know of today. At the same time, it should have the capability to ingest more elements as we go along. And it should also reduce the compute cycles consumed. When each of these technologies work independently the security workload on the processor is significantly high. With eight such technologies running simultaneously, the CPU and memory utilization is in the range of 40 – 45 percent. So the largest workload would be the security application.
We wanted to make it simple, by identifying some common elements. We wanted to integrate all the solutions to reduce the workload. In creating an integrated solution, we also wanted to reduce the compute footprint. Our EDPR is very broad in terms of coverage, and includes anti-virus, anti-APT, DLP, white-listing, patch management, and device control — from a broad perspective. But we are also looking at it from a depth perspective — hardware up is how we look at the overall tech posture.
Our intention is not to slap these five or six products together to make one product. The product works as one, with the different components feeding and leaning on each other to identify the gaps that persist today. The problem is created because of the gaps. We look at problems holistically. We are saying, look at endpoint security as one problem and not six independently working problems.
The third problem that we wanted to address is that traditional security’s largest defence mechanism for external threats is this whole content update. I mean, the last machine on the last mile needs to have a daily content update from the OEM, with the signature database, so that any known threat is addressed.
In India, updating the content is a challenge because of bandwidth limitations and infrastructure issues. So we thought about using artificial intelligence to train the engine to reduce the requirement for content update on the last machine.
We wanted to ensure that AI became an integral part of how we deliver the security experience.
Fourthly, we wanted to improve performance. So we set out to work closely with the chip manufacturers to explore technologies that allow us to optimize security workloads.
And these four aspects went into the development of EDPR.
Our AI engine is trained on 20 crore plus bad files. So we understand from an algorithm perspective what is good and bad. But if the machine content is not updated, I will still be OK. The AI engine will ensure that nothing will go in and create havoc.
DC: Can you please elaborate how Artificial Intelligence helps?
Pankit Desai: When scanning for security threats the security solution will look for known ‘bads’ and known ‘goods’. The known ‘bads’ are immediately identified and blocked. The known bad is identified through the content. If you remove the known goods and the known bads, there are the shades of grey and you will use various techniques and solutions to identify those: emulator, sandboxing, heuristics and AI. But all four have heavy compute requirements.
But the AI engine can speed things up. Our AI engine is trained on 20 crore plus bad files. So we understand from an algorithm perspective what is good and bad. But if the machine content is not updated, I will still be OK. The AI engine will ensure that nothing will go in and create havoc. And correlated to that was this whole issue around performance.
With this new solution you can do your security updates once a week or once a month. The AI component will step in to fill the gap.
DC: How do you address the performance issue? You earlier mentioned that security workloads are a tremendous strain on the CPU.
Pankit Desai: As we work with chip manufacturers to address this, there are technologies from Intel that allow you to apportion the workload on to different parts of the CPU that are not optimally utilised for regular enterprises and those can be used for the security workloads. That will reduce the workload on the regular CPU cycle.
Intel has a technology called TDT (Threat Detection Technology). It has a sub-component called AMS that assigns the security workload to the GPU. Most enterprises don’t use the GPU because the visual workloads are not high. So they provided an SDK that allows us to offload our security workload to the GPU.
There will be huge savings in manpower costs, and in terms of avoiding inefficiencies caused by traditional security software. Huge savings in terms of the infrastructure that will be required to run. You can also extend your CPU refresh cycles. All this will be part of the TCO being introduced.
DC: Tell us about product pricing. In which markets will you going to sell it?
Pankit Desai: It is sold as an annual license, on a per user basis. We sell it through both direct and indirect models. So far most of our customers were acquired through a direct model. This year we will have an indirect channel as well. As we enter the US market this year, we will start with the direct model. We will have a couple of partners by the end of this fiscal. Then we will have direct and indirect in N. America and Europe.
It is still early days to disclose the pricing for those markets. But it would be slightly cheaper compared to what you pay to buy five or six separate security products. This will be 20 per cent cheaper. The biggest savings will come in terms of number of people that they would need to deploy to secure their infrastructure.
There will be huge savings in manpower costs, and in terms of avoiding inefficiencies caused by traditional security software. Huge savings in terms of the infrastructure that will be required to run. You can also extend your CPU refresh cycles. All this will be part of the TCO being introduced.
The only company that has a similar integrated suite (except for white listing) is Symantec.
But you will also need to buy five different products from them.
This is an OS agnostic product. It will run on all platforms.
Press Release: Sequretek launches its Next Generation Enterprise Endpoint Detection Prevention Response (EDPR)