You are here

Horangi targets SMEs, the most vulnerable to cyber security threats

'It's important to know what works and what doesn't and there just isn't a shortcut for experience. The best way to figure out if you're doing a good job is by asking the folks using your tools, so that's what we do.' - Horangi co-founder and CEO Paul Hadjy

AN OBSESSION with small- and medium-enterprises (SMEs) is what sets homegrown cyber security startup Horangi apart from most other players. Since 2016, Horangi has been helping SMEs develop customised and modernised solutions that are modular, cost-effective, and easy to implement and manage.

Horangi's co-founder and chief executive officer (CEO) Paul Hadjy says that such solutions go a long way in helping SMEs grow quickly and securely. In an interview with The Business Times, he points out that young and mid-sized companies are most vulnerable to cyber security threats.

"We mostly look to SMEs for partnership because the SME space is most affected by the lack of security professionals and the complexity of cyber security findings."

While Horangi also has partners in large enterprises, Mr Hadjy believes that being focused on developing solutions for SMEs allows the startup to build modular solutions that "work in the mid-market and enterprise space".

He notes that cyber security solutions for SMEs today comprise mostly off-the-shelf solutions that make it difficult for SMEs to scale their cyber security defensive practices as they grow. SMEs need to adopt a more modern approach to cyber security, he adds.

Given this environment, Mr Hadjy says that Horangi's objectives are three-fold:

  • Help SME executives make sense of their company's cyber security risk
  • Help SME tech managers monitor their workflow
  • Help SME technical operators ask questions about specific

security tasks

In November 2017, Horangi announced that it has raised US$3.1 million in Series A funding led by Singapore-based venture capital firm Monk's Hill Ventures, in what was a "huge step" for the company's growth, according to Mr Hadjy.

The startup is currently in the process of releasing its second version of the Storyfier, which is one of its three main products. Storyfier, described as an "always-on cyber security command centre", helps companies understand and respond to the vulnerabilities in their environment.

It is said to bridge Horangi's automated products and human-driven analysis into one easy-to-use interface, where CEOs can understand their current cyber risk profile, technical managers can forecast their workload, and engineers can interact with actionable data.

Mr Hadjy says that the improved Storyfier will be more extensible and interoperable with other cyber security products, while still providing the ability to explain risks to executives and give them access to Horangi's team of cyber experts at the click of a button.

Horangi's other products are the Scanner and Hunter. The former is a suite of automated tools used to detect vulnerabilities in Web applications, and the latter is a breach-detection platform that accesses and investigates all endpoints throughout a company's environment.

Mr Hadjy says: "All of our products - Scanner, Hunter and Storyfier - have put Horangi in a position to deliver first-class solutions to two major problems in the cyber security space: a lack of talent and the difficulty in explaining cyber security's business impact. Every iteration and update to these products puts us another step in front of our competition."

He shares that Horangi's cyber operations and design teams spend "a lot of time" with its customers to identify their business goals and gather clear requirements for its engineers. He adds that at times, Horangi will send some of its engineers to meet with customers onsite so they can "see how our products are being used first hand".

At the product development stage, one of the most important aspects is getting user feedback, Mr Hadjy says. "It's important to know what works and what doesn't and there just isn't a shortcut for experience. The best way to figure out if you're doing a good job is by asking the folks using your tools, so that's what we do."

He notes that it is difficult to talk to all of the company's customers, so what Horangi usually does is find a few that are willing to partner closely with the company and include them in its requirements-gathering and testing processes. "We get really positive feedback from these customers about the amount of time we spend addressing their concerns."

At present, Horangi has over 50 "Tigers" - what it calls its team members - of whom 80 per cent are based in its headquarters in Singapore. The others are spread across South Korea, the Philippines, Hong Kong, Bangkok, Indonesia and the US. Making up the team are cyber operators, software developers as well as business professionals.

Notably, South-east Asian companies are more susceptible to cyber security threats than other companies in the rest of the world. The reason for that is legacy issues, Mr Hadjy says.

"Asean faces threats that differ in methods and complexity from those that the rest of the world is dealing with. While Asean is fast developing and catching up with the rest of the world in terms of technology, there is still a predominant legacy issue. Both hardware and software legacy issues make Asean companies more susceptible to similar threats faced by the rest of the world."

Mr Hadjy notes that Asean member nations are increasingly exploring opportunities to cooperate with each other in cyber space. "We are seeing an increase in digital ties between organisations with varying levels of cyber resilience and security. However, the lack of sophisticated cyber security measures in this transitional phase make them prime targets for attackers."

As the world becomes more vulnerable to cyber security threats, it is essential for companies to be able to identify threats before they materialise, he urges. "Unfortunately, every company is different and each environment calls for very different and distinctive cyber protection requirements.

"Without deeper knowledge of the cyber security landscapes, an end-user's search for quality security solutions and service providers is a highly complex and risky pursuit."

This challenge in building an effective cyber security programme is relatively new, Mr Hadjy adds. While enterprises recognise the need for it, they tend to approach cyber security as a new business component to be added to existing business processes.

"This should not be the case. Cyber security changes the way business is done and affects all business processes. Businesses that hope to implement highly effective cyber security strategies need to take a step back and consider their organisation as a whole and how cyber security affects every part of it."

BT is now on Telegram!

For daily updates on weekdays and specially selected content for the weekend. Subscribe to