Rolling Back the Clock on Cyber Attacks with Ranjita Pai Kasturi
Updated: Mar 3, 2020
Over 55% of the world’s websites run on content operations systems such as WordPress. With millions of websites in one system, these operating systems are highly susceptible to hackers. Traditional security systems run antivirus scans and if they identify a compromise, they restore the website to a previous backup; however,this system is flawed in that it allows a backdoor entry and leaves websites open to reinfection. TARDIS is a new solution that studies web behavior patterns to identify compromises, and the specific window where these compromises occurred to heighten website security.
In this interview, we sit down with the creator of TARDIS, Ranjita Pia Kasturi, a PhD. candidate at the Georgia Institute of Technology. She shares why her research matters to her personally, and how the I-Corps Sites program at Georgia Tech has given her more opportunities to conduct customer insights to commercialize her technology.
What is the problem you’re solving for?
Today we have a lot of people owning and building websites for themselves and often these people don’t have a strong technical background. Over 55% of the websites of the world run on content management systems: think WordPress, Drupple, and sites like that. These sites are strong targets for hackers who can attack one platform and get a lot of users.
Third party companies are aware of this and have backups each night. Antivirus (AV) scanners conduct regular security scans. When they detect a breach, the system sends an email to owners notifying them that they should restore the site to a previous version. One challenge is that many users don’t respond because of alert fatigue, or they don’t have the technical abilities to restore a backup. On the other hand, if the owner does restore a previous backup and that version also has a virus, the AV might not catch the backdoor entry. In that case, the solution won’t work because the vulnerability is still present.
That is a complicated challenge affecting millions of websites. What is your solution?
Our solution is TARDIS, named after the time machine from Dr. Who. We differentiate ourselves from the market because we don’t rely on AVs. Instead, we study how the backups behave over time by capturing snapshots of backup behavioral metrics and analyzing them throughout time. We can then identify suspicious activities and outliers that occur to allow us to identify the compromise window.
We studied over 300,000 websites in 1,900 days and discovered 20,000+ attacks. AV found some of these attacks; however, TARDIS found more.
Who are you working with?
Our team is still small: it’s me and Professor Brandon Saltaformaggio, who helps develop the technology.
What makes you want to be an entrepreneur?
TARDIS helps everyone, regardless of their level of technology expertise, and that’s the biggest motivation for me. Everybody is on the internet today, and one of the benefits of systems such as WordPress is that they’re accessible to people who need a website, but don’t necessarily have the need for a custom-made website or lack the resources to pay someone to develop a website for them. They should be able to use these website development tools without fear of being hacked. Also, I am passionate about improving internet security for people living in my home country of India.
Let me take you back in time with a short story. In 2009 with the rise of smartphones, my parents were very careful about my smartphone activity and closely monitored my apps and who I talked to. Now, in 2019, I am the one reminding my parents to be careful what information they put out there. Whether it’s online banking or online grocery shopping, I see people sharing information on these websites and I don’t want them to be taken advantage of.
We’ve seen multiple security breaches impact our family: My brother was affected by a security breach with a phishing scam. My father-in-law has experienced several false charges on his credit card and each time he needs to get a new credit card. It keeps happening. People at home don’t know you need to set new passwords or realize the vulnerabilities. I want to make not just my family, but everyone using the internet, have a safer experience.
How did you get involved with the I-Corps South Sites Program and what was your experience?
I met with VentureLab’s Jeff Garbers and shared my research with him. He said, “This is research that holds commercial potential; do you want to do customer insights?”
I decided to go ahead with it and we created a plan. Jeff and his colleague Melissa Heffner were extremely nice as they guided us through the entire process. We shortlisted a few trade shows to attend for customer insights research. I went to three trade shows: Wordcamp Birmingham, Wordcamp New York, and Drupal Camp in Atlanta.
Which customer segments did you target and what did you learn through interviews with them?
I met with backup service and hosting providers, since they sponsored the events. The majority of people were Wordpress developers and freelancers who use other people’s website platforms. I also talked to marketers, to get insight on the other side of the website.
Of these customer segments, I learned the majority of bloggers do not care about security since they aren’t posting critical information. On the other hand, freelance developers who operate 100-500 customers websites do care about having a good backup and security solution.
Still, I don’t think I know enough yet. I have not really explored the entire audience and have not had the chance to speak with the decision makers, only the users.
The main question I have is, What about the person making the decision to purchase a security solution? I haven’t been able to talk to them, and my guess is they would be the ones interested in TARDIS.
You also had a great response at a cyber poster session recently. What was your experience like?
It was very exciting! There were a lot of people from the industry, they all asked a lot of questions, and the response was really good. I won the CreateX prize of $4,000 and a golden ticket to CreateX demo day launch. I was also voted most popular in People’s Choice Award.
What is your goal moving forward with TARDIS?
To deploy the TARDIS technology on a large scale. Backups are already there and the existing solution is clearly not working. TARDIS is a forensic tool, and deploying it at scale would help us enhance capabilities and improve detection to keep websites secure.
How do you plan on scaling?
I might apply for I-Corps [Innovation Corps] National Cohort in January of next year. I-Corps is an intense seven-week bootcamp and more rigorous customer discovery. The team would consist of me, my advisor, and an industry advisor, and we would conduct 100-200 interviews during the program.
Participation in the I-Corps program would give us freedom to explore a bigger audience and travel to meet people. We want to understand the problems they’re facing and identify users that hold critical information on their sites, like anyone doing anyone e-commerce. I want to focus on the research I did not get a chance to do during the I-Corps Sites Program.
Do you have any other projects you’re working on?
This year I really want to understand the attack landscape. Who are these attacks targeting? I would like to do more research on how, why, and when attacks occur and develop other technical solutions to prevent and combat attacks.
Thank you for your time, do you have any last thoughts?
I feel really fortunate to be a part of the Georgia Tech community and have access to these opportunities. There are so many students at other schools that never hear about how to commercialize their research. Georgia Tech and VentureLab have been very helpful in making us think with a broader perspective of the possibilities of my technology—I feel very fortunate to be a part of the community here.