Tag Archives: security

Rohit Srivastwa’s Junco Tech. acquired by Quick Heal to form Cyber Security Consulting Arm

Last week, Quick Heal, the Pune based information security and anti-virus company, acquired JUNCO Technologies, a Pune based cybersecurity and IT consulting firm founded by Rohit Srivastwa, and incubated by Science & Technology Park, Department of Science & Technology, Government of India

Rohit is a well known name in infosec circles in India. He is the founder of one of India’s first infosec communities, ClubHack, IT Pro/SysAdmin community ClubSysAdmin. He is specialist in IT infrastructure, cyber warfare and cyber-crime investigation. He has been an advisor to several military agencies, law enforcement agencies and corporates in India and abroad.

With the acquisition of JUNCO technologies, Quick Heal acquires this domain expertise, and in-depth industry and technical knowledge, and has launched Seqrite Services, a cyber security consulting organization, and will also launch Quick Heal Academy, to impart cyber security education programmes globally.

‘Seqrite Services’ will offer a Managed Security Services, including Cyber Audit and Cyber Forensics, Security Consulting and Security Operations Centre (SoC) to Enterprises and Government organisations. ‘Seqrite Services’ will be an arm of ‘Seqrite’, the Enterprise Security brand by Quick Heal which was launched in 2015.

‘Quick Heal Academy’ is created with the intention on building a talent pool of qualified cyber security professionals, who are in short supply in the industry currently. The academy will work closely with universities, law enforcement agencies, and education institutions to engage with students and design programs. The academy will offer Online, Classroom and Corporate training courses in Cyber Laws, Cyber Crime Investigation and Cyber Security.

The Cyber Security skills shortage is impacting organizations throughout India and around the globe, with employers reporting difficulties hiring skilled candidates and preparing for cyber security threats. According to NASSCOM, currently India has around 50,000 trained cyber security professionals in 2015 and the need is for at least one million skilled people by 2020. Commenting on the new vertical launch, Kailash Katkar, MD & CEO, Quick Heal Technologies Ltd said; “There is substantial awareness around the need for the security products and solutions;
proper consultation, education and skilled manpower is still lacking in the industry at large. At Quick Heal, we are determined to bridge this gap by putting to use our expertise which we have built over the years.” He further added; “We hope that through these two services we will be able to empower organizations in effectively addressing Cyber Security Challenges and contribute towards strengthening the cyber security training ecosystem.”

‘Seqrite Services’ will be led by Rohit Srivastwa. Vishal Kumar, a specialist in Cyber Law, having diverse exposure through his association with PwC and Asian School of Cyber Laws, will be steering the ‘Quick Heal Academy’ operations out of New Delhi. Vishal has also been a member of the working group on Cyber Laws, Legal Framework, and the Cyber Security, 12 Five Year Plan (2012 -17) Government of India.

Quick Heal, is of course Pune’s first major software product company to get an IPO, and is a provider of security software products and solutions in India. It has over 1,300 employees across 36 cities in India, and a network of over 20,000 channel partners. It has subsidiaries that are present in Japan, Dubai, the United States of America, and Kenya.

Quick Heal plans initial public offer in Dec-Jan – Financial Express

Financial Express reports that Pune-based computer security software products company Quick Heal is planning an IPO in Dec-Jan.

This is likely to be Pune’s first software product company IPO, unless Pubmatic manages to do an IPO before that (which is still quite possible).

Excerpts from the article:

In 2010, the Pune-based company was valued at Rs 600 crore, when Sequoia invested Rs 60 crore for a 10 per cent stake.

Sales have grown from Rs 10 crore a decade ago, to over Rs 215 crore in FY 13 and expects to cross Rs 250 crore mark in FY 14, Katkar said.

“Over a span of 20 years the company’s R&D has focused on computer and network security solutions. We now plan to expand new products range with the launch of new version of end point security (EPS) in July-August this year. We are also offering data loss prevention and mobile devise management to our customers,” Katkar said.

The company has more than 8 million customers in 60 countries. The company has strong global presence with offices in Dubai, Japan, USA and Kenya. It plans to strengthen the staff strength in these offices and looking at opening new office in Europe and Australia in the near future, he added.

QuickHeal, which claims a 35 per cent market share in India’s consumer anti-virus market, was founded by Pune-based brothers Kailash Katkar and Sanjay Katkar.

Read the full article

LiveBlog: Intelligence at the Edge

This is a live-blog of the event organized by @NexusVP, with the CTOs of @DruvaInc, @Helpshift, and @Uniken_Inc, talking about “Intelligence at the Edge” – i.e. the increasing amount of enterprise data that is now found in mobiles, laptops, and other devices of their employees, and how that is changing the world of enterprise software.

The panel consisted of these people:

  • Jishnu Bhattacharjee (@b_jishnu), of Nexus Venture Partners:
  • Sanjay Deshpande, CEO and Chief Innovation Officer at Uniken, a Pune-based enterprise security company.
  • BG (@ghoseb), CTO and Co-founder at Helpshift, a Pune-based company that provides a software platform that allows mobile app developers to incorporate high quality customer service and support into their apps.
  • Milind Borate, CTO and Co-Founder at Druva, a Pune-based company that provides backup solutions for the enterprise.

Here is a random list of interesting stuff said during this discussion:

  • More and more data and intelligence is being pushed at the edges of the corporate networks. Translation: Imagine a large company. It has an IT department that runs many servers and complicated applications in their labs and data centers. In the past, most of the data and intelligence of the enterprise was in these servers. But in recent times, the devices in the hands of the employees (the desktops, laptops, mobile phones) have more and more powerful apps, more sensitive data, and more unique data (i.e. data which is not replicated on the servers). This is the “edge” of the enterprise.
  • What does Druva do? Druva looks at data that is sitting on laptops, mobiles, and other devices at the edge from 4 different angles:
    • Backup of the data
    • Data theft prevention if the data falls in the wrong hands
    • Analyzing the data on all these devices and providing intelligence (actionable insights)
    • Being able to share that data with others: colleagues within the company, but also outside – customers, vendors

  • What does Helpshift do? Built a SDK that mobile developers can download and incorporate into their app to automatically and easily get very sophisticated customer service into their app. For example:
    • Reduce customer service calls through the use of in-app FAQs, which can easily be updated by the developer – updates to the FAQ can be pushed to all customers mobiles automatically
    • When a customer reports an issue, the Helpshift runtime uses breadcrumbs to keep track of what the customer was doing just before hitting the issue, so that without any extra effort on the part of the customer, details of the device, the configuration and what exactly caused the bug are sent to the server
    • Now they are focusing on building machine-learning based higher level features. Their bigger customers have millions of daily users and get thousands of support issues per day. So, they need sophisticated analysis to figure out the common patterns.
    • 80% of Helpshift’s market is the US and the remaining 20% is from the rest of the world, including Europe and Latin America
    • 80% of the money comes from iPhone users. But Android is still young, and growing.
  • What does Uniken do? Uniken realized that most of the technology on the internet has been driven by media companies who want to sell ads on their websites, and maximize the number of users, whereas enterprises (like banks) are trying to use the same internet to give a very secure experience to their (captive) users. There is a mismatch here, and what the enterprises need is a much more secure environment where they have much more control over all the pieces in the chain – including the network and the devices being used by the customers. This is the area Uniken is in.
  • Indian market vs US market: In India, there is a software/web/mobile market, but a lot of it is mostly consumer oriented. The B2B software market is still not really well developed, and is it not easy to make much money here.
    • 60% of Druva’s revenue comes from the US, 30% from Europe, and 10% comes from the rest of the world (India included).
    • Druva started off trying to sell in the Indian market. They tried in-person enterprise sales, and had a tough time. In the meantime, they started getting enquiries from the US from people who had simply downloaded their software, tried it out, liked it, and wanted to buy it. Over time, this increased, and they soon realized that US was where the real market was.
    • One of the key things that helped them was that they built software that was very easy to download off the web and install without requiring any help from the company itself. This was unheard of in the enterprise backup business (which was dominated by companies like Symantec/Veritas, EMC etc.)
    • Druva used Google adwords very effectively to market its products. The big players like Symantec/Veritas, EMC have very large sales organizations with great reach, and it would have been very difficult for Druva to compete with them in terms of reach of their salespeople. But Google adwords allowed them to reach out to customers all over the world.
  • BigData is big. The number of devices (mobiles, laptops, desktops) that people are using is so huge, that with even minimal intelligence in each device the amount of data is huge – petabytes.
    • Collect as much data as possible. You will find uses for it later.
    • Don’t worry about where/how to store the data. Just store it in flat files initially, and then later you can figure out where to put it to analyze it.
    • No single software will solve all your problems. Use everything – SQL, NoSQL, Hadoop, etc.
    • What has made this possible is the fact that all these devices are now internet connected, and hence all the data can be collected and stored centrally in the cloud. Further, again because of the internet connectivity, it is possible to push software updates to the devices, so the data collection abilities can be continuously upgraded.
  • How has Uniken managed to sell into the Indian enterprise market? It is currently 100% in the Indian market – and it sees India as a big market, with lots of potential. Most Indian software startups struggle with this (as seen by Druva’s experience above). You need to do this:
    • In any company, identify the right person – the one who has enough vision to do things differently, try new products, and who can also get things done in that company
    • Choosing the right champion in the customer company is key
    • Keep meeting the right people, keep selling them your story, keep plugging away, until the sale happens
    • Think of an enterprise sale as dating with a long-term relationship in mind
    • Have lots of patience. Don’t give up. India is a market requires a lot of patience.

Pune based enterprise security firm Uniken raises investment from Nexus Venture Partners

Pune-based enterprise security software company, Uniken, has just raised a round of funding from Nexus Venture Partners, reports the Economic Times. The amount of funding has not been disclosed, but the internet is claiming that it is around $4.8 million. This is Nexus’ second major investment

Uniken’s main product is the REL-ID platform which allows enterprise software to be accessed from remote clients (i.e. mobiles, laptops, or home computers of customers or employees) in a secure way, in spite of the fact that the client is connecting to the server via an untrusted internet connection.

Imagine a bank, which is able to give its customers a “secure” mobile app that connects to the bank servers over the internet, but then uses REL-ID’s “private communication circuts” to establish a secure connection between the app and the server. Similarly, imagine an the sales database of a company being accessed by one of the salespersons on the road using a laptop. REL-ID PCC can be used to secure the connection between the laptop and the enterprise app without requiring laptop to be on the company network, and without requiring a VPN.

So, how is Uniken’s solution different from using an SSL or IPSEC based VPN?

According to the company’s website, REL-ID PCC is based on the concept of App-to-App tunneling. VPN’s on the other hand are based on TCP/IP Tunneling technology. VPN’s are installed as virtual network adapters and need administrative rights on the client machine in order to install them. VPN’s do not come with in-built mutual authentication and encryption technologies, for that one has to additionally invest in 2-way SSL or IPSEC technologies, increasing the total cost and complexity of the solution. These solutions are not viable when it comes to roll-out to large number of users.

More information about the product is here and here.

The Economic Times reports:

The firm has filed three patents and expects to file 12 patents in next one year. “Uniken is disrupting the digital security space with this platform that provides military grade security with rich digital experience,” said Sandeep Singhal, managing director at Nexus.

So, in the last few days, we’ve made two additions to the list of Pune companies that have raised funding in recent times (and that is even without counting the 3rd round of funding for FirstCry, because that was already on the list.) Is any company missing from our list? Please let us know.

Turing100 Lecture: Talk on Ken Thompson & Dennis Ritchie (creators of Unix)

In 1983, Ken Thompson and Dennis Ritchie were given the Turing Award “for their development of generic operating systems theory and specifically for the implementation of the UNIX operating system.”

Prof. T.M. Vijayaraman will give a talk on the life and work of Thompson and Ritchie, and the history of Unix, on 27th July, from 2pm to 5pm at Dewang Mehta Auditorium, Persistent (SB Road).

The event is free for everyone to attend. Register here

About the Turing Awards

The Turing awards, named after Alan Turing, given every year, are the highest achievement that a computer scientist can earn. And the contributions of each Turing award winner are then, arguably, the most important topics in computer science.

About Turing 100 @ Persistent Lecture Series

This is year 2 of the the Turing 100 @ Persistent lecture series. The series started in 2012 to celebrates the 100th anniversary of Alan Turing’s birth by having a monthly lecture series, and the success of the talk series in year 1 has resulted in the series being continued in 2013. Each lecture is be presented by an eminent personality from the computer science / technology community in India, and covers the work done by one Turing award winner.

The lecture series has featured, or will feature talks on Ted Codd (Relational Databases), Vint Cerf and Robert Kahn (Internet) Ken Thompson and Dennis Ritchie (Unix), Jim Gray, Barbara Liskov, and others. Latest schedule is here

This is a lecture series that any one in the field of computer science must attend. These lectures will cover the fundamentals of computer science, and all of them are very relevant today.

All the slides and videos of all the talks in the last year are available here.

The next talk in the series will be TM Vijayaraman talking about Ken Thompson and Dennis Ritchie. In August, Ajay Deshpande will talk about Barbara Liskov, and in September Hemant Pande will talk about Fran Allen.

Fees and Registration

The event will be at Dewang Mehta Auditorium, Persistent Systems, SB Road, from 2pm to 5pm on Saturday 27 July.

This event is free and open for anybody to attend. Register here

National Conference on Cyber Security – focus: Defense & other Govt Agencies

The Defense sub-committee of MCCIA Pune has organized a national conference on Cyber Security, with the intention of bringing together people/companies who are interested in working in the area of cyber security with the key policy and decision makers from defense, police, and other government bodies. Should be a great conference for CEOs/CTOs/Domain experts interested in working with the Indian Government in the area of cyber security.

The conference is a 1-day conference, on 26th July, at MCCIA, SB Road Pune. Register here

Overview

Cyber warfare is emerging as the new dimension in warfare and cyber security is attracting lot of attention globally. Impact of problems in this domain is felt across all sectors including defence, governmental institutions, industries and commercial organizations and many others. Interactions and learning from collective experience is one of the best ways to prepare for meeting these challenges. The main propose is to initiate interactions and dialogue between users and practitioners from Armed Forces as well as IT and ITES companies and experts on cyber security.

Needless to mention that this topic has gained prominence in the recent times and Government of India has appreciated the importance and the need to seek private sector participation in this vital area of National Security. You would therefore appreciate the importance attached to this event for creating the much desired awareness among the private sector to support this endeavour of the Government in general and the Defence Forces in particular. A small concurrent exhibition is also being organised for industry to display their capabilities.

Programme

  • Innaugural Session
  • Technical Session – I: Cyber Warfare And Cyber Security – Defence And Homeland Security Domains
  • Technical Session – II: – Systems And Processes As Defence Against Cyber Threats
  • Technical Session – III: Equipment And Solutions Canvass For Cyber Security
  • Technical Session – IV: Armed Forces And Civilian Cooperation Models
  • Valedictory Session

Program Facilitators:

Senior officers from services HQs, Army CERT, DIARA, HQ Southern Command, DRDO, DGQA, MCTE and other relevant establishments. Also senior officials from Police, IB, NTRO & CRPF for participation. There will also be a substantive participation from civil cyber security fraternity.

Who Should Attend

The conference will offer an excellent opportunity for those who are interested / working in the vital domain of cyber security to hear and interact with key decision makers and policy makers from Defence and government agencies about national policies and perspective plans. These plans will necessitate participation and cooperation between government, Defence and civilian experts whether for equipment and systems, training or enforcement

Fees and Registration

This event is open for anybody to attend, and costs Rs. 2000 (1500 for MCCIA members). Please register here

Turing100 Lecture: Rethinking Education by D.B. Phatak – 29 June

As a grand finale for the Turing100 Lecture Series that was held all year at Persistent, this time, there is a talk on “Re-thinking Education – Transforming and Scaling the Learning Model” by Padmashree Prof. D.B. Phatak of IIT-Bombay.

The event is free for everyone to attend. Register here

About the Turing Awards

The Turing awards, named after Alan Turing, given every year, are the highest achievement that a computer scientist can earn. And the contributions of each Turing award winner are then, arguably, the most important topics in computer science.

About Turing 100 @ Persistent Lecture Series

This year, the Turing 100 @ Persistent lecture series will celebrate the 100th anniversary of Alan Turing’s birth by having a monthly lecture series. Each lecture will be presented by an eminent personality from the computer science / technology community in India, and will cover the work done by one Turing award winner.

The lecture series will feature talks on Ted Codd (Relational Databases), Vint Cerf and Robert Kahn (Internet), Ken Thompson and Dennis Ritchie (Unix), Jim Gray, Barbara Liskov, and others. Full schedule is here

This is a lecture series that any one in the field of computer science must attend. These lectures will cover the fundamentals of computer science, and all of them are very relevant today.

Fees and Registration

This is a free event. Anyone can attend.

The event will be at Dewang Mehta Auditorium, Persistent Systems, SB Road, from 2pm to 5pm on Saturday 29 June. This event is free and open for anybody to attend. Register here

Win 3 free passes to ClubHack via Online Capture-The-Flag Hacking Contest

ClubHack is one of India’s foremost conferences on Security, and this weekend Pune will play host to the 5th ClubHack conference. Richard Stiennon is the keynote speaker, and look here for the complete agenda.

ClubHack has now announced an online “Capture-the-Flag” hacking contest, and the first three contestants to capture the flag get a free ticket to the conference. (If you’ve already bought a ticket, you can still participate, and transfer your winning ticket to a friend.)

More details of the contest are here.

TechWeekend – Web Security – August 20

TechWeekend Pune and Microsoft present a technical session web security on Saturday 20th August, 10am, at Sumant Moolgaokar Auditorium, MCCIA Trade Tower, ICC. This session will feature Rohit Srivastwa (of ClubHack) talking about some of the top web vulnerabilities, how they work, and how to prevent them, and Aditee Rele (of Microsoft) talking about the new security features in IE9.

Top Web Vulnerabilities – Rohit Srivastwa

This talk will cover 6 of the top 10 most exploited vulnerabilities on the web as reported by OWASP. Specifically:

  • Cross-Site Scripting
  • Information Leakage
  • SQL Injection
  • Local/Remote File Inclusion
  • Unrestricted uploads
  • Shell Injections

and best coding practices whereever possible.

The speaker Rohit Srivastwa is one of Pune’s most well know security evangelists. He has an expertise in cyber crime investigation and IT infrastructure management. Rohit is actively involved advising several military agencies, law enforcement personnel, media, corporate and Government bodies in these fields.

Rohit Srivastwa is also the founder of ClubHack, a member driven community to spread the security awareness. ClubHack organizes an international hacker convention in Pune every December.

For more see Rohit’s website

Security Features in IE9 – Aditee Rele

The latest version of Microsoft’s browser contains a lot of technologies focused on making the browser very safe from malware and phising attacks on the internet. It uses a new mechanism called layered protection against malware and a bunch of memory and exception handler protections to ensure that the most common ways of exploiting security holes are automatically plugged. To prevent phishing, it uses a SmartScreen filter to block bad URLs, and an application reputation mechanism to detect untrustworthy executables, providing what they claim is 100% social engineering blocking.

The speaker Aditee Rele works in the Developer and Platform Evangelism (DPE) Group at Microsoft Corporation, India. She focuses on addressing architectural challenges in the enterprise and web space and has first-hand exposure to large implementations on various platforms across Microsoft Technology Suite.

Fees and Registration

This event is free and open for anybody to attend. No registration required

The event starts at 10am, in the Sumant Moolgaonkar Auditorium, Ground Floor, Wing A, ICC Trade Center, SB Road. Please come 10 minutes early since security at the venue takes a little time, and we are planning on starting the event on time.

Call for Presentations – ClubHack Security Conference – Dec 2011

ClubHack is one of India’s foremost conferences on Security and is now in its 5th year. As usual, it will be on the first weekend of December (3rd & 4th) in Pune. Last year, [ClubHack ] had Security Guru Bruce Schneier as the keynote speaker.

The call for presentations is out, and if you’re working in the area of computer security, you should submit a presentation proposal.

Why should you submit?

Being a speaker at a conference gives you visibility and establishes you as an expert in your domain. Plus, as a part of the community, it is your duty to ensure that such events get the best quality of content. And in addition there are the material benefits:

  • 100% Travel reimbursement of economy return tickets for all Indian speakers
  • Accommodation for 2 in Pune
  • Complementary passes for event & party for 2
  • Gift hampers & freebies

Suggested topics are:

  • Cloud Application Security
  • Mobile Security (cellular technologies)
  • Mobile platform attacks (iOS, Android, BB, Win7, Symbian)
  • Cyber Intelligence
  • Cyber warfare
  • Hardware mods
  • Critical Infrastructure Attack & Protection
  • Protocol based vulnerability in networks and computers
  • Firewall Evasion techniques
  • Data Recovery and Incident Response
  • WLAN and Bluetooth Security
  • Cryptography and Cryptanalysis
  • Computer forensics
  • Open source hacking toolkit
  • Cyber Crime & law

But of course, you can submit proposals for talks in other related areas of security too.

See the CFP for more details, and specifics on how to submit a proposal.