VeriClouds, Inc., is a Seattle-based cybersecurity and data SaaS (software-as-a-service) startup. The company has built a proprietary platform and software using “dark web” threat intelligence and artificial intelligence to address a huge opportunity in the global fraud detection and prevention market.
We sat down with Stan Bounev, the CEO of VeriClouds, and asked him some key questions about the company and how his cybersecurity startup helps detect fraud and protects businesses.
AllBusiness.com: What is the mission of VeriClouds?
Stan Bounev: The company’s mission is to protect major corporations around the world from identity fraud.
AB: What is the key problem that VeriClouds is trying to solve?
Bounev: Stolen passwords are the major method for account takeover and fraud. In 2020 alone, 6.3 billion passwords were stolen; over 80% of all confirmed data breaches involve weak or stolen credentials. The banking, government, healthcare, and retail sectors are most susceptible to fraud. The average cost of a data breach to a company in the United States is $8.6 million and can be multiple times higher.
Stolen passwords can lead to “account takeover.” Account takeover is a type of cyberattack in which stolen account credentials, typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a data breach), are used to gain unauthorized access to user accounts through large-scale automated login requests.
There are over 130 million account takeover attempts in online retail stores alone each year, and 70% to 80% of e-commerce site login attempts are account takeover attempts. The identity and account takeover fraud problem is real and pervasive.
AB: What is the technology solution VeriClouds provides and how does it stand out?
Bounev: Solving identity fraud is a complex endeavor. Companies need to stitch multiple solutions to try to solve the problem. The solution needs to be holistic and touch the whole organization. There are three pillars to the solution of this problem:
- All of the company’s relevant data (internal and external) must be analyzed. The internal data includes usage of data from network monitoring, logs, and login data. The external data includes data from the dark web and public sources.
- Integration with identity systems is important. We see more benefits in integrating with the identity systems using widely adopted standards, not with security tools. Identity systems will allow automation, which can’t be achieved by integrating with threat intelligence or other security systems.
- Automation of detection and remediation is key. This problem can only be solved at scale. Scale can be achieved by applying automation at the identity level as large amounts of data need to be used to assess the intent of each user, single out malicious login requests, and allow legitimate users to log in without hurdles. Reacting to identity fraud without automation becomes a human-intensive exercise for which human capital becomes the limiting factor.
AB: How big is the company’s market opportunity?
Bounev: There are many components of identity and account takeover fraud. Among them are data leaks from data breaches, insider threats, phishing, leaks on the dark web, and poor password security. All of those are used for account takeover to steal intellectual property, gain unauthorized access, or commit payment fraud. Experts estimate that the fraud detection and prevention market will grow to $107 billion within five years.
More articles from AllBusiness.com:
AB: Who are the customers of your cybersecurity startup?
Bounev: As you might imagine, the company must keep its clients confidential pursuant to non-disclosure agreements. But our customers include one of the five largest companies in the world and multiple publicly traded companies.
VeriClouds can deploy quickly and demonstrate value immediately. Furthermore, in the retail sector, we can help organizations generate revenue as our service works behind-the-scenes and does not need to put our clients’ customers through extra hoops, which leads to churn and abandoned shopping carts.
AB: What are the company’s key technology components?
Bounev: VeriClouds is a cloud-first company. The company’s SaaS service is hosted on Amazon’s AWS cloud. It is protected by multiple granted and pending patents. For our most security and privacy-conscious clients, we offer a private instance of our SaaS service protected by Intel SGX or SafeNet HSM. It is extremely secure as the only hybrid technology (cloud and private instance) that does not require data to be sent outside of the client.
Our analysis engine uses artificial intelligence services on AWS and Google Cloud Platform (GCP). The company’s dark web search engine is state of the art, and its database of over 20 billion-plus stolen credentials provides a robust ID platform for the detection of identity fraud.
The company’s technology works with data centers, clouds, and web apps.
AB: What is the company’s business model?
Bounev: The company has a classic enterprise SaaS model, with an annual renewable subscription. Since the data is constantly growing, including stolen credentials that are added almost every day to the database, customers continue to benefit, and so the churn rate is very low.
AB: Who is the management team?
Bounev: The team comes out of Microsoft, Google, and Amazon. The team has extensive experience in information technology, cybersecurity, software development, product management, and business development. The team is supplemented by investors, a Board, and advisors who have world-class experience in software, cybersecurity, and startups.
This article was originally published on AllBusiness.com. The conversation has been edited and condensed for clarity.