The pandemic has accelerated the need for robust cybersecurity systems for governments and companies worldwide as security breaches have peaked amid the transition to the new normal. New Delhi-based Astra Security provides an end-to-end security suite for threat protection, malware monitoring, vulnerability assessments and penetration tests. Founded by Shikhil Sharma & Ananda in 2017, Astra Security is the trusted security partner to well-known brands, including Vodafone, Unilever, NIIT, TEDx, Muthoot, Ford, Gillette etc.

We got in touch with Ujwal Ratra, Chief Operating Officer, Astra Security, to gain insights on the company’s growth trajectory, tech stack, AI/ML implementations, and more. 

Behind Astra Security

Astra Security claims to have stopped over 31 million attacks across thousands of websites last year, detecting over 800k malicious files and uncovering over 20k vulnerabilities in their applications. To make security super simple, the startup offers easy-to-set-up solutions that enable both business owners and developers to operate with ease. 

Astra is among the few technology startups in India that offer security audits, firewall and malware scanner in a bespoke suite.

The startup believes businesses need to hack themselves before the hackers do. Astra Security, therefore, integrates its security audits as part of the development sprints of the customers. All the vulnerabilities found are reported in the dashboard with details such as: 

• What the vulnerability is
• What business impact it can have & how critical it is
• What are the affected areas
• Steps to reproduce the vulnerability
• Tailored steps to fix the vulnerability

“The developers fixing these vulnerabilities can collaborate with the security engineers right on the dashboard & ask any questions they might have while fixing,” Ratra said.

Idea To Reality

The founder used to work on identifying security issues in giants such as Microsoft, Yahoo, Adobe, At&t etc back in their teenage years. Building on their skills, they slowly started helping businesses to build security moats. Astra started as a purely service-based company doing security audits for businesses. The audits helped companies find vulnerabilities, steps to fix them and other recommendations to keep the applications secure.

“After doing many such audits and talking to customers (CISOs, CTOs), we realised that it was not easy for businesses to follow these recommendations. The products available were not easy to configure and use. Moreover, the companies we did audits for were not in a position to hire a full-time security person,” Ratra said. That is when the Astra security suite was born. “And from there, we started spreading happiness through security,” he added. 

Tech Behind Astra

Astra believes as the attacks get more sophisticated, the defence ideally should be one step ahead to prevent attacks. 

“False positives are a big challenge as no one likes to hamper the UX for security. Another challenge is the AI conundrum — what about the security of the training data? What if the malicious actors target the training data? These are some real challenges & being a critical function, we need to take care of these before we see more AI in security,” said Ratra. 

At Astra, machine learning is used in the malware scanning engine. This ensures that each scan is better and faster than the previous scan. Talking about the tech stack, he said that for most products, they use PHP (Symfony framework) & react js. “There are a couple of other languages we use depending on the use case the product is trying to solve,” he said. 

Challenges In Cybersecurity

Ratra said security engineers keep on researching new kinds of malware and vulnerabilities. This intelligence is then built into the products. “Since the product is also self-learning and runs across thousands of websites, we also get to learn about the latest attack patterns from it,” he said. 

While Astra Security provides a holistic solution for companies, he advises companies with the following tips to keep the basics covered. 

• Update any third party software/plug in regularly with the latest versions and security patches.
• Use the principle of least privilege in all your applications/systems. Any user, program, or process should have only the minimum privileges necessary to perform their function.
• Misconfigured servers (AWS. Azure, Google clouds) have been one of the biggest sources of data leaks in the last few years, giving hackers access to secret keys, essentially letting them access millions of records. Ensuring these servers are checked internally and audited by external security companies for the best configurations from a security perspective is the key.
• Get regular security audits done for your applications. Hack yourself before hackers do.
• Ensure that data is encrypted in transit and at rest.

Growth Story 

Over the past few years, the company has catered to a wide range of industries such as banking, consumer products, healthcare, education and many more. The startup has provided solutions such as security audits of applications and infrastructure, protecting web applications and websites, taking care of the infected website, and removing malware. 

Ratra said their focus is on delivering peace of mind to the customers. The startup has plans to launch more products soon. “We will be pushing out a major update for our threat protection & malware removal engine. Other than that, we are working on a product that would act as the first and one of the essential members of any company’s security team,” he said.