Security systems are extremely advanced in some areas of application, as much as there are vulnerabilities in others. Redinent Innovations, a Bangalore-based startup, aims to change this and establish security tools for CCTV cameras and unmanaged IoT devices, which are often exposed to cyber-attacks. In an interview with EFY, Divyanshu Verma, Co-founder and CEO of Redinent, talks about IoT security, some unique products, and much more.
Q. Redinent has become synonymous with IoT security, especially when it comes to CCTV cameras. How exactly did you come up with this idea?
A. During the pandemic, most of our (the co-founders’) conversations became digital. We had a feeling that the overall safety, security, and privacy of our daily lives in the digital world were extremely unclear. We were using video conferencing apps, but were doubtful about how secure they really are – is our video encrypted or not? It is important because we talk about our lives, our family, etc on these apps. In the digital world, there is no limit – what if our videos land in the wrong hands?
As we were discussing about digital privacy, we realized that our homes, offices, etc are all filled with digital gadgets like webcams, CCTVs, Bluetooth devices, and many more. We then started looking into them deeply, especially CCTV cameras. These cameras are on continuously, they keep recording our lives.
“We found that many CCTV cameras have leaks, backdoors or vulnerabilities! Most of them are not well protected,” says Divyanshu Verma, Co-Founder and CEO of Redinent Innovations.
Well, it can be possible to check for vulnerabilities manually if an organization has about 10 CCTV cameras. But in large firms with around 200+ cameras, human error cannot be neglected.
We looked into CCTV cameras and did digital forensics on them. With a certain amount of skill, many CCTV cameras are easily hackable. Hackers can record your feed, observe your videos, and even launch a malware attack because these cameras are connected to networks. We then used a lot of analytical tools like Google Dorking, Shodan, etc. We found out that at any point in time, there are over 10 million cameras that are hackable, if not already hacked!
Q. How did you make your very first prototype or MVP? What kind of technologies were used in it?
A. First of all, we looked into the various protocols, including RTSP, that are involved in such a product. Then we used a lot of open-source tools like NMap, Webbuddies, etc, apart from many proprietary algorithms and subsystems that we have developed. We had started working on our proof of concept around September 2020, and first version was developed by May 2021.
Q. What are the general steps you follow while dealing with CCTV camera security? Does your solution involve modifying the cameras?
A. Our solution is completely retrofittable. We do not modify the camera. Ours is a software solution that sits on a server or a virtual machine (be it Windows or Linux), scans the cameras, and derives test cases remotely. We do not put any gadgets or software inside the camera itself. It is an agentless system.
So we do a lot of rigorous behavioral analysis of the cameras, and then we predict the occurrence of flaws. If any flaw is found, we run the test case for that. Thorough agentless testing (Automated VAPT) is done. We have thousands and thousands of vulnerable test cases with us.
We then report the flaws with identifiable links based on international standards, publish a report and give it to our customers. We also suggest ways for organizations to mitigate the risk of cyber attacks on their IoT infrastructure, especially CCTV cameras. Overall, we help organizations protect their CCTV and other IoT devices against cyber attacks. With our solution, customers will be able to evaluate the vulnerabilities in their IoT/CCTV devices and close them before a cyber attack can take place.
Q. Could you elaborate on Redinent’s Threat Scanner? Is it your USP?
A. Our algorithm is our USP. It is a patented technology based on which we have developed our Threat Scanning Platform. This platform is a deep tech innovation that opens a whole new business strategy and opportunity around IoT device security. The technology is heavily influenced by the practices of the defense and security industry, and uses some of the best TTPs of cyber defense.
“This technology stack inside Redinent acts as a protective backbone to secure the IoT deployments inside enterprise,” says Arko Dhar, Co-Founder and CTO of Redinent Innovations.
Moreover, the threat scanner has almost zero false-positive rates and is based on a cloud scaling architecture. It covers the maximum number of threat scenarios and the widest range of CCTV/ IoT brands, apart from evaluating all the brand-agnostic features at the protocol level itself.
“Redinent is easy to deploy and is truly cloud scalable, which means that organizations which have multi-location operations can use Redinent Scanner centrally to secure their CCTV and IoT endpoints,” says Cdr K Arun, Co-Founder and COO of Redinent Innovations.
Q. What would you say is the most unique feature of this platform?
A. First of all, organizations have multiple geographical locations, and they have cameras there. These cameras can lead to different sub-domains. What’s unique about our software is that it is able to identify the network architecture once it is given access. After that, it starts running test cases. It does not matter whether you have 2000 cameras or 20,000 – our software is intelligent enough to find the right speed and bandwidth depending on the network architecture, and then start testing.
Secondly, cameras generally don’t run all test cases. In our design, each and every vulnerability is tested through a test case, and the output is reported. Hence, we have almost zero false-positive scenarios – our test cases will report either “pass” or “fail”, and nothing in between.
Q. What has been your commercialization story?
A. Our solution is already commercially ready. We are fortunate enough to get very early access to some of the largest brands as our customers and partners. Within a span of five months, we had airports, power plants, SEZs, hospitality and resorts, rail networks, and banks as our clients. Our first customer breakthrough came within 2 weeks of launch, and we had our first 5 customers within just 120 days of launch!
Initially, identifying the right customer target and marketing strategy was a challenge. Even though IoT/CCTV is a mainstream mass-market product, the customers are not necessarily from the mass market!
Q. What are your plans for expansion and partnerships?
Speaking of expansion – we have our headquarters in Bangalore, but we have already expanded to Delhi. We were initially bootstrapped, but now we have raised capital funding from angel investors, and are in talks with investors to raise a further round. We have seen strong interest from VCs, both from India and abroad.
Quite recently, we partnered with Al-Futtaim Technologies from the Middle East. We also have active partnerships with many other companies. We have potential plans for expansion in Australia, the Middle East, and Switzerland. We then plan to move to the US as well.
Q. What are your general hiring trends?
A. We’re currently expanding our team. We are hiring top talent resources with expertise in security and IoT-related product development, UX professionals, and automation engineers. We also have an academic partnership with IIT Patna. Right now, we have seven to eight interns, and they are all freshers. We are open to working with freshers, because we feel that a lot of creativity comes from them. Some of them will be definitely converted to full-time employees.