Company: Viewfinity | Who: Gil Rapaport, President and Co-Founder
SecurityWeek: How did you start out in security?
Gil: This is actually not the first company Leonid Shtilman, the CEO, and I founded. Our previous company was in the storage space. We always wanted to establish another startup and weren’t interested in doing something in the same space so we moved to the security space.
SecurityWeek: What brought you to found Viewfinity?
Gil: Leonid and I started in late 2007. During the course of six months prior to founding the company, we talked to about 100 customers. We surveyed them to understand their pains and gaps, toying with about 3-4 ideas. We recognized that there were greater pains and unsolved problems relating to administrator rights and privileges. We took these as our next challenge.
SecurityWeek: What does Viewfinity do?
Gil: We have two solutions. The first is privilege management- managing admin rights both on desktops and on servers. This solution looks at end-users and at admins. The second solution focuses on application control, or as also commonly called- whitelisting. In many other products, the user has the ability to set up whitelisted applications or blacklist applications. One of our unique features is the automation of greylisting apps. Greylisted apps are those where users are not certain about whether they should be whitelisted or blacklisted. A greylisted app runs in restricted mode so the user can set up the app to assess its usage. For example, ensuring it has limited access to corporate resources. We’re actually the first company to present both privilege management and whitelisting under the same product.
SecurityWeek: Who are your competitors?
Gil: On the privilege management side our competitors are BeyondTrust, Avecto, and AppSense. Looking at the application control end, they are Bit9 and McAfee.
SecurityWeek: What’s the one particular benefit you can highlight by having the two solutions under one product?
Gil: The forensics analysis capability. We had this on the application control end and we migrated this solution also to our privilege management solution. Everything we have is kernel-based so we now have the full history of all the applications in the organizations. For each application we can tell the source from where it was downloaded, when and by whom it was installed, from where it was updated – from the USB drive or the Internet, the resources it accesses, and other such forensics capabilities.
By having full visibility into the application the user has more control. The user, for example, can build a policy based on the application’s origin and from where it was updated. Such a policy could be preventing access from anything that was updated from the Internet.
We believe that forensics will be a very important component, in addition to application reputation which is what Bit9 and others are doing today. If a company has the history of an application and they can share the data with fellow companies then this becomes very powerful. Customers are very enthusiastic about this.
SecurityWeek: What’s your business model?
Gil: We have a SaaS offering which is subscription-based with annual fees. We also have two other platforms: one is a server-based deployed on premise and the second is a plugin to Microsoft’s Group Policy. These two platforms come as perpetual licenses.
SecurityWeek: What are your markets?
Gil: With more than 300 customers, we cover all verticals. We have a great presence in energy, education, and government. Region-wise, most of our customers are in North America. A few months ago we started to establish presence also in the EU- mainly covering Germany, UK and Netherlands. We also have customers in EMEA.
SecurityWeek: Do you have a customer story you can share?
Gil: Many times we see two types of customers – and each time they’re surprised but for different reasons.
The first is those customers that tell us that they have a very restricted environment and that they don’t give admin rights to end-users. The thing is we also have a freemium admin rights discovery tool which organizations can run in their environment. We find that usually those that say that more than 90% of their employees are running with no-admin rights are surprised to see that 60% of their users are in fact running with admin rights. It’s the same story all over. The enterprise allows at first very restricted privileges. But then, say, an employee just needs to install a printer. So admin rights are given to that employee with the intention of later revoking those rights. But people forget and over time the number of people running with admin rights gets larger.
The second is just the opposite – environments which are open and allow the download of just about anything. These customers are surprised how easily and quickly they can secure their environments – basically, in just two weeks. In these environments we also run into political issues where IT is nervous to take admin rights from the business users. But once they do that, they find how easy it is without the business users noticing that they became standard users.
SecurityWeek: What stage are you now?
Gil: Three VCs have invested in the company. We have 40 employees. About half in R&D in Israel and the other half in the Boston area: sales, marketing, support.
SecurityWeek: Are you currently hiring, and what do you look for when you hire?
Gil: We’re now hiring in sales and support. We look for individuals with experience in the security space that are seasoned in selling an enterprise type of product. We also look for individuals that know to be efficient and can manage prospects from remote – we’re not looking for someone to always be on the road, but is capable of managing a lot of the sales cycle from remote. The point is not just to reach out to customers in the particular salesperson’s territory.
SecurityWeek: What was your biggest challenge at the company?
Gil: We’re facing it right now: converging two markets into one. The reason is that you have two sets of competitors. We now have one product developed by one company – namely, Viewfinity – whereas multiple companies are developing the solutions as two separate products. We have the confidence to do it and I believe it’s a good big move.
SecurityWeek: Any tips for other entrepreneurs starting out?
Gil: The first is do a lot of research. Get in early to be in touch with customers and work with them. Second, don’t try to have all the features in the world in the first version. So don’t postpone a launch just because you don’t have one single feature. The product, of course, needs to be stable and give value – but don’t be perfect. It’s better to be engaged with customers than stay only in development all the time. Third, don’t fear to fail.
SecurityWeek: Other than yours, what is your favorite startup – whether it is in security or not?
Gil: There are actually three:
– Zerto. They provide business continuity and disaster recovery for virtualized infrastructure and cloud.
– InsightSquared. Offering data intelligence software for SMBs (mostly to improve sales performance).
– CloudLock. An information security suite for enterprises using cloud platforms.
All three startups have great founding teams, all very creative with an endless persistence to make it work.