Interviewed By Jan Hogewoning, Mexico Business
Q: Ridge Security was founded in late 2019. What led you to create this company?
NM: We have both been in the IT and cybersecurity industry for more than 20 years. Most of my career was spent developing products, mostly defensive solutions. While we invested vast amounts of resources in developing these products, we could still not prevent data breaches from happening. We realized that hackers do not follow our mindset, they do not follow any rules. For this reason, we needed to have a completely different mindset.
RidgeBot carries out automated ethical hacking to determine a company’s vulnerabilities. Today, many companies carry out manual penetration testing. They get engineers to dig around and find the weaknesses in their networks and systems. This costs a lot and it takes a great deal of time. It can take weeks or even months to penetrate the system. In addition, it is hard to find or train an engineer who can conduct such a level of testing. There is a huge shortage of professionals who can perform quality penetration testing. We provide a machine-learning and artificial intelligence-based robot. The robot is a software that is deployed inside your network. It can penetrate more efficiently and delivers more consistent results.
LZ: To catch a criminal, we have to think like a criminal. Today, we still see a gap between defense and offense in cyberattacks. Hackers use simple tricks, over and over again. One successful attempt and they are in. We wanted to create a tool that mimics these tactics.
At the moment, the potential of AI is accelerating rapidly. Why not apply that to cybersecurity? Our software mimics the potential actions of a hacker, locating, exploiting and documenting findings. By letting it do this task, humans can focus on the really challenging issues.
Q: Other technologies accumulate knowledge on malware threats and improve their response. How does your solution differ?
NM: A company may have a lot of malware samples for defense purposes. They look for signatures to provide to the defense system. Our robot automatically scans an environment. Decisions on how to act depend on the information it collects about the target company. Every company is different. When hackers try to penetrate a network, they start with limited information and slowly build up that picture. Our robot does the same thing. Each piece of new information it finds will drive it to rethink. This is what makes it so powerful.
LZ: When hackers do their job, they also use automation tools. For example, they use automation for port scanning. Another aspect that differentiates our product from other tools in the market is that it carries out the whole range of activities in penetration testing. There are tools out there but they only carry out individual activities, like port scanning, asset discovery and attack surface mining. The disadvantage in that is that a human has to choose which tool to apply in each new step. Our robot can carry out the whole range of activities without human involvement.
Q: Are companies dissatisfied with the cyber-defense technology they have in place?
LZ: Correct. There is a lot of great technology on the defense side. However, the fact of the matter is that data breaches are still happening every day. According to a recent study, an organization has on average 1,400 vulnerabilities in their software, network and devices.
NM: Security is a complex issue. You cannot deal with it by purchasing one product. It requires a lot of process management, as well. Ultimately, you need a layered strategy. We want to be part of the security defense system. In terms of security, you will never have enough.
Q: What is your strategy for the Mexican market?
NM: In our previous jobs, we worked with a lot of partners in Mexico and this is one of the major markets where we are trying to establish. We have also found that many companies in Mexico are eager to learn about new technology from Silicon Valley. We have been talking to some major names in manufacturing, for example, and to our surprise, they are very flexible and open to a new approach to security.
LZ: We basically set up channels with our partners, distributors and resellers. We have a very close relationship with our local partners. Mexico also has a strategic geolocation, given its proximity to the US and its role as a doorway to the rest of Latin America.
Q: How do you demonstrate how effective RidgeBot is?
NM: This is one of the advantages of the product. We can deploy the software and it will generate a picture of what went wrong. This is unlike a firewall, for example, where they can hack you and you still do not know how this happened. We also have our online demo system. This uses industrial standard server or virtual machines that allow customers to observe how the products work. The enthusiasm from potential clients has been overwhelming. In the past, when we spoke to new customers, we would normally have a follow-up from only 10 to 20 percent of them. Over the last couple of months, even without being able to travel, we have had a follow-up rate of more than 90 percent. We have had a lot of virtual meetings where we demonstrate the product and customers want to take the next step and try it.
LZ: Considering that RidgeBot is a piece of software, potential customers can download and install it. It is easy to provide proof of concept without a team at the client’s company.
Q: Which sectors represent the biggest opportunity for this new technology?
NM: I think primarily early adopters: companies that really feel the need to add another layer of security to their system. I am thinking of the banking and financial sector in particular.
LZ: Cybersecurity is very compliance-driven. Each country has its own framework when it comes to data security and data privacy. In particular, the public sector and the banking sector are subject to these laws.
Ridge Security Technology is a Silicon Valley-based company founded in late 2019 that offers a fully automated intelligence security validation robot called RidgeBot. This robot is used to test IT security in companies by replicating hackers’ behavior.