Right now, webmasters are trying to figure out to protect sites from Flame, the latest major malware to emerge. 100% security doesn't exist, but part of the response to the virus might come from Bangalore, India, where iVizSecurity, a company specializing in penetration testing, is located.
Penetration testing simulates attacks to discover a system's weaknesses. iVizSecurity is doubly innovative, relying on complex technology and a simple business model. It's symbolizes a notable step forward for India, since it's built on A.I. (artificial intelligence), and not on a low-cost workforce.
Enterprise clients – the service is enterprise-only – log-on to d'iVizSecurity.com and request a scan. The cloud-based service then simulates “all possible attacks,” says the company's president and founder, Bikash Barai. When the testing is complete, iVizSecurity tells sites what they need to change. It's “ethical hacking” -- the idea isn't to harm a site, but to help it stay secure.
“Hack yourself before hackers do, and you'll know what they'll find,” Barai says. “You can't be secure without testing. The challenge is making them good,” he says. The process takes time, 5 to 6 days for even a slightly complex site, which is expensive.
“Finding a good hacker is hard. Keeping one is even harder,” Barai says, comparing his solution to Henry Ford's. “Consultant hackers are used to running tests like people built cars before the production line was invented,” he says.
His innovation rests in the combination of artificial intelligence, human control, and the reduced costs of cloud computing. “This makes the service better, faster and cheaper,” Barai says.
Barai began research in 2006, and received his first investments in 2008. Today he has 300 major clients. The starting-point was a simple idea: “Attackers only need to find one entry point. Someone defending them needs to imagine where all these points could be. It's exponentially complex,” Barai says. Artificial Intelligence lets him envision all possible combinations. He showed off the efficacy of his software by attacking Symantec, Adobe, HP and other companies, making their vulnerabilities public after alerting them.
The technology is built on highly sophisticated algorithms. “I wrote the base,” Barai says. “My professor wrote algorithms that are so powerful that they're studied in the United States.” Barai graduated from the Indian Institute of Technology (IIT) in Kharagpur, one of the country's most prestigious schools.
“Indians have an advantage when brain power is needed,” he says. “It's different when you need a heavy infrastructure. Particle physics doesn't exist without a cyclotron, but for computer science you only need to use your brain. We know how to do that.”
Barai's technology has won innovation awards, but eventually he realized that despite this he didn't really have a business.
This led to the miracle solution: subscription. Some of his clients do more than 2,000 tests per year. Western Union, for example, changes its money-transfer applications every week. Maintaining security while scaling for growth at this level is a massive headache – which makes iVisSecurity's unlimited testing for unlimited applications at a set price something that should ensure Barai's company nice growth.