If someone asked you to tell them about iViZ in about three sentences, what would you say?

iViZ is the industry’s first cloud-based penetration testing company. Unlike our competition, we provide consultant-grade quality of penetration testing for applications with an on-demand SaaS experience. We guarantee zero false positives with business logic testing and expert validation in an easy and cost-effective manner.

How did the idea for iViZ come about? How did you end up choosing the SaaS model?

While conducting one conventional penetration testing exercise, it dawned on us that even as a security expert; we cannot comprehensively detect all multi-stage attack path possibilities. Especially, once a network is successfully broken into, we tend to become complacent and the mental incentive to find all and every ways to penetrate diminishes.

To overcome this barrier related to basic human instinct, we explored the usage of Artificial Intelligence to simulate all multi stage attack possibilities. A prototype was built & refined over next 9 months and stabilized after testing it in several environments. Thus, the automated penetration testing product was born. This technology is currently under “patent pending” with USPTO (United States Patents & Trademark Office).

After successful installation of the product in a few client organizations, we realized that it is extremely difficult for an organization to hire good security persons and it is more difficult to retain them and hence they don’t have enough people to run the tool.

We felt that a penetration testing which can be done anytime, anywhere and anyhow is the need of the day. We decided to leave the software approach and adopted the emerging Software as a Service (SaaS) business model. Thus, the world’s first On Demand Penetration Testing was born!

How is iViZ different from other information security/network security companies?

What Salesforce did to CRM, iViZ did to penetration testing. To use another analogy, it is like Ernst and Young quality reports with a Qualys experience.

As you know that the usual products like Qualys, Appscan or any other tools generate a huge report with lots of false positives. So, you need to have consultants checking them and removing the false positives. They also need to do in-depth business logic testing for discovering the false negatives.  This would mean a lot of man-power cost or consultant cost. iViZ would guarantee that the report would match consultant grade quality.

However, with consultants, the problem is that they would only work regular hours. You cannot get a test done anytime you want. For example, your business may need testing on a Saturday night either due to some immediate need or because that’s the period when your system is used the least.

If you have to get a test done during that time by consultants or in-house people, it would mean paying them higher fee. Now, if you need 100 such tests to be done, it surely gets difficult since consultant-driven approach cannot scale. Also, imagine having hundreds of PDF reports. It becomes very difficult to manage them, get an overall picture, understand the trends or track the issues not fixed.

iViZ being on-demand and cloud-based eliminates all this problem and you can the tests done anytime. You can also use the on-demand portal and use the dashboard for better vulnerability management.

Tell us about your background, Bikash.

I have done a double B.Tech from Indian Institute of Technology (IIT), Kharagpur in ‘Computer Science’ (Hons) and ‘Architecture’ and also a Masters in ‘Computer Science and Information Technology’. I worked in the areas like simulation of a hacker’s mind using Artificial Intelligence, Cognitive Hacking, Social Engineering, Attack Simulation etc.

Is there acceptance for your concept? We understand that you’ve discovered a number of security flaws in software products worldwide. Can you throw some light on that? Also, who are your customers?

iViZ has won numerous awards for its technology from organizations globally. For example, iViZ was selected among the Top 6 Security companies by US Navy, US Department of Homeland Security and London Business School. iViZ also won awards from Red Herring, Business Today, NASSCOM and several others.

At iViZ, we believe in cutting edge security research and we have broken several products. You may be aware that a few years ago, the hard disc encryption tools like Microsoft Bitlocker, McAfee Safe boot and host of other products got broken. In fact, iViZ was the company which discovered this and presented in Defcon in Las Vegas. We’ve also broken the BIOS security of Intel, HP and Lenovo.

You may also have heard that there was news on how anti-virus could be used as a door for a hacker. Again, iViZ is the organization which discovered this. We broke products like AVG, Sophos and many others. In fact, we have broken products of Computer Associates, Symantec and probably at least one product of most good security companies.

iViZ works with more than 250 customer and 30 partners across the world. Several organizations like TCS, NetMagic, nRuns Germany, UBM Netherlands, Denyall France etc has partnered with iViZ. We work with major banks, telcos, online companies and large enterprises like HSBC, ING, Vodafone, Oracle, Fiat, Deutsche Post (German Post) etc.

Where do you see information security and iViZ five years from now?

The information security market would obviously grow. It is something which the industry cannot live without. Application testing market is at the nascent stage and is growing rapidly at 17.9 CAGR.

As an organization, we would like to build a business that’s worth 40 to 50 million USD in the next 5 years.

However, the bigger dream is to change the way penetration testing is done. Today’s approach of conducting penetration testing either lacks in quality or is non-scalable. We need a different approach to solve the problem. We believe that hybrid penetration testing on the cloud can solve the problem of quality and scalability. Our dream is to make this happen!

What is iViZ’s revenue model? Also, you’ve been funded about two years ago. How was that fund infusion utilized?

iViZ provides subscription-based penetration testing for applications via the cloud. Organizations can subscribe for penetration testing and get it done whenever they want. They don’t need to buy any software or hardware or hire consultants.

iViZ also works with partners to launch their own branded cloud-based penetration testing so that they can scale their revenue while maintaining zero operational cost. We work with security consulting organizations, data centers, managed service providers and resellers on a revenue sharing model.

In 2008, IDG Ventures invested 2.5 million USD. After raising the Series A fund, we used it to build the SaaS infrastructure so that we can start offering the cloud-based penetration testing business. We used the capital to build the senior management team, build global presence and strengthen our technology.

As an entrepreneur, what are your joys? What are the challenges?

As an entrepreneur, the joys are in overcoming challenges, solving problems and bringing in success for customer, team and shareholders. I find the journey equally important as to reaching the goal.

Every day, I get to learn something new from the people around me irrespective of their positions or backgrounds. The joy of learning something, building something unique and path breaking keeps me moving. For me, it’s not just business success but the way I achieve it is also very important.

Our dream is to change the way penetration testing is done so that we can solve this challenge of false positives and lower quality automated reports. I find joy in challenging the status quo and making things possible which are seemingly impossible.

There are several challenges as an entrepreneur. Right now, scaling is an interesting challenge and I believe we’ve got the fundamentals in place and that we’re are demonstrating good progress.

At times as an entrepreneur, it becomes lonely. I am very passionate about people and I love my team and people around me. However, I have faced where I’ve needed to take decisions which goes against individuals and that’s when you start losing them from being near to you. This is an interesting challenge where probably one needs to learn on how to balance and accept this hard reality. One can probably not keep everybody happy every time and being comfortable about it is something which I need to learn gradually.

How big is the iViZ team? Are you looking at hiring?

We are around 55 in terms of team size. Our American operations are headed by Scott Bradley, who holds a Masters in AI and robotics from an Ivy League school with more than 20 years of experience in heading business in USA with companies like Oracle, Sun, Network Intelligence etc.

Our Europe operations are headed by Kevin with more than 25 years of experience in building business from scratch with companies like BrightMail, WebRoot etc. Our engineering is headed by Arnab Chattopadhyay, who has more than 15 years of experience with BT in building their SaaS platform.

We are aggressively hiring people in sales, online marketing, engineering and application security testing.

How has the journey been so far? Also, let us know about your expansion plans.

We already have offices in Boston, London and Bangalore. We have presence in more than 20 countries through our partners. Our goal is currently to focus on USA and Europe and make the business successful. We are aggressively building our sales team and are expecting to grow more than 200 percent in terms of team size this year.

We have more than 250 customers and 30 partners across the globe. Our offering of on-demand application testing is quite popular with our customers as well as partners. Our partners can now scale their security testing business at zero operational cost. They simply love us since we make their life simple and help in increasing revenue and decreasing cost. Last year, due to recession, organizations were signing more of one-time deals. However, there is a reverse trend now where most of our customers are going for multi-year deals.

We at YourStory wish Bikash and iViZ all the very best. To know more, check out www.ivizsecurity.com.  Also, do let us know what you think of this story. You can write to us at feedback@yourstory.in.

Sriram Mohan | YourStory | 5^th May 2011 | Bangalore

Tell us about Costnomics.

In one sentence Costnomics provides the CIO’s with the knowledge needed to gain control over expenditures, helping them run IT like a business through improved cost transparency and enhancing service delivery. Our company is a delivering SaaS based IT Financial Management establishing a strong foundation for the  understanding of the economics of IT and, assisting CIOs  get better control over the effectiveness of their enterprise IT spend. Our goal is to significantly improve the knowledge and decision making capabilities of IT Organizations, far beyond what is achievable today with existing solutions and methods. Costnomics delivers a true bottom-up costing capability built on a lean Activity Based Costing(ABC) methodology.

What are the services/products that you offer?

We deliver a next generation product for the emerging IT ecosystem handling trends, such as consolidation, virtualization and cloud. Costnomics is a suite of four tightly integrated products:

Service Cost Management (SCM) delivers an integrated approach to the build of IT service costing and enables IT to benchmark its services against internal and external industry benchmarks. SCM delivers a powerful, innovative and forward thinking method of linking Financial Planning to Business Strategy, leading to predictive IT budgeting and forecasting.

IT Investment Management (IIM) is a set of Innovative Decision Support tools designed to assist the CIO make the most informed IT Investment decisions. IIM provides enhanced modeling of the projected Total Cost of Ownership (TCO) of IT services, Return on Asset (ROA) and Operational Run activities, providing continuous improvement opportunities.

IT Performance Management (IPM) is a Business Intelligence Framework that provides an integrated view of IT and its performance.

IT Charge Management (ICM) provides an enterprise chargeback or show back solution for IT. ICM enables the tracking, allocation and control of costs.

Costnomics also offers a managed service to take care of the data management needed to maintain cost transparency. Our solutions can also help CIOs better understand and predict the financial aspects of many types of strategic initiatives, for example Data Center Consolidation, Cloud Enablement, Virtualization and Application Rationalization.

What is Costnomics’ differentiator in the market? How is it different from other players?

Before I answer this question let’s try to understand how the industry has tried solving this problem over last few years. IT Finance historically has allocated IT costs to cost centers with nearly always, the costs being treated as uncontrollable in the P&L statement. The traditional method, that existing market solutions use today to make costs controllable, is to define the services and cost them. The methodology used is purely assumption based. We also hear from the current solution players that they believe that there is no need to get to the actual details, as it will not provide value.

We have a completely different view on the solving of this problem. We use the “bill of material” costs to create “an accurate bill of IT”. If we use the analogy of a manufacturing company, there are benefits from a complete view of the raw materials costs required to manufacture their products and the associated overhead.  Similarly, the Costnomics solution builds a bill of materials view of IT Services.

In addition, we treat financial models for each technology as different. For example, the Costnomics methodology ensures that the way physical storage is modelled is specific to the storage domain and would be different to the costing of a physical server in the Server domain. The basic concept remains the same but the business rules are different. You may hear the term “Bottom-up Costing” from every other provider however, the truth of the matter is that we are the only true provider of this methodology and, we can prove that by the intelligence and value that our solution delivers to customers.

How did the idea for Costnomics come about?

Costnomics has a number of Industry IT Financial Management practitioners who have led several Financial Transformation and Transparency initiatives, and more recently led a Financial Transparency initiative for the largest Investment bank in the US.  After seeing gaps in existing IT Cost Transparency solutions and, in conjunction with listening to many other company leaders, we decided that we had enough experience and know-how to do it right ourselves and to bring a high value solution to the market. Our Investment Banking experience showed us the importance of insightful analytics and the matching of these analytics with the most complex of problems, the  economics of IT.

Tell us about your background. Do you have a co-founder? How did you guys meet?

My partner and I share a common background and have a deep passion for IT Financial Management. We have both solved IT cost transparency issues and challenges in large global companies. However, our approach and perspectives have been different. My partner has been working within Fortune 100 companies and solved the problem as an insider, whereas I have worked as consultant to Fortune 100 companies helping them solve it from the outside, using Industry best practices. We have a combined experience of over 40 years and met while working together for a leading Asset Management organization. As I said earlier, we both realized that there were tremendous opportunities in the development and bringing of an IT Financial Management solution to the market that actually solves the problems of IT today. We bring both industry experience and an understanding of the challenges that IT is currently facing and we know what it will take to be successful in these transformation initiatives.

Let us know about the tie-ups that you have (if any). Is there acceptance for your concept? Can you give us some incidents to illustrate the same?

Technology partners are critical in providing complementary offerings in the Financial Management environment. Costnomics is working to forge strong relationships with technology providers like Microsoft, giving us the opportunity to enhance the total user experience. We are thoughtfully expanding our partnerships with our strategic and technology providers. To help us satisfy customer demand for greater ITcosttransparency the partnerships include IT Infrastructure and Service providers, System Integrators and Consultants.

Typically we start working with our customers on understanding one aspect of their technology financial structure. Once the high value of our solution is understood our customers are keen to gain transparency into more and more of their IT costs, until complete IT cost transparency is established.

Where do you see Costnomics five years from now?

Our goal is to be the first choice for customers in the IT financial management solutions market, retaining the most capable staff, working with the strongest partners and, offering highest ROI for our customers.  As a trusted partner to our customers provide powerful accurate analysis and intelligence into all Business IT decisions.

What is the company’s revenue model?

Costnomics offers a SaaS or traditional on-premise licensing model. We offer flexible deployment models to meet the needs of our customers. Our licensing models are extremely adaptable for example, we enable the CIO to understand simply the storage economics or undertake a complete Data Center Consolidation costing. Our aim is to provide sustained value to our clients through the provision of powerful financial intelligence and decision support tools.

Did you fundraise to start up?

We are generating revenue and our costs are very controlled.  We are self-funded today and, have had early discussions with a handful of venture capitalists. It is important to us to find the right partners for long term success.

Do you have any plans to fundraise?

Yes, fundraising is critical to our success in growing our market share globally.

Who are your clients? How difficult was it to acquire your first few clients?

Our customers and prospects are G2000. Of course, there are always going to be challenges initially, but we know that there is great deal of focus on this space by CIOs. Sometimes on the ground there is a perception that there is no problem or if it is understood there is one, that it is seen as too difficult to solve. Our competitive advantage is our complete customer focus, problem understanding, agility and know-how in the IT Financial Management space.

Costnomics aim is about bring genuine IT financial transparency to organizations. We work with both the Business and IT to build an extensible IT financial model that will deliver real fiscal visibility into IT expense. You will appreciate at this stage of our business cycle we are not be able to disclose our beta customers but we can tell you that they are all multi-billion dollar companies who have huge IT investments.

As an entrepreneur, what are your joys? What are the challenges?

The best thing about being an entrepreneur is the level of satisfaction you get from creating solutions to solve really hard problems, for our customers. We are passionate about our suite of solutions and get an adrenaline rush when we are able to deliver cost transparency to our customers. We have a very strong team that has worked together for many years. Our people are working in US, UK, Australia and India. We span multiple markets and this keeps us open and available to our customers 24 x 7.

We are faced with challenges of course, staying focused, to keep the ball moving and not get bogged down. A challenge is the realignment in the way that I think. As an entrepreneur I need to have a different mindset compared to when I was working for a company. Today I need to focus on the activities that can create value, return on investment and make my product of worth to my customers.

How big is the team? Give us some info on team composition. Number of people, their backgrounds. Are you looking at hiring?

Costnomics is a young software company with less than twenty staff today. We are hiring a carefully in India and in the US.  Our team consists of seasoned Consultants, IT Executives and Developers. We are looking for people to join us who are very bright, highly motivated and have a deep passion to work in an exciting startup culture.

Let us know about your expansion plans.

Today our business focus is in the US and Europe, as many of the G2000 companies are in these two geographies. There is a major expansion in IT taking place in Asia and in the medium term we will look to expand our presence in Asia. However, we always welcome contact from companies throughout the world who are interested in solving their IT Financial Management challenges.

Would you like to share something else with us?

There is an interesting trend in the market today with lots of noise around cloud computing. Estimates by analyst put the cloud market anywhere from $56B to $150B, by 2014. We have worked with some clients who would like to move to cloud but do not fully understand their current costs. The vendors will always find a business case justifying the need to move to cloud. Our cost management and investment solution helps a customer to understand their current costs and create what-if scenarios for enabling technologies like “cloud”. We foresee, that as customers move to the cloud they will realize that it’s not a one-size-fits-all approach and, there is a pre-requisite to cost their internal services before reaching out to a cloud vendor. This is where Costnomics can give CIOs the power not only make right decisions but also defend their decisions with factual data.

We at YourStory wish Costnomics good luck as they plan to scale. Let us know what you think of this idea. Please write to us at feedback@yourstory.in