Rickard Carlsson, CEO and Co-Founder of Detectify, sat down with Aviva Zacks of Safety Detectives to tell her about his company’s Deep Scan and Asset Monitoring services.
Safety Detectives: What motivated you to start Detectify?
Rickard Carlsson: I joined Detectify in the very early days of the company, around eight years ago. The other co-founders are some of the brightest minds in the ethical hacking community (if you know it, they’ve probably hacked it). They wanted to scale the knowledge of ethical top hackers to thousands of organizations, to help better protect their organizations. They needed someone who could turn their vision of a hacker-powered security tool into a business.
I thought it was bold, and I was excited about the idea of a security solution that approaches web security as a collaborative effort—uniting human intelligence and automation to make the internet more secure for everyone.
Since then, Detectify has grown into a security company of 130+ people, with a growing community of leading ethical hackers submitting their latest findings and some of the world’s most popular tech platforms as clients, including Spotify, King, and Trello.
SD: What is your company’s flagship product or service?
RC: In short, Detectify continuously scans your entire online surface for security vulnerabilities and alerts you about them to help you stay on top of threats. Our global community of ethical hackers is the power behind our scanning engines—they continuously submit new attack methods that we build into our products and run on our customers’ assets as security tests. It’s like having the world’s best hackers on your team!
We currently have two products; Detectify Deep Scan automates security checks and helps you find undocumented vulnerabilities; Asset Monitoring continuously observes all internet-facing subdomains, looking for exposed files, vulnerabilities, and misconfigurations. We will also soon be launching an API fuzzing engine for scanning APIs for vulnerabilities.
SD: What verticals are your customers?
RC: Our customers are primarily mid-size or large tech companies that rely on conducting their business online. Industry-wise, our client base is very diverse—we serve everything from major entertainment platforms to banks and healthcare companies.
SD: Why do your customers love your company?
RC: I heard a user say that Detectify is like a good friend that helps you perform better and stay on top of best security practices. I think that’s a good description of what we aim to be. We’re the only security solution that sources vulnerabilities from a community of hackers. While other vendors create their scanning rules by themselves, based on known bugs, our customers get continuous access to the latest vulnerabilities from a global pool of top hackers—even bugs that are actively exploited in the wild.
Vulnerability information is only useful when you know what to do with it, so we put a lot of thought and effort into usability and providing tips for remediation in-tool. Customers tell us that the solution is easy to set up and configure and gives a good overview of which assets are secure and that it’s easy to understand and take action on the scanning reports.
SD: What are the worst cyberthreats today?
RC: It depends on how you look at it, from a perspective of privacy, democracy, finance, or the individual’s point of view. Ransomware typically impacts organizations financially, while data thefts can impact elections and democracy.
Instead of focusing on specific attack methods, I’d say the most significant impact on cybersecurity today is the lack of knowledge and resources. Very few people in the world have a deep understanding of web security and how the internet is built, and the few (hackers and security researchers) who do are generally not employable. That knowledge gap is ultimately why organizations get breached. It’s more or less impossible for any company to keep up with the latest security bugs manually. And the more digital platforms are added, the harder it is to keep track of the potential attack surface. Companies need to look outside their organizations for the expertise and seek ways to access those elite hackers’ know-how to stay on top of threats.
SD: How is the pandemic changing the way your company works?
RC: As a SaaS company, we’ve always been digital-first, so the pandemic has not really affected our ability to deliver services to our customers. In terms of internal organization, switching from working mainly from the office to fully remote has put more focus on individual performance and higher demands on managers.