Cyber security startup Bitsensor has won the startup of the year award at the 2017 Computable Awards. It is another small step towards world domination for this Eindhoven based startup, founded Alex Dings and Ruben van Vreeland. We interviewed Alex and Ruben to learn more about Bitsensor.
When and why did you start bitsensor?
We started in 2015. Ruben was already a very successful ethical hacker. He noticed that many systems have weaknesses at the application level, that are not addressed by existing security products. Many security products (firewalls and scanners) only work on the network level. We started thinking about a product on the application level, investigated whether there would be a market for such a product, and started Bitsensor.
So how does it work?
Bitsensor consists of two components: a small piece of code (a ‘plug-in’) that must be included in an application and a cloud platform. The small piece of code checks all requests to the application and sends logging data to the cloud. The cloud evaluates all data and decides whether certain requests count as suspicious behaviour, and if needed tells the small piece of code to block suspicious users. Our customer gets a dashboard where they see all requests to their app and what kind of suspicious requests are made. The user can create new rules, change existing rules and also export data that is needed for audit purposes.
Does it work with all applications?
That depends on the plug-ins. We have created several plug-ins so far: Java, PHP, Drupal and Node.js. So these technologies are already supported. We are working on additional plug-ins (e.g. for .NET). If people cannot wait for our plug-in, they can also create a plug-in themselves. We believe in open source and have released our plug-ins on open source platform Github.
Do you compete with, or does your product replace products from other startups such as Zerocopter, Zivver, Hackerone and Redsocks?
In our view, customers can and should combine multiple security products to cover all angles. You will still need a basic firewall and virus-scanner even if you have our product. An advanced network scanner such as offered by Redsocks is also still relevant. We also recommend companies to keep working with outside ethical hackers, for instance with Hackerone or Zerocopter. In fact it is interesting to install Bitsensor before inviting ethical hackers. This way you can monitor what the hackers do and how they hack your systems.
Do customers need specialized trained staff to investigate the issues found by Bitsensor? If so, is this an obstacle for customers?
It depends. Like any monitoring product, it generates signals and someone should receive this signals and decide what to do. Customers can do this themselves if they want to. Large companies often have a Security Operations Center (SOC) with people who can do this. For smaller companies, we have a few selected partners that offer monitoring as a service: the partner companies provide the manpower so that the customer does not have to do anything.
Can you tell us who your current customers are?
No, unfortunately not. Our current customers use Bitsensor as an extra secret defense layer and they do not want hackers to know what products they are using. We have installed Bitsensor at a few of our own systems for demos.
What is your view on incubators and accelerators? Which networks are you part of?
We looked at several options but are always critical about the costs versus benefits. When looking at websites such as seed-DB , one sees that Y-combinator has a very strong track record but that other accelerators do not. We applied to Y-combinator only but were not selected. We also looked at crowdfunding solutions such as leapfunder. It is however hard to estimate how much relevant knowledge these investors will bring. For this year we are therefore focusing on the product and working closely with our current investor Volta Ventures.
You are quite successful in winning awards, as can be seen at the award wall in your office. Are these awards helpful?
Awards are not a substitute for customers, but they can be helpful. It helps us get noticed by potential customers. It probably also helps convince established customers to take an interest in startups. Security experts at large companies can be risk-averse. They may not think immediately about startups when looking for new solutions. It is thus good that Computable has a startup award, amongst all the other Computable awards.
And are you involved in The Hague Security Delta or other security initiatives?
We are active the The Hague Security Delta and are often working together with other companies during events like cyber security week. As a startup we have postponed becoming a fully paying member to save some cash. We are also working with other IT organisations, such as Nederland ICT. We try to connect to anyone that is active in promoting good security.
What is your biggest challenge at the moment?
We are doing well but we would like to have even more customers. We meet many potential customers that are very interested, but often they have practical difficulties in finding the budget for ongoing security services. Their IT budget is often project based and they are used to one-time investments, instead or ongoing services.