Indusface CEO Reveals Strategies for Global Cybersecurity Leadership


In an exclusive interview with TimesTech, Ashish Tandon, Co-Founder & CEO of Indusface, shares insights into the company’s journey to becoming a global cybersecurity leader, emphasizing key strategies and tailored solutions for diverse sectors.

Read the full interview here:

TimesTech: Can you summarize Indusface’s journey to becoming a global cybersecurity leader and highlight key strategies that fueled its growth?

Mr. Ashish: We had a significant experience in the security domain, including an exit from one of our earlier companies to a large security product leader. One whitespace that we consistently observed was that security software is unlike traditional software, such as CRM, for example, where vendors can sell a product and be content with it. Managing security software is highly complex, with an acute shortage of skilled manpower. Right from the start, we built Indusface with that insight, and looking back, we are extremely proud that we now help 5000 customers across 95 countries.

TimesTech: What specific measures does the company take to ensure that signing distributor agreements align with its core values and growth objectives?

Mr. Ashish: Our DNA has never been that of a growth at all costs company. By staying true to fundamentals of profitability and metrics like CAC payback and NRR we were able to pivot faster and avoid costly mistakes. One significant growth lever has been us signing large distributor agreements in India, middle east and the US. Security software also is characterized by a lot of partner-led sales and these agreements have helped us scale efficiently as we leverage partners’ existing relationships.

TimesTech: How does Indusface stay ahead of evolving cybersecurity threats, especially with advancements like AI? Could you share some recent challenges and Indusface’s approach to addressing them?

Mr. Ashish: We strongly believe in the human + machine argument. Since the beginning, we have utilized managed services alongside AppTrana to safeguard our customers’ websites and APIs. With the integration of AI, AppTrana is continuously evolving to enhance the efficiency of our managed services. Our behavioral AI capabilities have played a pivotal role in countering advanced DDoS and bot attacks, leading to a substantial reduction in false positives.

TimesTech: What are the primary vulnerabilities in sectors like banking and finance, and how does Indusface tailor its solutions to mitigate these risks for its clients?

Mr. Ashish: Banking and finance have been among our greatest strengths. Some of the largest banks, financial services, and NBFCs in India are among our clientele. Given the highly regulated nature of this industry and its stringent compliance requirements, our solution has evolved over the years to ensure seamless compliance. We provide extensive support to these customers, functioning as an extended SOC, particularly during critical audits such as cyber drills mandated by the RBI.

 Last month, we introduced a new capability named SwyftComply, designed to enable CISOs to generate a clean, zero-vulnerability report within 72 hours. This initiative aims to streamline compliance processes. This month, we launched AcuRisQ, a capability that assists enterprise CISOs in prioritizing the most critical vulnerabilities for resolution from among hundreds typically found in large organizations. AcuRisQ is expected to significantly alleviate vulnerability fatigue. We have received excellent feedback from our customers regarding these releases.

TimesTech: As a cybersecurity advisor, what strategies does Indusface employ to protect government and private sectors from cyber threats? Can you highlight effective practices for safeguarding clients?

Mr. Ashish: No matter the organization, cybersecurity is essentially hygiene. Particularly with application security, the key steps are:

  1. Maintaining an inventory of all public-facing applications, websites, and APIs.
  2. Regularly scanning and conducting penetration testing on these assets.
  3. Leveraging capabilities such as AcuRisQ to identify the most critical vulnerabilities for prioritized resolution and SwyftComply to autonomously patch these vulnerabilities on the Web Application and API Protection (WAAP) platform within days.
  4. Monitoring request and response logs regularly to detect any anomalies.

We provide all of these services as a managed service for our customers, ensuring their protection.

TimesTech: How do Indusface’s customized security offerings enhance overall cybersecurity for organizations? What sets Indusface apart in delivering comprehensive security solutions?

Mr. Ashish: We are the sole provider that completes the security life cycle, beginning with discovering websites, apps, and APIs, detecting vulnerabilities, and prioritizing the most critical ones for resolution. We then proceed to protect against vulnerability/zero-day attacks, DDoS, and bot attacks, and finally, we monitor for anomalies. Unlike most security software, which is siloed and consequently leads to shadow IT, false positives, and increased threats due to zero-day vulnerabilities, we ensure a holistic approach. We always prioritize working backward from our customers’ needs for application protection, rather than simply providing a software stack and expecting them to navigate protection on their own. Even in our dashboard, the primary statistic we display is a customer’s protection status as of the current date.