There are so many security products out there, but when one manages to prove its worth and is developed by a local team then it has to be acknowledged. Secure Bytes, a Pakistani IT Security company with offices in the US, developed and released an audit and vulnerability assessment software called Secure Auditor.
This becomes a milestone for Pakistan because it was for the first time a locally developed product had been compared with international leaders and received the kind of recognition that the company had. Products coming out of an emerging market like Pakistan that make big news need to be highlighted and hence, this interview. Following is what Secure Bytes CEO, Naimatullah Khaden, has to say about the local Internet Security trends and how the role of the CSO in Pakistan is fast shifting from being imperative, to being downright critical.
Secure Bytes developed a comprehensive integration tool integrating several auditing functions into one single Console. The solution, according to the company, is capable of auditing different Operation Systems such as Windows, SQL, Oracle and Cisco Routers. “Add the application’s ability to perform Enumeration, Forensics and Compliance, Penetration testing from one console, and you’ll quickly see why ours was a product that stands out,” comments Khaden.
It took the team more than 3 years to fully develop, test and launch the product into the international market but what about RnD? That’s always a challenge for a company of any size to keep alive. “Research is a building block of our existence. You require a great deal of knowledge share for developing anything, more so in the field of Security. More than 65% of our development efforts went into Research and Development for this application.
With the increased demand for security products, there are a multitude of products available out there, but the company CEO says that they began developing the product to better serve two needs: cost and integration. “The market has many different competitors developing different modules or tools that can be embedded. We feel that no other company in the security industry performs the functions we are proposing at the price we are offering.”
He continues to explain, “What a single Secure Auditor console can achieve this enormous task. Imagine the additional resources in terms of people, processes, training, effort and money you have saved right there! On the other hand, even if money and additional resource is not an issue for your company, somebody has to sit and identify the false positives, coordinate the processes, manage their business impact and keep tract the gradual resolution of these audit findings. And if this is not being done there is no point in spending money for nothing. Now if it needs to be done in the three spaces of [Operating] Systems, Network and Databases then we have a solution that gives you one simple interface to tackle all of this.”
For a lot of reasons, Pakistan hasn’t exactly been the development hub for applications. How does the company hope to create a trend from the patch they have embarked on? “Integration and Consolidation is the theme of the day. Cisco has successfully done this in their line of products and many companies are working towards it. In the auditing space, we are the leaders in the space of integration and consolidation and I am sure many companies will follow suit.”
Khaden highlights three universal benefits of Integration and Consolidation:
(i) Productivity enhancements;
(ii) Cost Saving and
(iii) Benefits [in general] to the consumer. “This is exactly what has made Cisco to move in this space and it is true for us too.”
One of the few reasons why we initiated this venture from within Pakistan was to address be close to the Pakistani enterprise. We hope our vision and experience can lead domestic companies to stand on equal footing with the global completion.
Trends in IS
Could you identify some security threats that make the Pakistani enterprise or SME constantly vulnerable? “Digital threats are no different to for any enterprise in the world. This equation becomes complex when we take into consideration our general ability to understand and respond to threats. That is where the probability of a threat will become an exploit is exponential to Pakistani enterprise. And this is probably because of the following reasons:
- Resources are scarce in organizations globally when it comes to digital security and when you talk about the Pakistani enterprise, these hardly exist;
- Lack of technical understanding at all levels;
- Lack of Subject Matter Expert (SME) locally;
- Lack of appreciation and importance given to the ‘quality’
- Leadership’s inability to take risk and put something that 99% of the people are not talking about as yet, into effect.”
According to Khaden, another issue where Pakistan’s software understanding suffers is that bespoke solutions are more prevalent in the local industry as opposed to packaged security software. “This trend limits the scope of activities of local security vendors to approach local organizations.”
Secure Auditor performs enumeration, conduct audit against standards such as SANS, ISACA and CIS and facilitates compliance with HIPAA, GLBA, FISMA and SOX. It organizes information assets through inventory assessment, analyzes the event log to an extent of fine grained auditing, manage configuration, performing password auditing and conducting penetration testing from a single console.
“We anticipate $1000-$4000 average (difference due to prices of competitive products) cost saving on each system. This will reduce organization budget on security, auditing and compliance tools by 25%-30% and still allow organizations to use premium security measures, enforce compliance, ease of use, convenience, run detailed analyses and above all, identify the right solutions and mitigation methods to match the risks,” says Khaden.
For more information, please visit secure-bytes.com
For screenshots of the software interface, grab a copy of the October issue of CSO!
