Offering a targeted seamless Cyber Security, Threat Intelligence software-as-a-service platform has been crucial to Apvera’s growth in the financial services industry (FSI) across the Asia-Pacific region.
Speaking to Telecom Times. Apvera sales VP Doug Farndale said the firm - which launched in 2014 - had first set out to build the platform itself. “We’re essentially a cybersecurity threat intelligence SaaS platform, we’re about to launch version 4.5 which will introduce a brand new governance, risk and compliance module,” he added. “We started demonstrating this functionality at the recent RSA conference, and received very positive feedback from potential customers, partners and competitors.”
Farndale noted that from a go-to-market point of view, Apvera largely focused strategically at FSIs in Singapore and Hong Kong. “For our initial foray into security sales, we focused on the highly regulated market segment of FSI,” he said.
“We have enjoyed much success in mid-market Hedge Funds, Asset Management, and family offices, because they’ve historically been underserved,” Farndale said. “Once they experienced our cyber security services and integrated Security Operations Center, many of the customers have asked us to extend our services to manage their infrastructure, voice and applications environments.”
“We have a platform of sensors,” said Farndale, adding “we have a network sensor called Beacon; we have a file server sensor called Pathfinder, and we’re just launching a Windows-based endpoint sensor called HawkEye.”
He explained that with the platform’s three-pronged sensor capability, the firm’s key offering provided improved visibility in the network; as well as file, application and website activity.
In addition, Farndale noted, the platform features monitoring for encrypted and zipped files being downloaded onto devices which can carry malicious payloads.
“We see every device in the network,” he continued. “The first thing that happens is, the network sensor finds everything in the network. If you compare that against your Asset List or your whitelist of corporate devices, you can immediately identify rogue devices.”
He emphasized that the Apvera proposition, essentially, has to be - and is - a software-as-a-service offering. “[It’s] also a mash-up of technology and humans,” said Farndale. “Through experience we have found that we’re providing real-time risk assessments of all the devices, giving each device a predictive risk score, which over time creates a unique digital signature of the behaviour of that device.”
He said this particular function proved to be crucial for uncovering possible zero-day exploits, attacks and insider threats, which he stressed were very hard to detect.
“If we can map the typical pattern of work behaviour, week to week, and we capture this over a six-month period, then we can analyse the data to spot anomalies,” he said. “Say a malicious actor hijacks a trading platform at 4 o’clock in the morning, we can check whether the traders mobile phone is in the office at the same time. If his mobile phone isn’t there, there’s a strong possibility someone has compromised his credentials and is using the system to achieve their own ends.”
In terms of Apvera’s outlook, Farndale said the company’s near-term focus would be directed increasingly towards the expansive European and US markets.
“Europe right now is going through a GDPR tsunami,” he said. “We sold our first deal into the UK about six weeks ago, so we’re on the lookout for partners across the UK. We’ve got a couple that we’re already working with.”
Farndale said exhibiting at the RSA event in San Francisco had afforded the firm industry endorsement from peers and prospects around its own specific identity-based approach to threat intelligence, risk and compliance. “[It] helped kicked off our acquisition of customers and partners in the US,” he said. “We feel extremely fortunate to have received such positive feedback across the board.”