Matthew: Hi, this is Matthew Wise with FounderLY.com. We empower entrepreneurs to have a voice and share their story with the world, enabling us to learn about building products and starting companies. It is with great pleasure that I am here today with Anirban Banerjee, who is the co-founder of StopTheHacker. StopTheHacker provides web security services to protect online reputation. With that said, Anirban, I would love for you to give our audience a bio.
Anirban: Sure. I’m originally from India. I did my undergrad there in information technology and moved over to the U.S. in 2004 to join the PhD program in computer science at the University of California at Riverside. During that time, during my four years at UCR, I met my co-founder who was, incidentally, my professor, Dr. Michalis Faloutsos and we worked together on my PhD as well as, at the same time, we came up with this cool idea. We thought, “Hmm, there is really a big need in the market for security services for web sites.” Then we decided, “Let’s do the PhD, but then let’s also start a company of our own which will tap this large, untapped market.”
That’s how we started StopTheHacker in late 2008. In 2009, I started working as a full-time employee for StopTheHacker. Since then, I’ve been working as V.P. of R&D for StopTheHacker, and I have been having tremendous amounts of fun doing that.
Matthew: What is StopTheHacker? Who’s it for and why are you so passionate about it?
Anirban: StopTheHacker is a SaaS based service for website owners or anybody who cares about their own website. We intend to protect the reputation of the site. What happens is hackers no longer are defacing websites nowadays. They’re going after the money. How do they do that? Once they find vulnerabilities in the website, either through forums, chat sessions, blogging, whatever it might be, they are injecting small pieces of code, malicious computer code like viruses that we see on PCs, but these are different. They inject small pieces of code onto these websites such that when visitors visit these websites, they get infected and redirected to different websites, and they can be exploited.
That’s what we intend to stop. We want to tell the website owner, scan the website, and tell them, “Here’s the piece of malware on your website. A hacker has just broken in. This is what you need to do to clean it up to help them basically to do this thing.”
Matthew: Given your domain expertise, what are some of the trends that currently exist in your marketplace, and where do you see things developing in the future for your space?
Anirban: The current trend are actually pretty interesting. We see close to 6,600 new websites being blacklisted every single day, only by Google, let alone what Yahoo does, let alone what Bing does and so on and so forth. So, there’s a huge number of websites that are being hammered every single day by hackers so I’m viewing that they’re out there. The problem is spilling over into the social media domain. If you look at Facebook, there are 4.5 million profiles which have malware on them, malicious links pointing to somewhere else. Twitter has a problem, too.
You look at any kind of social media right now, everything has malware associated with it. If you analyze the antivirus industry ten years before now, when we didn’t really have a lot of people using antiviruses on their PCs and people thought, “Should I be paying $10 or not?”, things like that. Now, everybody’s protected. It’s like close to 100% penetration in this market. We see this as the same way which will go for website security that right now out of the 75 million websites that exist out there, a few of them are protected. A few of them do something like IDS, IPS, firewalls, not that these will protect you from any code injection attacks, but, at least, somebody’s trying to do something.
We see that this market is going to evolve just like the antivirus market, where it’s going to be. By 2015, there’ll be like the 225 million websites, and the majority of them will be protected. That’s what the IDC report says. That’s how we think the market is going to go.
Matthew: Who is StopTheHacker or what types of client, customers, would use your service?
Anirban: We actually have clients all across the board. We have clients who are small business owners. We have clients who have blogs. We have clients who are non-profits. We have clients who are hosting companies because they want to keep their infrastructure clean. We have clients who are enterprises who are bothered by the fact that, if they get hit with malware, and their website gets blacklisted, there’ll be, on an average, 7 to 10 days of downtime, people cannot visit their sites. There’s all hell breaking loose. Every kind of customer you can name, we have them as a sample customer.
Matthew: We went over your bio, and we have an overview of your market. Can you dig into the details of the story of how you started the company, how you came up with the idea and threw yourself into the research, and how that resulted in actually starting the company? What’s the story behind that?
Anirban: Yes. It was an exciting time for me when I was at UCR doing my PhD. I initially started off in a completely tangential direction. I started out doing embedded systems, sensor networks, which had nothing to do with website security. Surprisingly, during my work on sensor networks, I was visiting sites and Google, at that point in time, had just started blacklisting websites. So in late, you could say, 2004, 2005 and what happened was, a lot of these open source projects like, not open source but free enterprise like WordPress and so on and so forth, CMS software, Joomla, Drupal were freely available so web designers were taking advantage of those because it reduces the amount of time you need to double up a website.
What was happening as a result is hackers had an easier target to go after because they also had access to the same code base. They knew what vulnerabilities are there in these millions of websites that are using these prepackaged pieces of software. And there you go. It’s like thousands of websites started getting blacklisted and hit with malware. My personal experience was, the first time I experienced this was trying to go to a news website and finding that it’s blacklisted and I got interested in, “Why is this happening?”
During the last three years of my work at UCR, I did this as a side project, trying to understand, “Why is this happening?”, analyzing hacker websites, looking at the malicious code on the websites and trying to double up our artificial intelligence to prove these species of code and say, “How do we distinguish between good and bad code?” That’s how we started the company in 2008, and then we moved on to turning it onto a more stable production [inaudible 07:48], and offer the customer per se.
Matthew: And how did you find your co-founders?
Anirban: My co-founder was my advisor during my PhD so I really didn’t have to find him. We started working together when I joined UCR. The funny thing is that I was working on a completely different project when I saw what was happening in the website domain. And I wrote some statistics about what I was seeing, and I proposed methodology to how we could take these things. I wrote a mini paper and I left it on my advisor’s desk.
My advisor was the one who was always telling me, “No. Let’s focus. Let’s do this thing. Let’s complete the PhD. Let’s do this thing,” and I left it on his desk and I told him, “You’re not even going to look at this thing. Don’t worry about it. It’s all cool. I’m still doing what you told me to do. Don’t worry about it. When you have time, read this thing.” My advisor was shaking his head, “Oh my God, there he goes again. He’s not focusing on the thing.” Then he calls me up like five minutes later, “Hey, this seems pretty interesting. Let’s talk about this thing.” That’s how we kind of like collaborated on this thing and started working on the website security project.
Matthew: From idea to product launch, how long did it take, and when did you actually launch?
Anirban: We launched in 2009, June. That was the first build of the website that we had, some initial products that we had. It took us close to six months to double up our first prototype. The first prototype was kind of like spaghetti code, somehow getting it to work. It worked fine, but it was still a lot of, like, things could be improved. It took us six months to get there from 2009, January to 2009, June. Then from 2009, June onwards, we had a much more stable version. We made lots and lots of changes for security and so on and so forth, and it’s gone way uphill from there.
Matthew: Are there any unique metrics or social proof about StopTheHacker that you’d like to share with the audience?
Anirban: Yes. Our IP is completely clean, and we’ve filed patents with our IP and our detect malware. We have a few patents filed. We have a few provisional ones, three or four more provisional ones to file. Our technology has been vetted by the National Science Foundation. It has been significantly different from antivirus-based technology, and we have received $600,000 today from the National Science Foundation to double up the prototype, build up the technology.
Additionally, one of our distribution partners parallels, which is the largest supplier of software, stacks hosting software, stacks to hosting companies and has access to millions of websites has partnered up with us to offer our services to all their hosters and, thereby, to millions of end clients. We also have other distribution partners who are following the same model by building in our technology into their dashboards and funneling it out to all their partners using these channel strategy.