ICE71 x RSAC 365 Innovation Showcase: Frontier Technologies of Adaptive Security

ICE71 x RSAC 365 Innovation Showcase: Frontier Technologies of Adaptive Security

ICE71 is proud to bring our start-ups to the global stage!

On 19 August, ICE71 partnered with RSA to host the August RSAC 365 Innovation Showcase. This session brought together an expert panel to discuss the Frontier Technologies of Adaptive Security, with a focus on API Threat Intel sharing, Graph Neural Networks and methods for securing legacy applications in DevSecOps. This was followed by two pitches by ICE71 start-ups – Aiculus and Scantist – who presented their groundbreaking ideas in the adaptive security space.

The panellists were:

  • (Moderator) Rajiv Menon – Managing Director at Cisco Investments and M&A for Asia Pacific and Japan
  • Dr Ong Chen Hui – Cluster Director for Technology Development, Infocomm and Media Development Authority
  • Mark Kraynak – Founding Partner at Acrew Capital

Breaking through the Complexities of Cybersecurity

As an expert in Graph Neural Networks (GNN), Dr Ong shared that GNNs are a method of machine learning designed to perform inference on data described by graphs. Graph processing has gained popularity and its usage is expected to double every year from 2019 to 2022. GNNs can be used to solve a variety of cybersecurity problems due to its pattern recognition. For instance, automating detection of botnet attacks and cybersecurity vulnerabilities.

Mr Menon also talked about the problem on the lack of application security experts as compared to developers. Mr Kraynak added that , this problem is due to the fundamental disparity between the two roles. Application security experts face a fundamental problem: the sheer number of alerts and connections to deal with are overwhelming. He believes that the best way to tackle the problem is to automate the process of meaningfully integrating threat intelligence into the right parts of vulnerability management – and this is an area where novel solutions and technologies are much needed.

Following this, Dr Omaru Maruatona, founder of Aiculus and Prof Liu Yang, founder of Scantist, took the stage to share how each of their solutions reduce organisations’ reliance on the expertise of security teams through automation and machine learning, thereby bringing much-needed value to the adaptive security space.

Watch their pitches below, or find it on the RSAC Innovation Showcase page!

Aiculus is an ICE71 Scale start-up which leverages artificial intelligence to provide adaptive and intelligent cybersecurity capabilities for businesses that use application program interfaces, or APIs. Their solution defends the organisation’s API stack without having to access users’ data, offering an additional layer of privacy to customers.

Scantist is a member of ICE71 Accelerate’s fourth cohort. The start-up has developed an application security tool that manages open source vulnerabilities and helps enterprise clients improve compliance on the application level.

Notes from InnovFest 2021: How to Keep Cybersecurity out of Jeopardy

On 14-16 July, ICE71 took part in InnovFest x Elevating Founders, the official start-up event of Asia Tech x Singapore (ATxSG). Industry experts were invited to participate in a panel discussion hosted by ICE71 on the rise of cyberattacks making headlines.

Moderated by Linda Nguyen Schindler, ICE71 Programme Head, the panel session provided critical insights into recent incidents that put cybersecurity in jeopardy.

The participating panelists were:

  • Abbas Kudrati – APC Chief Cybersecurity Officer at Microsoft Asia
  • Doug Witschi – Assistant Director, Cyber Crime Treat Response at INTERPOL
  • Magda Chelly – Head of Cyber Advisory at Marsh Asia
  • Selwyn Scharnhorst – Director, Ecosystem Development at Cyber Security Agency (CSA)

To begin the discussion in a fun and interactive manner, the panelists were tested on their knowledge of recent cyberattacks in a refreshing format, inspired by the classic American game show, Jeopardy!. Incidents named included the Colonial Pipeline Ransomware attack, JBS Meat Plant Ransomware attack, SolarWinds breach and a classified malicious attack on a national healthcare system.

ICE71’s first-ever game show. Up for challenge? Give this a try.

Here are some key points made during the panel discussion:

Firms are still lacking the basic hygiene and fundamentals of cybersecurity: Cyberattacks that crippled organisations did not involve sophisticated methods of attack, said Mr Kudrati. It was a laissez-faire attitude to cybersecurity that had left organisations vulnerable to simple and common methods of attacks (such as SQL injections and brute force attacks).

The stark reality is that companies are still putting cybersecurity on the back burner. “History doesn’t exactly repeat itself, but it rhymes a lot,” Mr Scharnhorst said. The main cause of such incidents can often be attributed to the lack of proper cybersecurity hygiene and awareness. Companies with these basics in place would have eliminated their risks at the most fundamental level. On raising awareness, he added that conversations on cybersecurity should not stop at the top, but continue at all levels to empower every employee in the organization.

Dr Chelly further pointed out that the quantifiable impacts of ransomware attacks are not limited to just the ransom amount, but also the damage caused by business downtime (loss of profit, and accumulating operational costs), legal liabilities and more. To put things into perspective, it would be more expensive to remediate losses than to implement cybersecurity protection. Prevention is definitely better than cure.

Common misconceptions about unaffordable cybersecurity costs: Cybersecurity could be expensive – but not always. It was raised in discussion that many economical cybersecurity solutions are readily available on the market. Furthermore, the Singapore government has made it more accessible for SMEs by providing grants for a list of pre-approved solutions. Organisations should look for solutions that fit their cybersecurity budget by weighing their risk appetite and quantifying the potential financial loss of an attack.

To pay or not to pay: This is the conundrum faced by many ransomware victims. There is no silver bullet for reversing a ransomware attack. “Paying a ransom would be equivalent to financing the criminals,” said Mr Kudrati. Ethics aside, paying the ransom would not guarantee hackers to hold up their side of the bargain. In addition, hackers would typically try to maximize profit through a multi-pronged approach. Hackers would first demand ransom from affected organisations. Then, they may seek ransom from individuals involved to exclude their personal data or IP from further exposure. Finally, hackers might even sell the stolen data to the organisation’s competitors!

How should organisations respond to a ransomware attack? Mr Witschi advised organisations to come forward and share the incident with a trusted cybersecurity community, as there could be solutions available to remediate the attack. Threat intelligence sharing would also help experts identify how the organisation has been impacted and take aggressive steps to contain the attack.

ICE71 is proud to be a part of InnovFest 2021. Miss the panel discussion? Watch the recording below 👇🏼

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

Interview with Pankit Desai, co-founder and CEO of Sequretek

We speak to Pankit Desai, co-founder and CEO of ICE71 Scale start-up Sequretek, one of the Financial Times’ most promising APAC companiesand more recently a RAISE2020 awardeeabout what it takes to get to such business apexes.

Q: What do you do at Sequretek?

I am co-founder and CEO at Sequretek, with primary responsibilities around business development, operations and fundraising. Prior to Sequretek, I have had leadership stints with IBM, Intelligroup, NTT Data for over two decades.

Sequretek offers solutions in Endpoint Detection Protection and Response (EDPR), Identity Governance and Administration (IGA), and Managed Detection and Response (MDR). A combination of our products and a 24×7 managed security services, covers majority of the problems that an enterprise might encounter.

Q: Can you share an example or two where Sequretek has helped your client to achieve simplicity in terms of security? 

Let me take two examples on opposing ends of a size spectrum.

One of the largest private sector bank (5,000+ branches) with over 125,000 employees and 700+ applications/services was struggling to get an answer to this question of “who has access to what”? They tried implementing traditional identity management solutions, but after spending a few million dollars and over two years, their coverage was barely 5% of the technology landscape. They evaluated Sequretek’s IGA and they were able to implement the product in six months and have covered more than 50% of the technology landscape, with balance being targeted for completion within the year. Their compliance organization which used to scramble resources every year before the regulatory audit or User Access Review requirements, now is able to get all of it done through a simple dashboard report.

India is home to over 1,500 co-operative banks. Most of these banks are in the rural areas and serve the farmers and poor people. These banks have been the backbone through which most of the government schemes for underprivileged get distributed. Over the past few years, these banks have invested in technologies to stay abreast of the transformation that is impacting the sector, and with it there have been several high profile cyber breaches. There is now significant pressure from the local regulator to invest in security to mitigate the risks. Most of these banks, lack skillset to understand what security measures they need to undertake to improve their security. We worked with their industry body to create a program that build a security framework around offerings that allowed these banks to improve their compliance and security posture without burning a hole in their pocket. The program had several technology awareness sessions, across the hierarchy, that were baked in to improve their appreciation of technology, till date over 1,000 people have undergone this training.

Q. Sequretek was rated as one of APAC’s fastest growing companies by the Financial Times for 2020. Congratulations! Can you share with us what got you here today, perhaps your business mantra for aspiring cybersecurity entrepreneurs?

Early this year Financial Times picked us as one of the fastest growing companies (#206/500) in APAC and just very recently, we were recognized as a winner in the category of tech centric companies sector agnostic applicability, at RAISE2020 a global AI event hosted by the government of India. While the first one was all about the financial success of the company, the second is a vote of confidence on our technology and ability to execute in the marketplace.

As an entrepreneur, it is indeed quite redeeming to see the company get to where it is today. While it may sound cliched, our mantra has always been “do right by your customer” and the rest will follow. We have put that thought process into practice and I am proud to see our customers’ stand by us through thick or thin. It doesn’t matter how good your product is, or how good of a team you have built for yourself, if you are not in a position to get a happy customer, it will not get you anywhere. As a company, we have barely spend any money in marketing, it is customer referrals that have allowed us to scale year on year.

Q: How is the cybersecurity sector like in India and Singapore, are opportunities and challenges the same? What are prospects you see in Singapore and the greater APAC region?

For most part cybersecurity in industry and geography agnostic, this has allowed most companies in this space therefore to scale without much requirements for localization as compared to some of the other technology areas. Having said that, there are nuances from a tech maturity levels perspective and local regulatory norms, that may change how customers in different parts of the world perceive the need for security. In India, you will find companies at the top end of the spectrum who have used technology to differentiate themselves at global scale and are understandably quite ahead in their security journey. On the other hand there are millions of small and medium enterprises for whom security is almost an alien concept, which is where most of the recent attacks are concentrated.

If I was to look at APAC region, one will find companies in Singapore for most part will be well versed in technology usage and a much better appreciation for the need in investing in cybersecurity. However, there are countries in south east Asia that are not at the same level, and the challenges that I mentioned earlier will definitely be present. I see our message of “Simplify Security” resonate across the region, for this very reason.

Q: Describe cybersecurity in less than 30 words.

Cybersecurity is an enabler to your transformation and not an inhibitor.

ICE71 x GovWare Focus 2020

GovWare Focus 2020 Virtual Conference and Exhibition, themed “Partnerships in Resilience and Advancement”, took place on 7-8 Oct. ICE71 was proud to be a Supporting Association for this major cybersecurity event and be a part of the first virtual GovWare-ICE71 Startup Pitch Pit.

Of all the virtual platforms we have been on so far, we must say that this conference had the best aesthetics, and we could sense the organisers putting a lot of effort in providing a unique experience. Moreover, we had many exciting things going on for us across the two-day conference!

First, there were the virtual booths at exhibition halls. ICE71 had our booth in Hall 3, and our start-ups 689Cloud, Cylynx, Digify, Red Piranha, Uniken, and WeSecureApp had their booths in Hall 4. It was a one-of-a-kind experience staying behind the screens while manning booths with avatar-like “representatives”. Through the booth chat function, we had fun interacting with visitors.

The ICE71 team caught up with our start-ups who had booth presence at GovWare Focus 2020

And on 1st Oct, at the Auditorium, we had the first virtual—albeit second—GovWare-ICE71 Startup Pitch Pit. Its first run was at SICW last year and the winner was Cyble.

Hosted by Linda Nguyen Schindler, ICE71 Programme Head, the 2020 Startup Pitch Pit featured four up-coming start-ups from the ICE71 community – each of the founders got onto the virtual stage to pitch their solutions:

  1. Val Bercovici of Chainkit, a cybersecurity start-up pioneering extended integrity monitoring for security, forensics and compliance. Customers report 39% of cyber attacks are undetected. Stealth technology heavily used by professional attackers, uses techniques invisible to leading cyber security tools today. Chainkit’s first to market SaaS solution lets customers wrap unbreakable digital Chains-of-Custody around all key systems and data, on premises and in the Cloud.
  2. Mitali Rakhit of Guardara, a technology company focused on building scalable, automated, smart software testing solutions to improve quality and security. Our first product, FuzzLabs, is a modern, powerful, and flexible smart fuzzer that utilizes “black-box,” dynamic testing to identify code defects, including vulnerabilities. We are a seasoned team with over 15 years of experience working for Fortune 500 companies and government organisations.
  3. Fabian Eberle of Keyless, a deeptech cybersecurity company founded by renowned security experts, experienced technologists and business leaders, bringing more than 10 years of research to life. Keyless is pioneering the world’s first privacy-preserving biometric authentication and personal identity management platform, combining multi-modal biometrics with advanced cryptography in a distributed cloud architecture.
  4. Sujeesh Krishnan of Kinnami, a cybersecurity start-up that provides a hyper-resilient data platform, AmiShare, that integrates data security, data protection, and data availability to help organizations combat growing cyberattacks and other disruptions. AmiShare secures data so that they can be accessed securely, efficiently, and with confidence about their integrity, on any storage device or platform. AmiShare also provides audits and alerts that enable proactive threat management.

The goal of the Pitch Pit is for start-ups to get real-world feedback and gauge potential interest in their cybersecurity solutions, from its distinguished panel of judges including:

  • Huang Shaofei, CISO at Land Tansport Authority of Singapore (LTA)
  • Tan Wee Yeh, Manager, Security Architecture – Customer Success at Microsoft
  • Steve Ng, Vice president, Digital Platform Operations at Mediacorp

After the start-ups went through 5-minute pitches and gruelling Q&A from judges (and the audience!), it was time to decide the winner. While the judges deliberated, pitch pit host Linda engaged the audience with an interactive cybersecurity trivia.

Judges had a challenging time deciding the winning start-up, as all of the pitches were good. But after considering various factors, including how innovative the start-up solution was and performance at Q&A, they decided that the winner of this year’s GovWare-ICE71 Startup Pitch Pit (drumrolls): Keyless! Congratulations to Fabian and the Keyless team!

First row from left: Pitch pit judges Huang Shaofei, Steve Ng, and Tan Wee Yeh. Second row from left: Start-up founders Val Bercovici (Chainkit), Mitali Rakhit (Guardara), Sujeesh Krishnan (Kinnami) and Fabian Eberle (Keyless, pitch pit winner)

If you are an organisation looking for innovative cybersecurity solutions or an aspiring cybersecurity start-up searching for insights on how your product will fit the market, please reach out to ICE71 and don’t miss catching the next pitch pit.

“In these dynamic times, it is becoming increasingly important for our cybersecurity community to come together in collaborative endeavours. We need to mobilise our strengths to propel cybersecurity resilience forward, especially in a COVID-19 world. Being the region’s first cybersecurity entrepreneur hub, at ICE71 we continue to carry the torch for cybersecurity entrepreneurship, seeking out great partnerships that can create impactful platforms for our start-ups to succeed and thrive.”

Through GovWare Focus 2020, our goal is to generate more awareness on cybersecurity entrepreneurship and on how start-ups are uniquely positioned to meet the rapidly changing demands of cybersecurity.  From ICE71 and our start-ups having an online presence at this premier event, to the first-ever virtual GovWare-ICE71 Start-up Pitch Pit, we are proud to be a Supporting Association of GovWare Focus 2020, and look forward to future partnerships together.” – Linda Nguyen Schindler, ICE71 Programme Head

See you next year!

ICE71 x Black Hat Asia: Hunting Cheese in Pandemic Pandemonium

ICE71 was a proud Association Partner of Black Hat Asia 2020, a signature technical cybersecurity conference that had happened in virtual format for the very first time.

On 1st Oct, founders and leaders across four ICE71 Scale start-ups were featured in the exclusive ICE71 x Black Hat Asia panel, “Hunting Cheese in Pandemic Pandemonium”. Joseph Gan, successful entrepreneur of homegrown cybersecurity start-up V-Key, moderated the panel. It discussed how agile cybersecurity start-ups can add value and reposition themselves during these dynamic times. The expert panel comprised:

  • Hrishikesh Dewan, CEO and co-founder of Ziroh Labs, a start-up providing advanced privacy preserving technologies without requiring data decryption,
  • Prof Yu Chien Siang, a veteran in the Singapore cybersecurity space and Chief Innovation and Trust Officer of Amaris.AI, a start-up that deals with the latest AI tech including adversarial AI, 
  • Kumar Ritesh, CEO and Founder of Cyfirma, a threat discovery and intelligence start-up funded by Goldman Sachs, and
  • Pedro Hernandez, Managing Director and Co-founder of Build38, a start-up that protects the mobile channel for their customers—mainly banks and service providers who use mobile applications.

Key panel takeaways include:

Accelerated business transformation encourages cybersecurity uptake. Start-ups like Ziroh Labs and Cyfirma, which have solutions catered to or can be adapted for cloud security, have experienced customer interest. Ritesh from Cyfirma quipped, “Cybersecurity all of a sudden became an urgency,” and later adds, “As soon as the lockdown has started to happen, they (clients and prospects) started to come back to us asking and worried about their data.”

Changes to business approach. Build38, for example, is taking a more tactical approach to their business messaging when it comes to helping their clients continue to thrive. Co-founder Pedro said they have shifted the client communication from achieving strategic goals (like preserving brand reputation and avoiding long term risks), to more tactical and short-term goals (like quicker time to market, reduced investment, and optimised resources).

Start-ups have also seen a shift in their target customer segments during COVID-19, as smaller businesses and end user demand for cybersecurity increase with the shift to remote working. According to Hrishikesh, co-founder of Ziroh Labs, “In most of the earlier part of 2019, we were mainly concentrating on the Fortune 100 to Fortune 1000 companies. But now we have pivoted a little towards SMEs as well. So that we can cater to all the different markets, and at a more faster pace.”

Educate, not sell your customers. Traditional methods like trade shows and meeting for a cuppa to grow business no longer apply—something the panelists agreed across the board. Digital marketing and content building is becoming prevalent when it comes to the need to engage customers during this time. “From Cyfirma’s perspective, at least, we have started to push a lot of educational, I would say, awareness programs to our potential clients and customers, as well as to the wider cybersecurity community,” Ritesh said.

“Hunt in the pack”. The panelists also agreed with the notion that cybersecurity businesses should work hand in hand together towards cyber resilience. Prof Yu of Amaris.AI urged local cybersecurity companies to join forces and leverage on their respective strengths: “We don’t have to just win as a party, we should win together. We have to be (hunting) in the pack. I took this story from Mr. David Koh who’s leading CSA—he said that we have many small companies, and unlike other companies like those in Taiwan and (elsewhere), where they all work together, Singaporean companies are fiercely competitive. They don’t have this idea that we will work with each other. We must change that.”

ICE71 Scale start-up leaders with moderator Joseph Gan of V-Key, at the ICE71 x Black Hat Asia 2020 live panel. Panelists discussed and gave their perspectives about how their cybersecurity start-ups are pivoting and adding value during these times.

In addition to the live panel, ICE71’s half-day digital conference, “Cybersecurity in the light of COVID-19” which comprised three back-to-back webcasts, was open for on demand viewing by the Black Hat community. The webcasts touched across different cybersecurity topics such as 5G / IoT security, Cloud Security as well as the human factor of cybersecurity.

ICE71 had a virtual booth over the four-day Black Hat Asia conference, where attendees could drop by, chat and interact with the ICE71 team to learn more about the region’s first cybersecurity entrepreneur hub (interestingly, Cyber N’US was on 2 Oct, which coincided with the last day of Black Hat Asia—ICE71 also had a virtual booth there). Having a virtual conference presence was overall an interesting, albeit new experience for most of us—definitely different from a physical conference experience, but with possibilities to know who’s who at the event, and connect with people whom we may never have brushed shoulders against otherwise. We could spark off meaningful “chats” and set up virtual meetings on the digital platform itself.

Looking forward to the next event!