George Egri Behind-the-Scenes: Meet BitNinja’s CEO & Founder
Last week, we announced our partnership with the amazing ninjas from BitNinja. BitNinja is an easy-to-use server security tool, which is ideal especially for web hosting companies, digital agencies and data centers. The whole BitNinja story started with a web hosting company, after facing a lot of sleepless nights and angry, hacked customers. They created their own solution and the software worked so well that they decided to make the Internet a safer place and help more people with the finest technologies in one simply manageable package. We had the pleasure to speak with George Egri, CEO & Founder at BitNinja and ask him a few questions about the company, work processes, and his team.
FastComet: Hey there, could you tell us more about yourself and your position at BitNinja?
George Egri: I’m George, CEO and founder of BitNinja.
FastComet: What challenges did you face in getting to where you are now professionally?
George Egri: I have started a web hosting company in Hungary 14 years ago. We have grown to be the 2nd largest shared hosting provider in Hungary. We always had lots of problems with security. Shared hosting has a built-in security risk as every new user introduces an additional one. In a shared hosting environment (and VPS / dedicated servers too) your users are not security professionals. In most of the cases, they just need a working site. Upgrading a CMS after a couple years is almost impossible as new versions, new plugins new software will break the functionality. We had more and more churn because of infected websites. One day I decided to find a solution. Tried many different security tools but none of them solved the whole problem. All free and paid tools just provided a solution for a small part of the whole story. Then we decided to address the problem from within our company and started to implement a distributed log analyzer. This was the ancestor of BitNinja. Then soon we realized the whole industry is hungry for a good solution so started BitNinja as a spinoff company.
FastComet: How would you describe BitNinja in under 50 words?
George Egri: BitNinja is an is an all in one server security tool mixing the most powerful defense techniques. It is super-easy to install, requires virtually no maintenance and provides immediate protection against a wide range of cyber attacks. BitNinja has 8 modules for the different aspects of attacks which help you stop the bad guys in each phase of the attack cycle.
FastComet: What was the main reason behind the creation of BitNinja?
George Egri: Question #2 answered this I think.
FastComet: Has your initial vision changed since launch?
George Egri: The vision is the same since we started BitNinja. We want to make the Internet safer. This is the mission we see every day as our long term goal. Something you can be proud of when you tell your grandchildren the story of your life. Although, the tactics are changing pretty fast as we discover the different approaches of server security technology.
FastComet: How did you come up with the name?
George Egri: Originally we called our in-house security project Heimdall. Heimdall is a German god, the god of security. We launched the beta of BitNinja with the domain Heimdall.IO We applied for Web Summit 2015 with the same name. 3 weeks before the event we have received a formal letter from a lawyer representing a company called Heimdal Security. They demanded us to stop using the Heimdall.IO domain. We had like 3 weeks and decided to change our name. We never really liked the name, as there was not too much fun about it. So we set up a quick brainstorming meeting, and after about 1.5 hours BitNinja was born by Viktoria. We sold the heimdall.io domain to the other company and never regret the namechange. It allows us to use cool marketing like ninja star (shuriken) business cards and wear ninja suits on exhibitions.
FastComet: Could you share some details regarding the technologies implemented in BitNinja?
George Egri: What we have learned about security is one technology is not enough. You need several systems in place for the different attack vectors and you need those systems to be integrated to cooperate with each other. These were the fundamentals of building BitNinja. Our modules can be categorized into two main buckets. The first set of modules is proactive defense modules. (IP reputation, Port honeypot, WEB honeypot, DoS detection and the WAF, log analysis ) They help your server to trap and mislead the automated or targeted attackers. The second group of modules (malware detection, outbound traffic analyzer and the coming soon PHP sandboxing) modules are reactive modules. So they help you to stop the hackers when they already in or successfully avoided all the proactive modules. First, we focused on proactive modules only. Now as our proactive modules are mature enough and can stop most of the automated attacks we focus on stopping the targeted attacks.
FastComet: In addition to whitelisting and blacklisting, a year ago you have released your own unique development feature, the greylist. What exactly is that?
George Egri: Blacklisting has a set of drawbacks. If you blacklist an IP you:
- Lose the opportunity to learn from the further traffic
- If you blacklist an IP for too short of a time, then attackers can learn this and come back with new attacks after the backoff period. If you do blacklisting for let’s say 5 minutes, the attacking botnet can still hit your sites 288 times a day.
- If you blacklist an IP and it was a false positive, your visitors will be frustrated and leave causing you and your brand a significant damage, and expensive support time
Greylisting is a cool new way of managing the uncertainty of IP reputation. When you have an IP and greylist it with BitNinja, we treat it as a possible harmful address but don’t blacklist it. When a user tries to access your server from a greylisted IP, BitNinja present a CAPTCHA page, and if the challenge was successfully resolved, the IP gets delisted. This same mechanism works with SMTP as well and we plan to implement the CAPTCHA mechanism for IMAP and FTP too in the near future. At the same time, we present some link decoy for malicious robots on the CAPTCHA page. If they follow the hidden links or prove themselves to be an unethical robot, we keep them on greylist and even blacklist in case of too many harmful attempts.
FastComet: Why BitNinja is better than other solutions on the market? Who do you see as your main business competitors?
George Egri: CloudFlare, Incapsula, and Sucuri are cloud-based firewalls. They are competitors of our WAF. There are some anti-malware solutions for Linux, they are competitors for our malware detection. And there are a couple open source log analysis and traffic analyzer scripts on the net. We have many competitors as point solutions but none of them can compete with the power of the cooperation of our protection ecosystem. For example, our malware detection module has an option to create a web honeypot – a special decoy page for botnets and c&c servers if an unwanted backdoor was uploaded. This is just one example of the many internal integrations of the defense modules but it makes BitNinja very powerful.
FastComet: How do you define your target audience and understand your target market? Who uses BitNinja?
George Egri: We currently focus on hosting providers and VPS/Dedicated server owners. The shared hosting market is quite mature but a product like BitNinja was missing on it up until now. VPS/Dedicated server owners doesn’t have any security stuff in most cases so it is vital for anyone managing their own server to opt in for a server security solution and BitNinja can work for them 24/7
FastComet: What is the biggest hurdle you have faced or are still facing?
George Egri: When we started BitNinja our API servers and the admin interface was a monolythica PHP application. As we started to grow, soon we faced the many limitations of the monolithical systems. Last year we transitioned into a docker based microservice oriented architecture, so now every part of the system is highly available and scalable. This transition was pretty hard but totally worth it. Now we can grow again without any limitation of the infrastructure and we can focus on the agent and the protection 100% percent.
FastComet: Has BitNinja got the feedback and growth you expected since launch?
George Egri: During the free beta period in 2015 we had a lot of positive feedback. I think nothing else proves it better than a very good 87% conversion rate from the free beta to the paid pro version. We still keep very good and close relationship with our users and our main focus is still on one thing: to better secure their servers and users.
FastComet: To what do you own the growth of the company and customers served?
George Egri: We are a passionate team and put great emphasis on the requirements of our customers. There were many cases when we developed their ideas in a couple of weeks or month. Our roadmap always includes new developments which were asked by our customers resulting in their increased customer satisfaction rate. Our support team is very friendly and direct with them too.
Secondly, we constantly monitor the movement of the whole market and we are trying to find the newest innovations for their needs.
FastComet: What does the future look like for the BitNinja world? What is on your radar for 2017?
George Egri: On the short term roadmap we will release a new main screen of the centralized incident management interface. It will be released this week and will improve the overall experience and you’ll get a better overview of which modules are active on your servers.
We just started a 2.0 version of our Web Application Firewall. It will be very awesome and will feature most of the functionality other WAF providers has to offer, but we also focus on a very low false positive rate. Using the greylisting and the CAPTCHA modules we can predict and calculate false positive rates of the different rules, so we can keep it extremely low.
Later this year we will release the beta of the PHP sandboxing feature. This is basically a patched PHP version you can choose to install as an alternative PHP version. The websites using this alternative PHP engine will gain an extra protection layer as this way BitNinja will be able to analyze the PHP processes from the inside.
FastComet: Do you have any new features in the pipeline?
George Egri: We will have the PHP sandboxing later this year, as explained in the previous answer and the second, upgraded version of our WAF.
FastComet: Based on your experience what are the most common attacks against websites? Biggest hacks of 2017 so far?
George Egri: Automated attacks still keep growing. A couple weeks ago we have found a WordPress brute-force botnet with more than 200 000 IP addresses involved. The botnet uses infected PC s and servers to do distributed scanning and username/password brute-force attacks against WP sites. Fortunately, we’ve been able to filter out the attack in time. During the peak of the botnet, we had almost 400 000 incidents per hour registered from the BitNinja servers. The old tricks like SQL injections, RFI, LFI and other attacks are still quite popular. InJanuaryy there was a big activity registered by the port honeypot modules most of them were part of the Mirai botnet.
FastComet: How many staff do you have now? How do you find talented employees?
George Egri: We are an enthusiastic team of 14 people. Fortunately, in our hometown, we have a great university, and we have both faculty of IT and faculty of economics, so we have fresh talented people every year.
FastComet: Can you share your view about the future of security industry in the coming years?
George Egri: The cyber black market is more and more developed every day. This means hackers have a market to sell all the hacked accounts, logs, usernames, e-mail addresses, anything. This means a good motivation for them and so they will keep hacking. In the upcoming years, more and more Internet-enabled devices are connected to the Internet. It means a growing problem every day. Lately, ransomware has increased its popularity, and I believe soon it will reach the server industry too. We are already seeing some cryptolocker clones on Linux servers. The expansion of IoT devices and Ipv6 will raise new challenges of security in the next couple of years.
BitNinja with the awesome services of FastComet is the right choice 😉
FastComet: Can you convince the reader to start using the FastComet hosting backed by the all-in-one security suite by BitNinja, instead of a general or self-managed hosting solution?
George Egri: With BitNinja you get all the advantages and protection for your websites that other providers like CloudFlare, Incapsula, and Sucuri ask hundreds of dollars per month. And with BitNinja you get even more! Being an on-the-server solution you gain not only HTTP protection but also other protocols like your mail services, FTP, ssh and other levels, like your files, gain the protection. BitNinja with the awesome services of FastComet is the right choice 😉
FastComet: Thank you very much for this interview!
The latest tips and news from the industry straight to your inbox!
Join 30,000+ subscribers for exclusive access to our monthly newsletter with insider cloud, hosting and WordPress tips!