With many thanks to Anand Naik, Co-Founder and CEO of Sequretek, Aviva Zacks of Safety Detectives found out about his company’s Percept Cloud Security Platform.
Safety Detective: What motivated you to found Sequretek?
Anand Naik: I’ve been a security practitioner for the better half of almost two decades. Our view has always been that point products, which make for most of the security industry, are overall quite ineffective and create what we call a data sprawl or a data mess.
In my previous organization, I realized that the only way to resolve the customer problem was to create a substitute that would not be a niche point product in itself. The technologies that were used in the security space for core threat detection used to be the same that came out in the 1990s and early 2000s. They were signature or heuristics-based, and a little ineffective when identifying new-generation threats.
At Sequretek, we felt that if we come out with products that help simplify security by consolidating the technology landscape using the latest technology around artificial intelligence, we would have a product that can offer a cutting-edge, next-gen solution.
Today, our vision is to simplify security and consolidate the landscape.
SD: Can you tell me about your Percept Cloud Security Platform?
AN: We have three cloud-native product lines. The first one is Percept XDR, or Extended Detection and Response. This product collects security event data, telemetry, and intelligence from all devices and all sources that are available within an enterprise—from cloud-based sources on IoT devices to traditional desktops, laptops, and mobiles. It collects data through an AI solution, which is based on deep learning, identifies the anomalies around the threat user, malware, and entity intelligence, and creates an automated response mechanism with full visibility to the customer. XDR focuses on enterprise visibility and response irrespective of what underlying products and technologies a customer has.
The second area that we focus on is customer devices. The product (also an AI-based agent) is called Percept EDR—Endpoint Detection and Response. The device doesn’t need the internet to be able to access and use AI. This AI is native to the agent sitting on those machines. Apart from detecting file-less and file-based malware and in-memory malware (the latest generation of malware) it also has the capability to patch, whitelist, and discover the vulnerabilities in the environment.
And finally, the third area focuses on the users of the organization—Percept IGA (Identity Governance & Administration). It covers users of the organization, what access they have, what happens when they change roles, when they get promoted, when they get transferred, etc. IGA focuses on the entire lifecycle of the user along with zero-trust authentication.
It has four modules that the customers can benefit from. The first one is governance, which has a complete lifecycle around it. The second is zero-trust identity, which has a federated single sign-on with federated multifactor authentication and technologies like telemetry and identity linkages that are created. The third area is around a user data lake so that you are able to run AI models on top of it, machine learning models on top of it through identifying user anomalies. And the fourth area is a very rich application connector studio so that you are able to connect to different SaaS application providers or infrastructure cloud providers like AWS, Azure, or legacy and on-premise solutions.
SD: What types of industries use your products?
AN: A major chunk of our customer base is in the financial services and banking sector since they are highly regulated and are one of the largest adopters of IT across the globe. Security products, in general, are sector-agnostic and, therefore, can cut across all sectors. The top four sectors where our products are installed are financial services, pharmaceutical, retail, and manufacturing industries.
SD: Why do your customers love working with you?
AN: Simplicity is our mantra. I believe that’s something our customers love. Our products are easy to implement and give results as early as the first day or week of implementation itself, depending on what products you are looking at. Now, the entire Percept offering is cloud-native which means customers don’t have to invest in any hardware if they were to look at on-premise solutions.
Ease of use, deployment, and availing benefits are all one big space. All the products are enterprise-class; in each of the product categories, some of our reference implementations run into 200,000 users. So the products are referenceable which gives customers confidence about the products’ quality. We solve the problem of technology sprawl by consolidating. So, every product of ours has the ability to co-exist and replace approximately five to six technologies in that space.
Instead of customers having to buy those technologies independently and trying to figure out how to integrate them, each of our products eliminates the need for those technologies. Or if they have some of them, they can coexist with those technologies.
SD: What do you think are the worst cyberthreats today?
AN: There are two different ways to look at this. One is the vectors, how the threats get propagated. In that regard, the world is still in its basic elements—basic spyware, basic spear-phishing, innocent users trying to click on wrong links—all of those continue to be the threat propagation vectors. The malware itself is changed into pretty sophisticated algorithms. Nowadays, you are often dealing with fileless malware, malware that exploits vulnerabilities that are not yet published, or vulnerabilities that are published but have a good case for not being patched or not being remediated.
While ransomware, spyware, and crypto miners are the most common, the nature of the threat itself is changed to file-less and deception. I think deception and sandbox evading and deception-based technologies are where the malware cycle is changing.
SD: How do you think the pandemic is changing the way your company handles cybersecurity?
AN: I think the pandemic has accelerated digital adoption for a lot of customers and companies. The core of any digital adoption is a cybersecurity strategy. From a market perspective, the pandemic has created more awareness among customers to look at cybersecurity as the core element of their strategy.
Internally, we have had to adopt work-from-home and, therefore, some changes around basic technology implementations. But for customers as they move into this digital journey, two things have changed post-pandemic:
- The first one is employees and their devices – whether personal or professional, devices have become the new perimeter. The traditional boundaries of organizational perimeter no longer apply. The new perimeter for every organization with work from home is here to stay. The perimeter now has become its employees and their devices. The fundamental way of how security is governed and implemented has changed.
- The second—the pandemic has accelerated digitization and cloud adoption. As you move to digital and cloud, a lot of applications and application architectures that are traditionally structured, and within the perimeter of the organization, have had to undergo massive changes.
Since our offerings are cloud-native, I don’t see too much of an architectural change that we have had to make once we launched the Percept offerings.