TruKno Founder Manish Kapoor on Proactive Cybersecurity

TruKno is a cyber threat intelligence and detection startup that combines the power of AI and human experience to help organizations (banks, hospitals, schools, etc.) proactively reduce the risk of a cyberattack.

Before founding TruKno, I spent 10 years at Cisco Systems (one of the largest vendors of networking and cybersecurity products). When I was director of business development at Cisco, my team’s responsibility was to understand the latest cyber threats in real time and help our global service provider customers develop new managed/hosted cybersecurity services for the enterprises.

Even though I had all the tools (threat feeds, etc.) and experts (cyber professional with CCIE, i.e., PhD. in cybersecurity) around me, I realized that it was extremely hard to keep up with the latest cyber threats about how hackers are constantly innovating new ways to attack enterprise networks and bypass all existing cybersecurity controls.

This is when I realized we need a better way (easier, automated, and more real time) to get this vital cyber threat information to the masses in IT security. It is a huge untapped market opportunity.

One of the biggest differentiators for our team is the diversity of our technical skill sets and our personal backgrounds.

Our team has expertise in cybersecurity, enterprise sales, full stack development, front end design and development, AI, and advanced cyber threat analysis and detection.

The team is spread across four continents and six countries. Among us, we speak 11 languages.

TruKno is on a mission to get critical cyber threat information to the right people at the right time in the most efficient way possible to proactively reduce the risk of a cyberattack.

Cyber adversaries (hackers) are constantly innovating new ways to attack enterprises by bypassing all the existing cybersecurity controls. TruKno’s platform focuses on predicting adversary attack behavior in the industry standard MITRE ATT&CK framework based on all the cyberattacks that have been reported across the globe in real time.

TruKno’s platform has three innovations to enable enterprises to anticipate adversary attack behavior in real time.

A. Adversary “attack sequence” evolution

The TruKno platform tracks and correlates how an adversary is altering its “attack sequence,” i.e., combination of different techniques used in a sequence as part of the latest cyberattack. This goes above and beyond the single dimension view (simple list of adversary techniques) offered by other competitive platforms.

B. New “procedures” in real time

Our platform traces how an adversary is using old techniques in completely new ways — i.e. “procedures” in the MITRE framework to bypass security controls.

C. Emerging techniques (never-before-seen cyberattack techniques)

TruKno dashboards capture “net new” — i.e. never-before-seen — cyberattack techniques used by adversaries in real time.

Since these techniques are not even in the MITRE framework yet, most security tools are not even aware of these techniques and therefore cannot detect them.

This highly valuable information is used by our enterprise customers to proactively improve their security controls to monitor for these emerging adversary attack behaviors via new detection rules.

Most enterprise threat intelligence platforms focus only on indicators of compromise (IOCs) like malicious IP, domain, and file hashes. Hackers easily change these IOCs in real time.

TruKno’s platform focuses on indicators of attack (IOA) instead — i.e., adversary attack behavior in MITRE ATT&CK framework. In layman’s terms, these are steps taken by a hacker to enter a network, move from one device to another and then steal valuable data. 

Further, a few competitive platforms that focus on IOA are mainly tracking a single dimension view of an attack — i.e., a simple list of techniques adversaries use. They do not track cyberattack sequences, procedures, or emerging techniques as described in the previous question.

Our typical customer tends to be a medium to large organization in various verticals (including finance, healthcare, government, software and IT, insurance, etc.). Any organization that is mature enough in its cybersecurity practice to have threat intelligence analysts and detection engineers are able to leverage our solution.

The use of funds for our Wefunder capital raise is to support two key goals. First, to build a small sales engineering team to grow revenue faster. We are actually getting more demo requests from enterprises than we can handle appropriately, as supporting trials and integrations with large enterprises takes a lot of technical engineering resources. Second, we want to accelerate the development of several advanced use cases that our enterprise customers are requesting.

The early traction we have gained at several very large enterprise customers (even with our limited resources) is a testament that we are doing something really unique in the cybersecurity industry that has exponential growth potential.

We are bold in our vision but highly focused on our execution strategy. Furthermore, we are very frugal in our finances. We plan to spend all our energy and every dollar judiciously to grow our revenue faster.

Our long-term goal is to become a $100 million annual recurring revenue (ARR) business over the next 10 years with a valuation of $1 billion and above. In order to reach that number, we have plans to drive significant automation in helping enterprises detect these advanced cyber threats.

We believe that our platform adds significant value to many complementary cybersecurity products like SIEM, EDR, TIP, SOAR, etc. Vendors of all these platforms will find long-term synergy and value in acquiring TruKno.

As a startup founder, I have three pieces of advice for my peers who are just starting this journey.

“BIGG” People

Proactively make sure to look for and work with only “BIGG” people — i.e., Brilliantly Intelligent and Genuinely Good people (especially in the early stages).

That includes your own team and your early customers and partners. Further, once you find these BIGG people, make sure to take care of them in every way possible as they are SO hard to find.

Hyper Focus

As startup founders, one of our biggest jobs is to talk to as many diverse sets of folks on the customer side (users, buyers, and decision makers) and on the investor side (angels, VCs, etc.) as possible in our target market and adjacent markets.

That naturally leads to everyone telling their perspective of what they want to see in your solution, business model, etc. This can lead to a lot of whiplash, or contradictory requests and advice. Frankly, this is an endemic problem for most founders.

Hence, the personal mantra I have come up with to deal with this challenge is “Listen to everybody and listen to nobody” — i.e., talk to as many folks as you can but make your own judgment based on triangulation of information.

Mindset

As early stage startup founders, one of the biggest challenges we face is around the need to deal with SO many uncertainties (and potential setbacks) on so many fronts (people, product, finances, competition, etc.) while keeping the right mindset (positive and forward-looking).

Personally, I truly depend on all the people around me (my family, team, customers, partners, etc.) to help me maintain a positive mindset when times are too uncertain.