The story of a startup in the field of information security

Hello! Our company is a startup in the field of information security DigitalSecurityLab and today we open our blog on Habré. In our first story, we would like to talk about what it is like to launch a new company in the field of security in Russia, and how we did it.

Start = Idea

Once, the current CEO of DigitalSecurityLab was called by a comrade working for a large company. The organization’s website was hacked, the customer base was stolen, the site’s admin panel was destroyed, visitors were infected with a virus, replenishing the ranks of someone’s botnet for DDoS attacks. It was not even a request for help, but a cry of the soul.

At that time, our company as such did not exist, there was a group of developers working on creating and launching web platforms and applications. Nevertheless, we decided to help resolve this problem, formulated exactly what this assistance should consist of: an audit of penetration and unauthorized access, investigation of information leakage, closing of all vulnerabilities.
')
All this was done without problems and in full, since then the company “injured” during the incident, our regular client, for which 5 projects have already been closed. Thus, the idea of ​​creating our own information security company was born, and we became “white hats”.

Team

We are not particularly bothered to formulate the mission of the company. I just wanted to make the Internet a little better :) Therefore, completely different specialists gathered in our team: programmers, administrators, security specialists, pentesters with a good baggage of real practice on both sides of the barricades. In general, all those without whom to provide services in full would be difficult. We also attracted partners in the direction of protection against DDOS attacks.

Market entry and growth prospects

Obviously, the information security market is huge and continues to grow steadily. It can only be transformed with the advent of new technologies, which will leave in the past today's ideas about DBMS, programming languages, etc.

On the other hand, a potential client is in no hurry to contact information security specialists until “thunder breaks out”. And hackers, in turn, are more active every year. The lack of a large amount of judicial practice in articles such as 272 allows cybercriminals to commit crimes almost without fear of punishment.

However, to create a sustainable business on sites that are being cracked at the moment is impossible. And this means that the market in many respects needs to be formed by oneself, creating a conjuncture is difficult, you need to do a lot of work in addition to standard “sales”. In general, to get started, I needed some kind of financial support - serious start-up capital, otherwise I would have to rely only on luck. Fortunately, we had this capital.

Who is the customer?

In principle, all sites, information on which has at least some value can become our customers. However, if we talk about segmented demand, first of all, online stores provide work. E-commerce is a database of customers, orders, goods - all that is the foundation of this business. The loss of this information can lead to the most disastrous consequences.



Of course, online stores are not the only consumers of security services. Protection against DDOS attacks and direct hacking is required in all competitive segments - especially in those where the “battle of the titans” is taking place in contextual advertising.

Instead of conclusion

On the one hand, the start of our company was successful - the god of IT start-ups was gracious, and we quickly became major customers with large projects. However, the tasks were really difficult and had to work 24/7. But we managed to gain experience (both in the investigation of incidents and in defense against DDIS and other types of attacks), which we will share in our next habratopics.

In addition, we had to develop a set of software solutions that are able to automatically solve complex problems of processing large volumes of information and respond correctly to various situations. Not all of them can be told “in public”, but we will definitely present something interesting in the following posts.

Thank you all for your attention! We will be glad to questions, suggestions and requests for the disclosure of certain information security topics in the comments.