Once upon a time, the WWW was a static place. Web pages contained HTML, and a web server’s sole purpose in life was to respond to requests from a browser, lookup the asked page, and return it back to the browser that would render it like magic. Over time and hard work by humans, servers gained intelligence so much as to provide ways for humans to interact with systems and deliver dynamic content. This was remarkable progress (This is the underlying principle behind all services that we throng on day in and day out) and gained traction until one day when a hacker entered the system by means of those interactions the server provided. This had to be controlled.
Server security was born.
Fast forward two decades, and server security still remains the most critical issue, especially to organizations that conduct their businesses online. Securing a web/application server can be a challenging task, with hackers looking out for vulnerabilities and loopholes in your system and ready to pounce. This becomes all the more difficult for smaller organizations and startups, that do not have the resources for a dedicated security team.
Welcome Ankhorus Cyber Security, a Delhi-based SaaS-based security provider that offers customized cyber security solutions which are executed on the basis of Open Source Security Testing Methodology Manual (OSSTMM), and Open Web Application Security Project (OWASP), that also ensures high level security audits. The crux of Ankhorus’s service-based security is a ‘server shield engine’ that provides HIDS (Host-based intrusion detection system) and HIPS (Host-based intrusion prevention system).
How does it work?
Being a SaaS-based model, Ankhorus provides a subscription-based service. All you have to is sign up, choose a payment plan, and add your server details. proprietary code daemon which works as HIDS / HIPS gets installed on your servers and provides protections like firewall, real time intrusion detection system, DDoS protection, brute force protector, real time intrusion protection system, and real time notifications.
Once you have our added your servers, you can periodically request auditing of your servers for latest vulnerability threats. The VAR reporting system gives you minute details about your server vulnerabilities. The Vulnerability Assessment Report is a detailed report which shows the complete analyses of the servers and results the risk factor for the server of being compromised. VARs are crucial and highly confidential documents that are generated and immediately emailed, and are never retrievable on Ankhorus’s server shield or other servers. It then also lets you patch the detected vulnerabilities on to your servers.
How is security ensured?
Ankhorus provides Customized Security Software Solutions, Latest Malware Analysis and Solutions, Cyber Crime Investigation, Onsite Security Operations Centre and Lawful Interception Services. Ankhorus helps you in securing web applications by clearly understanding the needs and sorting out a solution that can be split into four areas:
Managed web security: Web vulnerability assessment is a sophisticated task that includes assessing the application, framing out the bare-bone structure for the solution and patches, generating customized reports of patched solutions, and creating a hacker-based simulation.
Managed application security: Today’s applications are complicated and curiously designed as per very specific needs of the organization. Ankhorus performs audits over applications by evaluating the application as well as the source code, and suggesting upgrades and source modification, if necessary.
Corporate risk management: Ankhorus also covers against cyber espionage by providing internal fraud control, employee monitoring system, and corporate risk consulting.
Penetration testing: By simulating an attack from malicious outsiders who do not have an authorized access to the system, a hardcore penetration testing is done, that also involves source code and network auditing.
Who should use it?
A couple of limitations of Ankhorus: it only works for Linux-based servers as of now, and you have to cough up US Dollars for the tailor-made plans available, that are all monthly and become expensive as you add more servers. However, you can ask for a customized plan to suit your needs. There is also a 14-day trial plan.
Ankhorus is co-founded by Rohit Kaundal and Raghav Shandilya, both of them working as ethical hackers and security consultants in their previous lives. Here is a quick QnA with Rohit:
PI: How much resources does the engine consume once installed on my server?
RK: Actually by using the word engine we stereotypically thinks that it will a heavy blotted engine consuming hell lot of resources, but the fact is its not. The engine sits as a watchman guarding against potential server based attacks as well as informing the administrator about it. It does not takes much resources and computing power and is multithreaded in operation and its size is less than an MB.
PI: Why only Linux servers? Are you planning to cater to Windows and other servers in the future?
RK: Actually the market share of Linux is around 60% in server and data centre industry. and also we wanted to created a minimum viable product for this industry and that is when the idea of server shield struck. We will be catering to windows servers also in next couple of months.
PI: What has been the traction so far? Can you name a few startups that have been using it?
RK: These are some startups that currently are using our product to secure thier servers
We have also been approached by some banks for test trial of this product on their servers. In addition to that I am happy and proud to tell you that our startup has been empanelled into NSD (National Security Database) http://nsd.org.in.
PI: I see pricing in dollars. What is your target market?
RK: Yes our pricing is in dollars and in India adjusted to rupees. We are targeting global cyber security market specifically in SAAS segment.
PI: All your pricing plans are monthly. Don’t you get requests for/are you not planning for an annual subscription?
RK: Currently we are in beta stage and so want our users to experience the product by giving them flexibility of monthly subscription and reporting any errors / feedback to us.
PI: Who are your competitors in India?
RK: Currently there are no companies catering to cyber security products as such but we do have some startups that provide cyber security ‘auditing services’. We want to brand ourselves as the leader in cyber security products.
PI: How big is the team?
RK: We are a 7-member team, Raghav, me, 4 programmers and one marketing guy.
My suggestion to the Ankhorus team is to firstly work on the portal, that needs to be proofread and cleaned up of typos and grammatical errors. Secondly, try and have a pricing in INR instead of USD to reach the Indian market.
The service looks promising, but the most important factor in using security as a service is the security of the service itself. That trust being established, this is a boon for all startups and SMBs that are losing sleep over security. If you are one of those, try Ankhorus and voice your experience in the comments section.