What was the strategic thought of forming Innefu Labs?
While there are a lot of organizations in the country providing Information Security services, there were not many Indian companies working on developing niche security products. There was a huge gap in terms of developing quality information security products within the country. Most of the organizations were providing auditing services or managing Security Operations center by integrating multiple products together. We felt that there is space for quality indigenous security products which will continue to grow since these products would offer lower costs and much better support compared to foreign products. Innefu was focused on developing niche security products for corporate as well as Government organizations on authentication security, protocol decoding etc
What is the rationale behind jumping into the band wagon, while there are already various established players in this security area? How is AuthShield different from other 2 factor authentication solutions available in market?
As per a recent market and market research report, the Global Multi-Factor Authentication Market size is forecast to grow at a CAGR of 19.67% from 2014 to 2020 with a value of $ 3.04 billion in 2013 and $ 10.75 billion in 2020. Two Factor Authentication model is currently occupying 90% of the market. While there are well established players in the industry, they all suffer from an inherent flaw where integration with third party applications is concerned. Most multi-factor authentication solutions available in the market today are dependent on end point applications for integrations. While VPN and Firewall vendors have made provisions for 2FA, most other application vendors have not made any such provision in their programs. As a result, integration of Two Factor Authentication with specific applications such as SAP, mail clients in Smartphones / Computers etc require the servers to be published behind a VPN and integration of 2FA done with the VPN. It is a redundant and wasteful exercise which hampers users functionality by requiring the user to authenticate himself at multiple points, increases costs by adding the costs of external devices and uses double bandwidth. As a result, majority of critical applications such as mail clients, SAP are not integrated with Two Factor Authentication services making them susceptible to phishing attacks.
Innefu AuthShield integrates second factor of authentication (2FA) using a protocol decoding mechanism. This is a patent pending technology which integrates 2FA at a protocol level rather than integrating the solution at client end interfaces. The integration at protocol level ensures that AuthShield can be integrated in even those applications which do not inherently provide support for 2FA including SAP, Microsoft Exchange, Oracle communication messaging servers, Database Queries, legacy applications etc. This opens up a whole new spectrum of applications which can directly integrated with Two Factor Authentication services thereby increasing market size. Not only does this reduce the costs for the clients but also provides him with an enhanced authentication experience which does not hamper his functionality.
Can you ensure the hack-proofness to the users of AuthShield? Isn’t it too tall claim?
Not really, we don’t think the claim is too tall. Statistics clearly point out that most of the hacking attacks are phishing related scams. The first point of attack against any organization be it Government or corporate is the end user who is not aware that he may be hacked. The same set of statistics also show that implementation of a second factor of authentication reduces identity theft by up to 99%. We believe that the implementation of AuthShield in any organization will drastically improve the authentication security of the organization and ensure that user credentials can never be compromised. Unlike other vendors which are based on a hackable seed based token concept (eg RSA getting hacked by Chinese hackers in 2011 affecting more than 350 organizations across the world), our One Touch Authentication is based on a PKI architecture using a smart phone. The Public Private Key exchange ensures that even system administrator of the authentication server cannot gain access to a user account.
How could you improve the security intelligence level by using internet interception & monitoring system?
Our Internet Interception and monitoring system is an Advanced persistent threat detection system. We monitor all incoming and outgoing connections across an entire state or an organization to record transaction metadata. Multiple heuristics algorithms are run on the metadata to identify all compromised systems connecting to a Command and Control center. Such a system working at a Gateway of the state / country could provide valuable intelligence on the multiple command and control centers targeting the country as well as information on the systems which have already been compromised.
What next is in your product roadmap and innovation map?
As of now, we are focused on developing a Facial recognition 2FA system. We recognize the fact that most devices have inherent support for cameras. We intend to use this functionality to authenticate the user based on his physical presence.
What is your go to market strategy in India?
We are in the process of setting up a strong channel partner network in India. While we have already tied up with multiple Tier 2 partners across the country, we are in the final stages of tying up with few Tier 1 partners. We believe that most organizations in the country require 2FA on their mails as well as SAP or other ERP systems. They will also prefer to have this functionality without going through the hassle of requiring a VPN. We intend to capitalize on this unique proposition of ours and take it to multiple customers across the country via our partners. We will also be sponsoring few major security events such as Ground Zero this year to reach out to the market
Who are your customers in India?
DRDO, National Housing Bank, BEL, Tata Advanced Systems, Vatika Real estate, Gateway Rail Logistics, Gateway District Park, DL Infra etc.