Astra Security COO, Ujwal Ratra’s take on Cybersecurity

During the pandemic, companies in all sectors have had to shift to digital in a small or big way, to keep up with the times. This has also resulted in a wave of unprecedented cybersecurity risks, which many are ill-equipped to tackle.

 

In this exclusive interview with Analytics Steps, Mr. Ujwal Ratra, Chief Operating Officer, Astra Security, delves into the importance of cybersecurity for today’s businesses.

 

( Recommended blog - What is Cybersecurity? Types and Importance )

 

 

Astra- Products and Services

 

Astra Security is a notable name in the cybersecurity business, offering solutions with the aim of making cybersecurity simple.

 

“Every solution takes under five minutes to set up and offers a 10x better experience than their contemporaries,” Ratra says.

 

Astra offers two major products in their suite of tools- Pen Test/Security Audit and Website protection.

 

“Pen tests are a critical component when it comes to securing applications & infrastructure.”

 

Ratra describes the working of their pen tests. Their intelligent vulnerability scanner runs over 2500 security tests to find vulnerabilities in the target application, after which their security engineers try to break in and find every possible vulnerability that can be exploited. “All the vulnerabilities found are reported on our Vulnerability management dashboard with criticality, video POCs, steps to fix, potential bounty saved and the option to collaborate with our security engineers for any patching assistance.”

 

Speaking of their Website protection solution, he says-

 

“Website is the face of any business. Our website protection suite contains a Rock Solid Firewall that protects websites from 100+ types of attacks like SQLi, LFI, RFI and Bad bots in real-time.”

 

In addition to that the suite also contains a Malware Scanner that automatically scans and flags malware in the website file system. “With its state-of-the-art scanning engine, the scanner optimizes each scan to the website's technology and takes negligible resources during the scan,” he explains. “It is one of the fastest and optimized malware scanners in the industry.”

 

Astra’s clientele boasts of several prestigious names including Vodafone, Unilever, TEDx, and Ford. Ratra attributes this success to the “ease of setup, actionable results, continuous and rock-solid protection” that they offer with both their products.

 

Their global presence also helps them stay up to date on threats.

 

“Since we protect thousands of businesses across the globe, we have access to a constant stream of updated threat feed. This intelligence is fed into the products which get more intelligent each day thus benefiting the entire network. And this cycle continues.”

 

Ratra adds that they also strive to resolve all their customers' security problems under one roof. He cites an example- “We realized that most of our customers go for compliances like ISO, SOC etc. Thus we built over 2500 test cases covering OWASP, SANS, ISO, SOC standards in our vulnerability scanner. This helps our customers be continuously compliant with industry standards.”

 

( Recommended blog - Compliance Testing - Everything you need to know )

 

 

Importance of Cybersecurity in 2021

 

It seems that there is a lack of cybersecurity education among businesses these days, which leads to them having a hard time coping with today’s complex and evolving cybersecurity needs.

 

Ratra thinks that while addressing the importance of security, it is also necessary to acknowledge that security is not the core business for most businesses. “They may be a SaaS company selling a CRM, a blockchain application doing something innovative, or an e-commerce store,” he says. “Now security is important for each of these businesses but it's not the core competency of the team building the product and that is absolutely fine. All that is required is the awareness and acknowledgement of the need to be secure.”

 

2021 has seen some major cybersecurity crises, globally from the breach in the Florida water system in February to the ransomware attack on Acer in March. Reports say that India is one of the top nations when it comes to being targeted by cyberattacks. This surge can be explained by the onset of the pandemic and a shift to a digital workstyle by companies all over.

 

“Along with all the sad and negative things, one positive aspect that happened because of the pandemic is the speed of tech adoption by businesses and individuals,” Ratra says. “As the pandemic raged, it forced businesses to go online in almost a blink. And this by no means is a small feat. It displays the agility of businesses and also underlines the importance of being flexible (for individuals and companies alike). Being flexible and moving fast has become the necessary condition for companies to stay afloat.”

 

So why does this cause a boost in cybersecurity risks?

 

“Moving online and away from a geographic perimeter also meant an exponential increase in the attack surface (the points from where leaks can happen). Businesses have employees sitting all over the world, on different networks, having sensitive data access. The pace of development is faster than before with new features being churned out by the day. All this brings in new kinds of challenges for businesses.”

 

So, according to Ratra, businesses need to ensure that their attack surface - applications, infrastructure, and people are well-protected. “You can never be safe enough but you can take some basic measures and be safe enough to have peace of mind,” he says.

 

( Recommended blog - Impact of COVID-19 on Security Analytics )

 

 

Security Consciousness in Consumers

 

Apart from ensuring the security of your company, being security conscious offers a company other advantages. Customers give value to companies that prioritize security.

 

“As consumers, all of us are now more conscious of our data. The fact that WhatsApp had to run full-page advertisements in national newspapers to clarify their stand on data collection/processing proves this. This also gives an opportunity to businesses to use the tag "security conscious" to market themselves better.”

 

Ratra draws up a scenario to illustrate this- “Consider that you are looking for a CRM to better manage your customers. You find a couple of them and decide on three which seem to have similar core features. Now one of them has a section where they mention the security measures they take to ensure the security of your customer data & that they understand how critical the data is for you. How likely is that going to influence your purchase decision?” Ratra affirms that from their data, these factors are in fact very likely to influence purchase decisions.

 

Both of Astra’s products come with publicly verifiable certificates and seals. Ratra assures that they have seen the conversions increase for our customers when they display the certificate and seal on their websites vs when they don't.

 

“Our customers brag about the fact that they take their security seriously by sharing their unique certificates with their partners & customers. The trust that it instils goes a long way.”

 

 

Steps for Basic Cyber Hygiene

 

This is a time when “National level cyber attacks are not a subject for sci-fi movies anymore,” as Ratra says. He describes a simple list of must do things to ensure basic cyber hygiene - 

 

• Update any third party software/plugin that you are using regularly. Make sure you have the version with the latest security patches.

 

• Use the principle of least privilege in all your applications/systems. Any user, program, or process should have only the minimum privileges necessary to perform their function.

 

• Misconfigured servers (AWS. Azure, Google clouds) have been one of the biggest sources of data leaks in the last few years giving hackers access to secret keys, essentially letting them access millions of records. Ensuring these servers are checked both internally and audited by external security companies for best configurations from a security perspective is the key.

 

• Ensure that data is encrypted in transit & at rest

 

• Classify data into relevant buckets (highly confidential, confidential, non-confidential but not public, public), define access only on a need to know basis & have strict policies to handle each type of data

 

• Have strong password policies for employees & mandate regular updation of password

 

• Mandate 2FA wherever possible

 

• Get regular security audits done for your applications & infrastructure. Hack yourself before hackers do.

 

( Recommended blog - 7 Best Data Security Practices )

 

 

Hack Your Business Before Hackers do

 

So to cope with today’s ever-evolving needs, Ratra says the solution is to keep it simple.

 

“One of the simplest ways to be more secure is to have regular security audits. The idea is to hack yourself before hackers do.”

 

 

Ratra says that one of the guiding principles at Astra is simplicity. “We believe if it's not simple, it's not done,” he says. He gives an example, “Our security audits seamlessly integrate with our customers' development cycles. Weekly scans by our vulnerability scanner ensures that the new feature additions don't lead to new vulnerability additions.”

 

Ratra firmly believes that security audits and penetration tests are of utmost importance.

 

“The importance of Penetration tests can’t be stressed enough. Businesses need to hack themselves before the hackers do.”

 

Ratra explains that vulnerability assessment and penetration testing exercises help businesses uncover potential gaps in their applications and infrastructure which could be exploited by malicious actors.

 

He also stresses on consistency. “While there is definitely an increase in the number of businesses going in for penetration tests, this shouldn't be a one-off exercise,” he says. “In fact all security standards like ISO, SOC ask businesses to get regular penetration tests done.”

 

Ratra says that all their customers run weekly vulnerability scans using their scanner and top that up with monthly or quarterly pen tests. “Our suite is developed in a way that fits in well within the development sprints of our customers so that there is no disruption in their ongoing product road map,” he explains.

 

 

Future of Cybersecurity

 

Astra Security has come a long way since its inception. “Till a couple of years back, we used to write articles mentioning how cyberattacks are real and businesses of all sizes are vulnerable,” Ratra explains. “The news of some security incident every other day has ensured that most of us now know the reality and we don't have to write such articles anymore.”

 

Speaking of the future of cybersecurity, Ratra says that the tech behind both the attacks and defence will obviously evolve and get more sophisticated. “But I want to answer this from a mindset shift perspective,” he says. “The move from reactive to proactive security is happening as we speak and that trend, I believe, will accelerate in the coming years.”

 

“Especially for SMB's, just like locking your physical store/office seems natural, your online office lock will also start being normal.”

 

As for new developments within the company, he says there are some great things in the pipeline with their vulnerability scanner, and also a new version of the Website protection product in the works. “At Astra, our mission has always been to make security super simple for businesses and that will always be true,” he concludes. “Our existing products will evolve and we will be developing new products going forward, all with the mission of making security super simple.”