Cyberbit maybe new to the Indian market, but it is already making its mark on the huge untapped cybersecurity niche market here. Neri Zin, VP, Sales, Cyberbit and Rakesh Kharwal, Managing Director-India/South Asia & ASEAN, Cyberbit talk about Cyberbit’s plan to conquer the Indian market.
Give us a brief introduction of Cyberbit and your strategies in Asia-Pacific and India.
Neri: So on the higher level Cyberbit has been around for about four years. We are a spinoff of a big NASDAQ traded company. We focus on defence. And about two years ago we have decided to focus on Asia Pacific. Today we have a team of around 44 people in Asia and about 15 today in India. We are a great believer in this region. So that’s why we took a decision to use I.T. hub both for the internal market but also for the international market. We see a lot of traction in India. We see great potential in India both for the financial sector which is huge but also for other enterprises and its security service providers and global size.
“Cybersecurity awareness in India is at a very high level. The people know what they are talking about. You don’t have to explain unique and niche products.”
You cannot compare the amount of the multiple opportunities that you have here and there and the level of sophistication and the level of maturity of the local market in comparison to other markets. I mean Cyber Security Awareness in India is in a very high level. There is a regulation enforced.
And the people know what they are talking about. You don’t have to explain unique and niche products. Everybody is well aware and talk about it. So there was a lot of presence and that’s why we’re here. That’s why we decided to bet on India. We put a lot on this market. We put a lot of focus in hiring good people because at the end I believe you can have good products, but if you have a good team that’s the focus for success.
And how are you doing in the country. Are you in the commercial market that you exploiting or trying to exploit? Any other activity you are doing in India.
Neri: In India we’re looking in three different angles. We look at India as a potential for local consumption which is mainly as I mentioned BFSI, government and enterprises. What it gives India is a breach to the international market. A lot of global SI’s are from India and their products and their solutions outside of India both for implementation abroad US and Europe. You’ve got countries across Asia-Pacific but also as the services manage security so it’s becoming a very big trend in the west side and of course a lot of Indian companies are leading globally in the service sector. And third we’re moving a lot of resources from our headquarters into India. We started with office support and a little bit of marketing. We’re building the power here and in the future we will move some resources also to India for good with the Indian local adaptation of our products.
India is of course a very large market. From the commercial profitability point of view it’s not that great. Pricing wise you need to struggle here. You cannot command premium here because you have to give as much discount as possible.
Neri: I don’t look at it in this way. I don’t look at this as a negative thing. I think it’s a positive approach. The market in India is aimed on quantities and although in some specific case you can see that it’s price sensitive. This is common; I mean Indians are good traders. But I think it’s it gives entrepreneurs like our company a great opportunity to leverage their ability and their unique way of doing business work with Indian businesses as you might have to in the beginning shrink a little bit with your initial proposition but on an Indian scale it’s a wins as this is a completely huge market.
Tell us about the product range you have. What is the USP of these products?
Neri: In high level we are touching four major products. Our first product is aimed for skills elevation. One of the biggest problems today in the cyber security market is the skills shortage. It’s not only in India it’s globally which has a shortage of skilled personnel to operate the security issue. So this is a huge untapped market. We have developed a platform which we call the cyber range. It’s a platform that actually simulates the security operations center of your organization and lets you train your people in the organization on the real condition that we have actually simulated for them.
That’s the product. Secondly, e have a platform that we call the soft 3D it’s from a family of product that’s called SOAR. We are the operation of illustration products. And the intention is to actually automate as much activities as possible in your security operation center to create efficiency to save time and money after work and to just operate your activities in a more coherent way with a lot of playbooks and connections to other security tools and also automate those activities. We have both angles of implementing those specifically for organizations like banks which is usually our prime users for this but also for many security service providers.
So there is the third product that we call the EDR Endpoint Detection and Response. It’s very common globally. We are one of the global leaders on this one. We have the longest legacy product to serve in existing operational service for the first five years. We recently penetrated into the Indian market with the financial sector. There is a huge potential over here. We also provide two alternatives one is implementation in-house. This is according to the RBI regulation and also we are providing the possibility for many services to do an EPR as a service. We deploy the solution with the customer. They can manage it on their own. And the last product is a product which is aimed for the critical infrastructure namely airports, power generation, power transmission, oil, and gas. If someone is jeopardizing their activity in a national level it can be dangerous and also for their money as every minute counts. We have developed a product which secures those kinds of networks and provide a lot of visibility to their operation. So these are the four elements that we are engaging in.
What’s your route to the markets?
Neri: So we are working in two angles in high level. We are a channel oriented company and we are facilitating our business through channels. We are quite small. If you compare us to the big giants either in India or in the US we are quite a small company in terms of our selling for some. That’s why we need those channel partners. Some of that is for our very high touch niche products. So this is our current approach. As I mentioned channels can be resellers, we are actually providing them products that enable them to penetrate into the markets and to provide services which by the way has a much bigger margin than the product.
So when did you enter into India?
Neri: We entered in about two years ago but it was very niche in the beginning as we started with a very small team. We were a team of three. But very recently we appointed Rakesh as a leader and now we are a team of 15 people. And we are growing.
How would you describe your USP when compared to other brands?
Neri: I can hardly say that we are a market leader in this platform. We have more than 40 platforms already spread globally, 40 range and different separate facilities in India. We’ve just started two facilities here. But the potential here is huge. We’re looking into this. The idea and the unique selling points that we have on the cyber range is the ability to simulate your environment as native as possible. So the SOC operator when he sits in the platform and trains, he actually feels it in a real environment. We simulate the traffic, the security tools that he’s using and we have state of the art attack generator that actually simulates real attacks like they’re happening all over the world. So if tomorrow there is a new kind of attack for example a new ransomware is spreading around we have our team of metal research back home in our HQ who will develop a scenario that will simulate this kind of attack and pushed it unto our users. So they will be able to simulate this and learn how to protect themselves from this kind of attack.
What is there for the channels? What kind of margin would they get?
Neri: I don’t think it’s a matter of margin at this stage. Those products are niche products. We need to select partners very carefully who will be able to take this story into the market. I think the ability to provide services around the range training is not complicated. We can provide this capability to our channel partners but they need to have the operation and we need to take this into the market because we acquired some ability from them. We are very picky in selecting the right partners because it’s also a matter of their ability to deliver at the end. And I think there are a lot of other benefits that can come as an added value for those channels when they provide services of training. The market will come to them also to buy products, it can be our product but in most cases it will be other products that we simulate in our customer like SIMs or like endpoints that we have in our solution. Our concept of operation with many security partners is we brought together means that we start with a very humble initial cost for them and we grow together as much as they grow. We grow together. So the entry barrier for them to start using our product is very low key. It’s a niche product so for them.
So they are looking at the government and BFSI as a major buyer?
Neri: Government here has a lot of potential and focus towards enterprise. Especially for large corporate as it’s not for the private users.
Rakesh: Because all these products are niche, top of the line product required for the high end maturity curb of cybersecurity. For example you only need this platform if you have a good SOC operation. If you don’t even have a SOC operation what’s the point of using this? Similarly if you don’t have SOC operations, you won’t have skilled people. Why would a cyber range really make sense?
So you don’t have any SOC operations?
Rakesh: We are not into the business of offering SOC. That’s not our business.
Neri: We provide products that will allow SOC operation to be better, faster, operating more, and is cost effective.
Rakesh: That’s right. So you know the good thing about our product is that a lot of services are wrapped around it. So this isn’t about the partnership model to say we are a product company. We keep innovating our products. There are a lot of services that are wrapped around this- integration, scenarios building, it’s huge.
So far how has your success rate been in India?
Neri: So India is a new market for us. It depends only on how quick can I find good people and bring them into this market. So we are gearing up and there are opportunities in the first year. We’ve done quite well. We captured one major bank, and one major service provider. We started penetrating into small pockets and then land and expand on that.
What’s the roadmap for 2019?
Neri: The processes in India may take time but the market is very big here. There is always an opportunity. There is nothing that stops here. We don’t feel that it stops. Cybersecurity is a top priority for everyone. And when you look at cybersecurity skills there is a huge gap. And we’re addressing that part of the problem with our very unique way which is going to revolutionize how trainings are conducted on cyber security. So we see this market exponentially growing in the next three years. If today we have across Asia like 15 ranges in cyber ranges, I expect only 15 ranges in India in the next three.
What did the kind of message do you have for the company customers?
Neri: I think the message is very clear. Take care of your personnel. Make sure that they are cyber aware and that they have the skills to operate. Make sure that you are keeping them with you for the long term. And this you can achieve only if you are providing them with a specific tool which is not a theory tool.
They are skilled, smart people living in a ditch of the world. They want some kind of a gaming to play with. To understand how it’s really happening. So take care of your people. Provide them with the skills they could get to take it forward. This will be with your organization and your resiliency for cyber attacks.