As a fast-growing cybersecurity company, BitNinja has closed two investment rounds in the past two years. The company now aims to add a US-based lead investor in its Series B round. HostingJournalist had a conversation with BitNinja founder and CEO George Egri, who explains a bit more about the company’s strategy, market expectations and trends being observed.
“The initial seed investment was $500,000, but it wasn’t just about the money. We found investors who are true professionals, such as the founders of BalaBit,” said George Egri. “BalaBit is a Hungarian security firm specializing in developing IT security systems and very exited about the startup world. We were also lucky to find an investor like Gyula Fehér, who was the CEO of the famous Hungarian startup, Ustream. And we found other successful ex-CEOs who helped us in terms of corporate governance.”
The latest round was in October last year, when you raised $3 million. What can be achieved through this Series A funding?
“Our plan is to grow our presence in the shared web hosting market and make the company scalable. We also want to create a go-to-market strategy for our B2C product (BitNinja SiteProtection) and build up the required development, sales, and marketing teams around SiteProtection.”
You’ve stated previously that BitNinja aims to add a US-based lead investor in its Series B Round. Why is that?
“Our primary target market is the USA alongside ten European countries, such as the UK and the Netherlands. We believe a US-based investor would help us set up well-organized marketing, sales, and customer success operations in the USA. This can be an added value for our company and also the network in the region that they could bring with them.”
How about selling the company in the future, or buying other companies, or seeking IPO? What are your ambitions with BitNinja?
“We are not looking actively for these opportunities right now, but we are open to listening to any offers. We have a mission, making the Internet a safer place. We focus on this, and our long-term plan is to defend 100 million websites. We will make every decision to reach these goals, and we will see what the future holds for us.”
What are the key cybersecurity products/solutions/technologies offered by BitNinja right now, and how complete is the portfolio (are there still some types of products missing)?
“We have two products. One of them is BitNinja SeverProtection. It secures servers and those websites that are hosted on the protected servers. ServerProtection is a multi-layered defense system that stops automated cyberattacks and botnets.”
“Our new product is BitNinja SiteProtection. It eliminates the targeted cyberattacks on websites that are secured by ServerProtection. So SiteProtection provides an extra-security for website owners, and ServerProtection focuses on the needs of server owners.”
What type of customers is BitNinja aiming for, now and in the future?
“We’re providing most value to shared web hosting providers, and we are also partnering with VPS providers. But basically, anyone running a LAMP stack can benefit from ServerProtection, and we target website owners with SiteProtection.”
How important is the web hosting industry for BitNinja’s sales channel?
“Web hosting is especially important for us. BitNinja started as a spinoff from my web hosting company, Web-Server. We realized that hacked shared hosting accounts cause serious Internet security problems. So we decided to protect these companies and make the Internet a safer place this way.”
Why do BitNinja’s products match shared hosting standards?
“BitNinja provides a complete solution for shared web hosting providers because it is an all-in-one security tool, and ServerProtection is tailored to them. It can help these companies in a lot of ways.”
“It saves time for their sysadmins because there is no more cybersecurity firefighting. It helps customer success managers to decrease their churn rate and for the support department to reduce the number of tickets. It creates a unique value proposition from a marketing aspect because companies that use our software are more trusted and really care about protecting their customers’ data. By using BitNinja, you can also increase your uptime which is crucial in this industry. And we help to reduce the average server load significantly.”
“BitNinja ServerProtection also integrates with the tools most commonly used by shared web hosting providers, such as different control panels, content delivery network solutions, and other valuable services.”
– interview continues below the photo –
How did Web-Server help in BitNinja’s go-to-market strategy?
“Six years ago, before we started BitNinja, we had many cybersecurity-related customer complaints in this shared web hosting company. We tried to handle it using different tools.”
“After a while, we realized that these tools can’t be interconnected and are working in isolation. This is the major drawback of open-source tools and makes it impossible to handle the problem of automated botnet attacks and cyberattacks. That’s why we started to develop our own multi-layered, all-in-one security tool.”
After that, we validated it on the market and realized that shared hosting companies actually want a product such as BitNinja. So we started to focus our efforts on it and to make the Internet a safer place.”
BitNinja has introduced the concept of greylisting. Can you explain?
“Our greylist makes IP management more flexible and provides a more convenient way to handle false positives while still blocking potentially malicious requests. Real human visitors are removed from the greylist automatically via a browser integrity check or manually by completing a CAPTCHA.”
There are quite some cybersecurity tools available in the market. What are the specific competitive advantages of BitNinja’s cybersecurity solutions?
“On the market, we found open-source security tools, such as Fail2ban and ClamAV, and enterprise security tools tailored to the finance sector. None of them can handle shared web hosting providers’ security problems.”
“On a shared web hosting server, companies usually host more than a thousand websites with different software. It equals more than a thousand opportunities for hackers, each of the accounts can be hacked. So, this is a completely different challenge than the usual security problems that enterprise companies face.”
“To secure a shared web hosting server, you need to implement the right security tool for each phase of cyberattacks. And this is where BitNinja ServerSecurity comes into the picture. It is an all-in-one security tool with different modules for each phase.”
“The phases and the BitNinja modules which stop the cyberattacks at specific stages, in brief, are: Scan – Honeypots, IP Reputation, Log Analysis; Exploit – Web Application Firewall (WAF), IP Reputation; Infection – Malware Removal, Log Analysis, IP Reputation, WAF; Register C&C Server- IP Reputation, WAF; Resource usage – IP Reputation, WAF, DoS Detection; Expansion – WAF, Malware Removal. These modules are integrated with each other and were made specifically to protect LAMP stacks.”
“In summary, our advantage is that we can think as a shared hosting provider, our system is multi-layered, and it is also easy-to-use.”
What is the biggest hurdle you’ve faced over the years in terms of issues related to technology, products, and/or operations?
“Last year, we had a big challenge when we realized our competitor had overtaken us with his malware removal, so we decided to regain the leadership position on that wheel as well and dedicate more effort to upgrade this module.”
First, we invented a new malware detection technique, the source code structure analysis. This is a completely new method for detecting PHP malware. It creates a special structure-based signature from the source code and then does the matching on the structure. This way, no matter how the source is altered, the structure will be the same.”
“BitNinja has several modules that can discover possible vulnerabilities and generate signatures used by the source code structure analysis system. To build a huge malware database, we made some changes in these modules, and we have also implemented some new ways to find more malware. For example, each server defended by BitNinja operates as a honeypot and can automatically capture the source of new malware files and create a signature from them. With this technique, we can detect zero-day vulnerabilities promptly.”
“We have two main categories of signatures: user and global. The user signatures are in the local database and are only used by the server owners. The global signatures are in the global database and are used by every BitNinja defended server to take advantage of the crowdsourcing method.”
“There are four types of malware signatures in these categories: whitelisted, validating, production, and discarded. The whitelisted are harmless signatures, the validating signatures are similar to greylisted IPs, the production signatures are the dangerous ones, and the discarded signatures are kind of useless.”
“We also simplified the process when users can decide about a user validating signature whether to make it a production (validated malware signature), a whitelisted, or a discarded signature. We created a very similar feature to a well-known online dating app and have made this procedure quicker and easier.”
“Last but not least, we created a system that has the same functionality as an isolated sandbox. It can do PHP behavior analysis by simulating the execution of the code. With this method, we can discover zero-day and PHP application vulnerabilities as well.”
“Hard work pays off. After putting a lot of effort into upgrading the malware-removal module, it was named ‘Anti-Malware of the Year’ winner in the 2021 Cybersecurity Excellence Awards.”
You doubled your employee base last year, from 20 to more than 50 staff members. How important is the headcount for your business and further growth of your operations?
“When we had fewer employees, many areas of the company were operated by one person. Now we have reached a level where each responsibility is held by a team. That has brought us new possibilities, and it was a big step towards making the company scalable. The employees can concentrate on specific fields, dedicate more time to them, acquire in-depth knowledge, and do a professional job.”
“On the other hand, it was a big challenge to reorganize the whole structure of the company, determine the responsibilities, and create workflows.”
“We have determined six core values at the company, and we are looking for people who have these characteristics. That’s our secret to finding new talent and having good teamwork in the company.”
We can imagine that BitNinja is more scalable from a global perspective than your Hungarian web hosting business. How important is scalability for you personally as a businessman?
“With the Hungarian web hosting business, I have reached a size that I believe I could replicate. BitNinja is different because of its international presence and growth potential. I reached a point where I needed to learn many new things to accomplish my goals, and this was always very exciting for me to push myself to the limit. And now that’s exactly what I’m doing.”
Do you still envision BitNinja as a startup or more as a scaleup today?
“I think we are still a startup. We have reached our product-market fit with ServerProtection. However, we are still working on finding the best business model for SiteProtection. In many areas, we use the plan-do-check-act method that typically refers to startups. We try to find a way to become scalable, and we are growing fast simultaneously. I think this is the essence of a startup.”
BitNinja is headquartered in Hungary. How international are your operations currently?
“We are international. We have non-Hungarian Ninjas too, and we use English as the official language of the company. Hungarian engineers are famous for their innovations. Our programmers are in the top five in the world, according to most expert articles. Therefore we want to keep the developer department here, and we want to open a marketing, sales, and customer success office in the USA.”
What are your plans for the near future regarding company expansion, new technologies, and/or new products?
“I think we have enough employees for now and we need some time to get used to working as a company with 50 employees. With our new product, we would like to reach a relevant share of the market. In terms of technology, we want to keep our form and dedicate most of our efforts to our malware detection module to provide a complete anti-malware solution for shared web hosting providers.”
“I am delighted with how the company is progressing in achieving this goal. We have a rapidly growing signature database that is fed automatically by our Linux Agent, and our users can contribute to it too. Right now, we are working on upgrading the following features in the malware detection module: cleaning injected malware, handling general obfuscations, and finding zero-day vulnerabilities. In the future, we plan to solve the shared hosting spamming issue, and we want to separate user resources from each other.”
What cybersecurity trends are you noticing right now, and what trends do you expect in the coming years?
“There are not many new approaches in terms of types of cyberattacks. Hackers operate using old-school methods. There are plenty of unprotected servers, outdated WordPress plugins, and theme vulnerabilities in the world, so hackers don’t have to be creative yet.”
“When the motivation changes, the target will probably be different in the near future. Hackers will pay more attention to remote workers and try to attempt breaches through them, and crypto mining has boosted interest in stealing server resources. I think companies have realized and were forced to realize (for example, by the GDPR) the importance of cybersecurity and will take it more seriously and spend more money on it.”