There’s nothing like a good burglary to get you wise about cameras and alarm systems in your house. The same applies to cyber security – the past two years have seen a bunch of well-publicized online attacks that have made a lot of people a lot more interested in the concept.
But while large organizations mostly have the resources to get themselves the electronic equivalent of sturdy steel bars and ferocious guard dogs, smaller companies usually can’t afford such measures or don’t have the people required to set them up.
Horangi hopes to be the cyber security provider for ‘the little guy.’
That’s where Singapore-based Horangi comes in. The young #startup makes cyber security tools aimed at small- and medium-sized enterprises (SMEs) that want to secure their online presence but can’t afford to install expensive software on the premises.
The startup just announced it’s raised series A funding to the tune of US$3.1 million. The round is led by Singapore-based venture capital firm Monk’s Hill and joined by Right Click Capital, 500 Startups, Hub Ventures Fund, 6Degrees Ventures, and private investors. It had previously raised a smaller, undisclosed amount.
“We target the SME space because we feel it’s underserved,” Paul Hadjy, co-founder and CEO of Horangi, tells Tech in Asia. The startup offers a software-as-a-service suite of products but also connects its clients to teams of cyber security experts they couldn’t afford otherwise.
Horangi, which means “tiger” in Korean, was founded in 2016 and launched its software platform in early 2017.
Hadjy set up the company together with co-founder and CTO Lee Sult. But the two go back further, having been part of storied big data analytics company Palantir. They took on government and commercial projects involving information security at the US firm. The work brought them to South Korea, where they got involved in an initiative by the Korean Information Technology and Research Institute.
The Best of the Best initiative’s purpose was to source the country’s top computer science minds out of 1,000 student applicants. Sult and Hadjy were helping out breaking down all the applications coming in. A software solution they developed proved to be useful for students, which led to the duo deciding to start a company of their own.
By that time, Hadjy was working for Grab in Singapore on the ride-hailer’s information security team. The prospect of his own startup proved irresistible, though. “I really liked working [at Grab] but I had this opportunity and had to make a choice,” he says.
Detect and protect
Horangi’s products revolve around three core tenets of cyber security; protection, detection, and response. “Every cyber security tool you can find either overlaps with some of those sectors or focuses on one of them,” Hadjy explains.
The startup’s products currently include:
- Scanner; which uses a library of more than 50,000 known threats to scan APIs and web apps, report on server and networked device vulnerabilities, and check software code for security gaps. “[It] just needs to be pointed to your hostname or IP address, and it will run a network and application scan, sending queries to assess the configuration and state of security on that device,” Hadjy explains.
- Hunter; which runs on target devices and collects forensic data from the startup’s tools like running processes, system logs, network connections, and more, to determine advanced threats. The data is then reviewed by Horangi’s team of experts.
- Storyfier; which creates comprehensive and easy-to-understand reports on vulnerabilities and comparisons to security systems of other organizations.
This holistic approach helps Horangi acquire customers, offering them first a way to understand what the risks are for their particular business and then producing insights and tools for them.
This is also its edge against the competition, Hadjy thinks. “A lot of cyber security companies in Singapore focus on one specific sector, on solving one problem,” he says. That may suit specific requirements of large companies and organizations, but perhaps not the market Horangi is going after.
This approach has allowed Horangi to get in front of problems fast. Hadjy recalls a client that was iterating quickly on its application, with each new feature or update giving birth to new vulnerabilities. Horangi determined that the client tackled security only in the last stages of its development process.
With a combination of security awareness training and what’s called secure software development process (SSDLC), the company in question saved “weeks” of troubleshooting and patching by adding just two days to its initial development time. “This was an extreme case, but normally a successful implementation of SSDLC pays dividends of developer time by the second or third development cycle,” he explains.
Horangi also gave the company some security-related objectives to include in its overall performance metrics. “I’m not sure if those were implemented,” Hadjy adds.
Filling the gaps
Horangi currently has over 50 clients – some of those are firms above the billion-dollar mark but most are SMEs. Hadjy doesn’t disclose who the clients are because of the sensitive nature of the business, but they span various sectors from tech to government to finance. Around 40 percent of those clients are in Singapore.
He also demurs on figures about the company’s revenues but says they’ve been able to keep the business growing since launch.
Horangi has seven offices around the world, including Singapore, Seoul, Manila, Jakarta, and Washington DC.
In the coming year, the startup wants to add new features to its platform like multi-user support and machine learning – once it has a competent amount of data to do it effectively. Hadjy is confident that with the company gaining more clients, it will be able to collect larger amounts of meta-data for this purpose. “This meta-data enables us to both understand our clients environments and to better understand the cyber security threats faced by our clients,” he explains.
Ultimately, Horangi hopes to be the cyber security provider for “the little guy,” Hadjy says. “I kind of look at our model as similar to Hubspot,” he says, citing the marketing software’s all-in-one approach.
It also hopes to help grow the community in Singapore and the region and do its part in developing tech talent – something that fits right in with Singapore’s drive to improve its cyber security capabilities. It’s working with parties like the Cyber Security Agency and the National University of Singapore for this purpose.
“There’s a lot of people trying to tackle the cyber security problem in Asia but I think this is a talent issue,” Hadjy says. “That’s one of the reasons why we started the company here, because we want to help with that.”