ShellGuard - a name of a start-up that already says a lot.
ShellGuard is the first in the world to offer continuous penetration testing at a reasonable and affordable price.
Penetration testing is for companies to evaluate their vulnerability on the online platform. It allows managers to understand whether the business and its database are safe. If,for example, a company has a website, then it is important to keep the data secure because it often costs millions of dollars to recover if stolen or damaged. It also provides protection against possible embezzlement of funds and suspension of site access (DDoS attack).
The test is carried out using the same tools and means that hackers use. That is, this test is a simulation of hackers' work. It starts with the study of external and internal infrastructures, which exposes the vulnerabilities and threats, recordingtheir possible impact.
Regardless of the size of companies, they all need a penetration test because it is assumed that, for example, the smaller the organization, the more likely it is to be vulnerable. After the test, a report is generated about what is vulnerable, how it has been revealed, and, of course, how to make it secure. The level of vulnerability is also presented - low, medium, extreme. This allows the company to choose what is more important to recover.
Sipan Vardanyan, co-founder and director of the start-up, says: "I and the other co-founder, Vahe Karapetyan, run 1Guard company, which provides a variety of information security services. Since we have a lot of experience in the field - more than eight years - we decided to use it to create a new product. We use the classical approach. We offer information security services and tools that have been around for a long time now and to which the market is already accustomed. However, this new product, which we present as a separate start-up, is unique in its kind. We've created a website where you can subscribe, choose a monthly or annual payment plan and join our platform. There you can register any type of resource, including website, and get our security service.
Our advantage is that this is a continuous check. This check will not happen just once or twice a year. For example, banks order penetration testing to learn about the levels of vulnerabilities and security. This is a part of the Security Audit. Testing takes 1-1.5 months, resulting in a report on vulnerabilities. The problem is that you never know what the problems are in between, if there’s half a year gap between your two tests. Something is changing, some vulnerabilities are growing, but you are not aware of it.
In our case, the good thing is that we are constantly checking - we hack and show how we do it. Additionally, based on certain criteria, we find the organization's most vulnerable time to implement penetration testing. We enter your website, open your page and get data about the current status of the penetration test. You follow what is happening, what we have found and how dangerous it is. If a very serious threat is revealed, the system informs you at once, via e-mail or SMS message. "
One of the advantages of the startup is the low cost of this service. Sipan explains: "We have developed an Artificial Intelligence module, to which we provide a great deal of information. On this basis, the system learns to hack similar to people. Thanks to this, the service we offer is becoming accessible to even small and medium-sized companies. No organization in the world is doing this at a reasonable cost. Average penetration testing of a company is $50-60,000. People do not have the money for that. We make it more accessible without losing quality. That is, we offer the same $60,000 service 50 times cheaper and we do not check onlyonce or twice, but provide continuous checks. All this is possible thanks to our good team and different way of thinking. Scanners are just tools, and tomorrow we may replace them with something else. The more you train the artificial intelligence, the stronger it becomes.”
ShellGuard has no competitors in the market. The idea of establishing the start-up was born only six months ago, and their first customers signed up a few months ago. Companies pay for the service, are satisfied with it, and already suggest it to their friends. The main target is Europe and the United States. They participate in various cyber security competitions and they’ve had great success. For the second year in a row, they’ve won at the PHDay conference in Moscow, which is the most important for CIS countries cyber security. They’re in the top 10 of Google CTF, in 7th place. According to the rankings, they are the 17th in the world in cyber security.
“We’ve studied the market and we know our customers well. Our experience in this field is great and we know what the market wants from us. That’s why it's easy for us to introduce the start up in the international market. We have many connections, especially in Silicon Valley, and we are confident that we will be able to spread quickly. Now there is a great demand also in Armenia. For example, the Central Bank has already declared that all banks must pass an annual penetration test, " says Sipan.
Sipan says the first steps and making preliminary decisions are the most difficult in setting up a startup, and then everything is easy. They started with self-financing, and now are trying to find investors. They have recently become one of the ten winners of the Innovation Matching Grants competition, implemented in cooperation with the Enterprise Incubator Foundation, and won € 50,000.
The team now has 5 members. Sipan also points out the problem of finding professionals. "There are almost no security specialists in Armenia. I and the other founder, Vahe, are trying to improve the situation. We actively participate in OWASP Armenia, ARMSec, and deliver lectures. We try to contribute to the development of the industry in every possible way. "