14 DAY TRIAL // We’ve had the opportunity of doing an interview with Ritesh Sarvaiya, the CEO and founder of Defencely, an Indian IT security startup that focuses on penetration testing.
Ritesh Sarvaiya has been kind enough to answer some questions regarding his company, the threat landscape in India, and cyber security in general.
Softpedia: Please introduce yourself and share a few things about your company.
Ritesh Sarvaiya: Hi guys, I am Ritesh Sarvaiya (34 male) from India, Founder and CEO @Defencely.com.
When it comes to sharing things about Defencely, I always remember hundreds of manual testers who are involved in bounties which they earn from North American giants on going basis.
Defencely.com is conceptualized and formed as a manual pentesting company and trying to disrupt this niche where companies have to use manual testing as a part of their Web security.
Softpedia: What makes Defencely different from other pentesting companies?
Ritesh Sarvaiya: While Defencely likewise uses an automated scanner to quickly find the more obvious vulnerabilities, it also has a team of extremely gifted experts who know exactly how to perform extremely thorough manual penetration testing - to find all security problems associated with the company’s web.
Having found all the vulnerabilities Defencely doesn’t stop there. Defencely explains in a step-by-step manner exactly how to fix them. If the company prefers, Defencely’s experts will actually fix the vulnerabilities for the company – at no added cost!
Zero-day threats are those vulnerabilities for which a malicious exploit has been found, but for which there is no fix available. These 0-day threats appear with frightening regularity. They must be patched as early as possible, so that the customer’s web is not compromised.
If a client’s website is successfully hacked while they are subscribed to Defencely, their entire subscription fee for that site is waived. That is how very confident Defencely is.
Web applications are safer because unlike other companies we do not rely on automated penetration testing. Our primary tool is the many years of experience of our team, the high quality of that experience and the techniques of manual penetration testing which produce the best results.
There is no substitute for Defencely’s Manual Ethical Penetration Testing and Repair.
Softpedia: What are your plans for the future?
Ritesh Sarvaiya: At this point of time we are in middle of getting talented manual testers on board and certainly in future we would like to start with malware, DDOS, network security etc. Also we are in talks with a big group of security researchers, as a strategic alliance, in order to start financial segment pen testing across the Asia Pacific region.
Softpedia: Let's talk a bit about the cyber security landscape in India. Currently, the government has rolled out a series of measures to protect the country's cyberspace against attacks. Are these measures effective in practice, or are they only good on paper?
Ritesh Sarvaiya: Well looking at over situation in mind I must say India is not up to the mark as far as cyber security is concerned. It has a direct relation with the awareness among the people who are running their businesses online, Internet users, security firms etc etc.
The government has rolled out many things to protect the country's cyber space, and to a certain extent it's working as well, but to my opinion, India needs one visionary in this space who can drive it with greater passion.
Softpedia: In order to protect websites, the government wants to move them to secure infrastructures such as the ones of NIC and ERNET. Will we see some improvements after this move?
Ritesh Sarvaiya: Well as far as improvements are concerned we certainly will see, but it will take some more time. Overall, if you see, Indian data centers as well are struggling to keep themselves secure at this point of time.
Softpedia: What solution would you recommend to secure India's or any other country's cyberspace?
Ritesh Sarvaiya: This is very big question for me as an entrepreneur and especially when I am new in this field and gaining experience working with talented guys around.
In my opinion, in order to protect over all cyberspace of India or any country you need to make sure that the guys who are involved in doing it have huge experience already. At the same time it's extremely necessary to secure a country's major datacenters to avoid any kind of additional loss.
Softpedia: Based on what you're seeing right now, are Indian companies beginning to realize that IT security should be taken seriously?
Ritesh Sarvaiya: At this point of time Indian companies have started adapting IT security and about 25 to 30% of total enterprises across India are taking it seriously. Certainly there are lots of things to be done, in order to increase awareness across India INC.
Overall, India is a growing market for E-commerce startups these days and in next 4-5 years about 200k online websites will come in this space. So, overall, an ample amount of businesses will need IT security and lots of security providers will come in this niche space, which will make this space more healthy and competitive.
Softpedia: Can you share some predictions regarding the cyber security landscape?
Ritesh Sarvaiya: The cyber security landscape is a pretty large term to talk about, but since you have asked I would certainly add 2 cents here. Overall, as we all know it's growing and it will continue to grow at almost 200% till 2016 as per latest reports from CISCO, and one needs to be more active in securing cyber space from any and every kind of breach, hacks etc etc.
No matter what we will do to make this space secure, there will be always bunch of people who will keep tampering with the cyber security.
Softpedia: Is there anything else you want to add?
Ritesh Sarvaiya: I would like to Invite talented and experienced manual pen testers to Join Defencely's team and become a part of growing manual testing revolution online. Feel free to drop an email at [email protected] or connect with me via LinkedIn.
Looking at the way bug hunters are getting added to the space in the long run, very few will really survive and these days 95% of the bugs which are being reported by the researchers are duplicates.
Keeping this equation in mind, it is suggested that one should invest lots of time in testing the real application instead of keep guessing that how many more researchers are working on the same bounty.
I hope I am making lots of sense here and I would like to know the opinion of fellow testers.
Lastly would like to thank you and your readers for giving me an opportunity to showcase myself and Defencely.com.