Data leaks have become the scourge of modern times, and the consequences are devastating for any business.
Theft of know-how, technologies, customer databases, idleness of unscrupulous employees can cause significant damage to a company.
SearchInform has brought to the UAE market a unique service for protection against internal threats and solution of these problems. In a media talk, SearchInform Head Lev Matveev speaks about which companies have a higher risk of data theft, how to protect data in SMEs, and why, for the UAE, managed security service is better than selling software licenses.
How long have you been in information security?
Over 20 years. We started out with an algorithm for data search, but one case with a customer gave us the idea to try developing towards information security. In infosec, you cannot just monitor information, you should be able to search and analyse it. So, the initial product was transformed into a data leak prevention (DLP) system. Then we expanded the product line to six solutions.
How do your solutions protect business?
Our flagship product is Risk Monitor, a next-gen DLP system. It protects against data breaches, detects fraudulent activities, financial fraud, risk groups among employees, theft and much more.
The system monitors data (text, images, audio) sent by email, in messengers, uploaded to cloud storages, as well as documents sent to print, written to flash drives, etc. It features an evaluation of the productivity of employees working at their PCs: visited websites, running software and time worked.
But it is security as a service that you are introducing to the UAE market. Why?
Our software cannot just be installed as an anti-virus or firewall and work by itself. You need an analytical expert who will work with the system alerts, conduct investigations, respond promptly to leak threats or insider risks, and provide reports to the management.
Working in the UAE market and selling our software licenses, we realized that there is a great demand for qualified data security experts who could work with our software.
It is not just our opinion. Trellix research confirms that there is a shortage of information security professionals in the UAE. 66% of CIOs believe that their companies aren’t protected or poorly protected against infosec threats. Consequently, we realized that the UAE market should be offered internal security as a service.
What is it like?
We install protective software, analytical expert customizes security policies, monitors the situation, blocks the sending of confidential data, if necessary, prepares reports at agreed frequency, and immediately notifies the client of emergencies.
We offer the service free to everyone for a month, because we are confident that the service is useful, and we can show it. We detect security incidents in 100 per cent of trials. On average, 70 per cent of clients continue to cooperate with us after a free trial month.
It turns out that, besides the security issue, you also solve the personnel issue for the client, right?
Yes, the client does not depend on employees who may fall ill, resign, take a leave of absence, etc. We have more than one analytical expert, so in case of any contingency another expert takes over the work.
Besides, SMEs might face difficulties in hiring data security professionals. They are unlikely to take a job in small companies, and for businesses it is often an unaffordable expense to build their own IS department. It costs several hundred thousand dirhams to buy software, hardware, and hire a professional. It is a vicious circle.
For comparison, for a company of 100 employees, our service costs about AED 140,000 per year. This is even lower than the annual salary of one security specialist.
Who are your potential clients?
The service is useful for companies with 30 to 500 employees that do not have a full-time security officer, special-purpose software, technical and other resources for data protection.
Large companies can appreciate MSSP when they need more security human resources, during business expansion or during redundancies, when they need to cut cost. They might also want to test the software to assess its potential necessity for the company.
What markets are you currently present in? And what made you interested in the UAE market?
We work in the LATAM, Southeast Asia, Africa, CIS countries. We realize that MSSP requires a much more attentive attitude to clients, and for us it also requires higher costs. We are ready for this. That is why we decided to invest in our own office in Dubai, and we are actively expanding our staff.
We are confident about the prospects in the UAE, because we see the rapid development of the region and high rate of digital service implementation. This means the growing demand for protection of all the digital services. We see that we can play an important role in enhancing protection against internal threats in the country and region.
Tell us about investments in the country and your plans.
Investments are still difficult to estimate, since we are only at the beginning of the journey, but the range is from $500,000 to $1 million.
Short-term plans are to conduct 10 to 20 trials and get the first feedback from local customers by the end of the year. We also plan to expand to the entire MENA region in the near future.
As far as longer-term plans are concerned, by the end of next year we will transfer the business to the franchise model. Within 4-5 years, we expect to reach a turnover of 200 million dirhams and a net profit of 100 million dirhams in the UAE.