GamaSec – Enterprise-Grade Security for the SMB Market

The security products offered by GamaSec are so good, they convinced a leading insurance company to offer an insurance policy against data breaches along with GamaSec products. This is something of which Avi Bartov, co-founder and CEO of GamaSec is particularly proud. He is also proud to be providing affordable, but top-quality security products to small and medium sized businesses.

In our discussion, Avi shares information about GamaSec’s numerous security products, who they are primarily meant for, and how he goes about selling to that market. He also discusses what he sees as the next big target for hackers and security products – his answer may surprise you.

Please tell me a little bit about yourself and your background.

After studying law in France, I got involved in Bug 2000 and security issues. I did not see any jobs for lawyers back home in Israel, so I began to look for a way to add value as an Israeli in Europe. I decided to focus on IT (Information Technology) security and started an IT security consulting company in France.

I soon realized that I did not want to have an IT security company with many consultants to manage. I understood that the future was in internet and web security, so I moved to focusing on the web, cloud infrastructures, and SaaS (Software as a Service) business models.

Before getting into the specifics of GamaSec, can you share your top three corporate security tips?

Here they are, in order of importance:

1. Educate employees about security risks, e.g. opening emails, un-scanned USB devices, etc.
2. Invest in security equipment to address current risks.
3. Audit your environment to confirm the full use of equipment capabilities for the level of security you currently need.

You product line include several independent, but related, security modules. Please describe them for me.

We offer four different layers of security:

1. Vulnerability Detection – Our web application scanner simulates hacker behavior using our unique AI (Artificial Intelligence) technology in order to identify application vulnerabilities together with malware detection.
2. Remediation – Since SMBs do not have the resources to remediate based on the reports we generate, we offer remediation as a service. We clean up all of the discovered vulnerabilities and malware for a fixed price. This is mainly a manual process – only 20-25% can be done automatically.
3. Website Protection – Advanced Web Application Firewall (WAF) and DDoS (Distributed Denial of Service) protection.
4. Data Breach Limited Warranty – The SMB market is requesting/demanding insurance coverage for data breaches. We provide this coverage through our partnership with Assurant, a risk management company.

One thing that struck me as unusual for advanced security software is that the sales of your products is completely online and that the pricing is not based on the number of users.

The truth is that online sales represent only 5% of our total revenue. The bulk of our revenues are via channel partners, who sell our products either under the GamaSec name or white labelled. These partners include:

• Web hosting and Internet service providers
• MSSPs (Managed Security Service Providers)
• Industry associations
• Insurance brokers

How do you define your target market?

We saw very quickly that security companies were generally targeting large enterprises. We recognized an opportunity to address the untapped SMB (Small and Medium Businesses) market with our enterprise-quality product. The SMB market is an overall larger market, but requires that you approach and sell to many more organizations. That is why we place a priority on working with channel partners.

As a result, our target company is a channel partner with a large quantity of potential customers. We spend a lot of thought and energy on what added value we can provide to our partners to make them, and us, more successful.

How many active customers do you have today? Where are they mainly located?

The majority of our customers are in the US and Canada. This year, we are providing services to 15,000 sites.

How would you describe your current typical customer?

Our current customers come mainly from the following three areas:

• Retail & E-commerce
• Medical care (HIPAA/ Privacy)
• Web sites/organizations that must protect their online reputation

Who are some of your biggest customers?

Our largest customers include Eli Lilly, Tetra Pak, and Hyatt Hotels, as well as the companies shown below.

Whom do you see as your main competitors? How do you see your tools as different and/or better than theirs?

We have two types of competitors. The first type of competition is the top enterprise security companies such as Rapid7, WhiteHat, and Qualys. They have very good tools and technologies, but they focus on enterprises and do not really compete with us in the SMB space.

The second type of competition is companies like SiteLock, that also specifically target SMBs. However, they simply combine technologies from multiple companies. We are different from them in that we have our own technologies.

Another unusual, if not unique, aspect of your offering is the Data Breach Limited Warranty that you offer together with Assurant. Please tell me about that.

By being in touch with the market, we saw that more and more SMBs wanted to receive cyber insurance against data breaches. However, two major issues make it difficult for insurance companies to offer such policies:

• How can the insurer identify the level of security in place before signing a policy?
• How can the insurer monitor that the level of security is maintained over the life of the policy?

We approached Assurant Inc. about offering financial protection with our security products. We worked together for 18 months, after which they were convinced that our cyber solutions were good, so they could bet on them. In addition, we were able to address the two concerns I mentioned earlier, through our daily/monthly malware and vulnerability scans and detailed reports.

How do you see the security software market evolving in the next few years?

The big trend that will affect all aspects of computing – not just security – is the fact that everything is moving to the cloud.

The next major trend that I see is that security in the next three to five years will focus on the “smart home.” We are just at the beginning of that trend, but it will see huge growth in the coming years. In the same way that we currently protect networks and web sites, we will need to protect smart homes from hackers as well.

What are some of the future plans for GamaSec?

We have three registered patents pending, which is indicative of the fact that we are a technical company and are investing heavily in future technologies. We are about to launch our GamaEye product, which will utilize the technology in our patents to provide near real-time attack activity detection.

On the business side, we opened an office in New York six months ago and are now planning to expand into APAC.

How many employees do you have today? Where are they located?

Presently, our team consists of four dedicated marketing professionals stationed in the United States, while in Israel, we have a workforce of six individuals primarily focusing on development and operations.

How many hours a day do you normally work?  What do you like to do when you are not working?

I do not want to be the CEO that says he works 18 hours a day… I love what I do, so I don’t really consider it work – it is more of a passion. But to answer your question, I typically work 12-14 hours a day.

When I am not working, I love to be on the beach, look at the sea, and do nothing else.