Gregor Vand (8:56)

That's a great little history there and I think definitely leads really clearly into why squarex is what it is today. So I think that's been really helpful, I imagine for the listeners, sort of in terms of squarex is very much all to do with the browser, but I'd obviously love to hear it from you. So if you were to describe what is squarex today, I'd love to hear that. And then obviously we'll dive into a bit of detail in various aspects. So what is squarex?

Jeswin Maathai (9:23)

So at this point in time we are having a consumer version as well as enterprise version, but I'll talk about the vision first, how it all started. Right. So if you think about from a user's perspective, we have antivirus solution to, you know, block any malware malicious files that would be coming in. But now let's say you get an email that Google marks as dangerous now, but it is an important mail that is coming in. So at that point in time, you'll go ahead, ignore the warning Google prompted you, you'll download the file. Now, let's say your Windows defender goes ahead, blocks you from opening the file. Now, it is important, so you'll go ahead, disable your Windows defender, and then you'll end up opening the file because again, false positive can happen. So the way the industry worked was again, blocking the user from doing things. And no one likes to be, you know, blocked or in a way deterred from what they wanted to do. That's where our philosophy was, let's not block the user, but rather provide them an alternate way to, you know, access the web, access the files in a secure environment. So one of the examples I can give is anytime I get a resume, right? And we are a security company, so I have to be careful about opening those resume. And let's say someone sends a assignment with videos and files in it, I have to literally spin up a VM to make sure again, if I open the file, even if it has some malware, it doesn't end up compromising my device. So all of these are like a lot of concerns about the files that you are getting from the Internet. And that's how a lot of hacks happen. People accidentally go ahead, disable the security solution. One time, they forget about it. And now you're open to the sea of malwares that are out there. And it takes just one opportunity for the attacker to get in. Once that is there, then at that point in time, you might end up losing your credentials. You might incur, like, financial loss. And to be honest, the world is quite ruthless, right? People don't care about what would be happening to you. So let's say you're in a very financially bad situation. Could be like medical situation, whatnot. They don't care. They'll just take out the money. So that's where our logic was, that don't block the user from doing things, but rather provide them an alternate way. And a lot of people don't care about security that much. So in a way also to educate the users that at times you have to take a secure measure. So all of this led to like, couple of Features called disposable browser, disposable file gear. Disposable browser is like a remote container that runs on which again, a lightweight desktop environment is running. And on top of it a browser will open up. So it's a very seamless interface. Imagine that you surf something, right, and now you'll notice a lot of Google sponsored link coming on the search result. To be honest, I never click those because what attackers do is they'll pay Google to make sure their website come up on top. So instead of going to the legit website, you'll be going to like a malicious website. So what I do usually is all of those website, I'll simply right click and then open it in like disposable browser. And that launches a remote container on Square Access Data Center. And now the browser is running there, so you can access the website as you would on your regular browser. So in a way, the container is running, the browser is running and the view is getting streamed to you. And the container is ephemeral in nature. So you can destroy at any point in time, no data retained or so.

Gregor Vand (12:36)

Nice. So, yeah, I mean, there's a lot to sort of unpack here. You know, you've sort of described the experience and I think probably quite a few listeners are asking quite a few questions in their head right now. Sort of. Hang on, how does this really work? You know, squarex describes itself as browser detection and response, which I really like. I really like that sort of idea. It's clearly a play on endpoint detection and response. Let's come back to that in a second. Just in terms of just in point is probably referring to just your OS in general. And then there's a reason now it's browser detection response. But everything you just described there. Okay, so I'm using my browser, but I believe there's quite a sort of important Chrome extension piece here because I think from what you described, okay, I might be opening something malicious and the disposable browser aspect sort of kicks into play. The missing link I think at the moment is perhaps the Chrome extension. I could be wrong, but maybe you want to talk about how does the browser know to sort of start spinning up a disposable browser, for example.

Jeswin Maathai (13:39)

That's a great question. So again, I'll explain the decision of why we went with the Chrome extension approach. So originally, again, squarex is a new company, right? People won't trust it that much. And to have our own, let's say, browser or installer, it's a very high bar for the users to install it. But if you think about a Chrome extension, people don't, you know, take a look that often they are very open to installing extension. Ever since the AI boom with the, you know, ChatGPT and everything, people want to enhance their productivity. And again, the usage of extension had square rocketed. So we took a look at the stats and then we decided that extension is the easiest way to get onboarded on the user's device. And now we had like couple of features. For example, anytime we let's say you're surfing based on the links that you're seeing, we ourselves will identify that it looks a bit dangerous for you to directly open it in the browser. So we'll open it automatically in the disposable browser. That was like something that the extension is automatically doing. Additionally, what you can do is you can simply right click any of the link and in the right click menu there will be option open with square X and disposable browser. So you click on it and then that link automatically opens. So it was a seamless integration from the regular browser to the disposable browser provided directly. And our idea was that slowly we have to go ahead, package a lot of security features onto the end device. Because most of the security solution, the way they work is they don't do any analysis on the end device. They'll be sending it to the cloud where again your content will get analyzed and then it will flag. Now this is a big privacy concern because the data is moving out from the user's browser to the cloud. So with extension and the browser itself have become much more powerful, right? We are seeing the end device at one point in time, we are seeing like 4 gigs device, but now you're talking about 8, 16 or even 32. So the device itself has become powerful and the browser capability has increased quite a lot. So for example, webassembly has like skyrocketed, you know, in terms of the usage that is happening. So big players, Adobe, figma, canva, all of these guys are using wasm. So what we did was we took the similar approach that we can use webassembly to go ahead, perform some of the operation that the endpoint detection or the antivirus would be performing. So before the file touches the disk and to provide some more context, right? So all of the antivirus, they go ahead, act when the file touches the disk because that's where again they can access the full file and take a look at what's happening. So even before that happens, squarex can perform the checks on the browser in memory. That was in a way our superpower to tell that you already have an antivirus. It will catch something if Square X misses something. So these sort of enhancement we were keeping on doing with the platform and also to test out, you know, what's the performance impact on the end device because it's a free extension, Square X in case if anyone wants to try it out and the users don't have an incentive to, you know, use the product unless they really like it. And it was a good test for us to figure out how well can it scale, how well can it run and also to ensure that whether it is causing any difficulty with the user. So if they feel that something is slowing down, they'll immediately uninstall. Similarly, again, if it is getting too annoying, they'll immediately uninstall. But that was a big exercise that we run so that we gather all of the user experience with people who are not associated with us in any way. And it's like the raw, you know, just the likeliness of the product. Is it going to scale? So a couple of these questions are answered with that exercise. And even today, again, squarex, the extension is completely free for anyone to use at least a consumer version.

Gregor Vand (17:21)

So yeah, I mean, I think in terms of. Okay, so I think now is a good time, you know, browser detection, response and then versus probably a term that at least a good number of our listeners have heard before, which is endpoint detection and response. And I think it's no sort of secret that the browser is becoming almost the sort of almost OS for most people day to day. So many things are moving into the browser that might have been able to or would have run as a native application. And it's interesting that you mentioned WebAssembly because that's clearly this direction where we're able to package things. Again, applications that would have needed a lot of resources to run in the browser or on the os and now we're finding ways to run them pretty interestingly and efficiently in the Browser because of WebAssembly. So if I'm using my browser, you mentioned sort of. Well, I guess I'm still just trying to understand it. Diskwarex, if I've installed the extension, does it sort of, I hate to use this phrase, but does it sort of pop up and sort of say, oh, we think you're trying to download something malicious, so and so and so, or is it something different? Because I mean, again, to your point about productivity and not getting in the way of Users. I think many users, including myself, would probably say look, if I'm just trying to do something and then this thing pops up and says are you sure? That's already a friction point. So I'm curious how you guys have thought about that.

Jeswin Maathai (18:48)

So the idea is again, we have to make everything configurable as a setting for the user. So by default a lot of things will be turned off and then they can selectively enable some of the features so that again, it's not intrusive. We want to run as silently as possible without even user realizing that square X is running. And that's where again, everything was like an opt in that they can enable from the settings and that way again they don't get blocked or you know, annoyed in any way.

Gregor Vand (19:16)

Yeah, gotcha.

Jeswin Maathai (19:18)

The global developer talent shortage is expected to grow to 4 million in 2025, further contributing to developer burnout. With the security and talent shortage growing rapidly, businesses need effective tools to help developers efficiently and securely. That's where Bitwarden comes in. Bit Warden delivers trusted open source security solutions that empower your developers and security teams to securely manage and share sensitive information online. Protect your infrastructure secrets, API keys, user passwords, mailing addresses, credit cards, passkeys and more. With easy to use and enterprise ready Bitwarden solutions. Start your free trial today@bitwarden.com so yeah.

Gregor Vand (19:59)

I mean you talked a bit about performance there and that's obviously a very interesting piece. So as much as you can kind of reveal how does this work behind the scenes, how again user experience and performance these days is almost intrinsically linked. So if something's going to take too long to tell me something and obviously we'll probably get to AI in a bit. But AI is a great example of this where unless I'm getting a response within three to five seconds then I'm already kind of, you've lost me. So yeah, how do you look at performance and sort of, how has that been sort of looked at behind the scenes?

Jeswin Maathai (20:34)

Yeah, so in terms of performance, again the idea is we have to be in like sub millisecond and every action that we are performing some actions. For example let's say file download and if you're analyzing the file, depending upon the size of the file, the analysis can take some time. So that is one thing. Again, let's say you're downloading gigs of file, then definitely it can go up to like seconds and worst case it can go up to minute. But there is nothing we can do about that. But if you think about like users downloading files in general, most of the files will be very small in nature. Right. Not everyone will be downloading, you know, 100 gig file or even a 10 gig file every day. And file download in general are very less unless again, the profession itself requires a lot of file download, upload and so on. One thing which we did was again to make sure that we benchmark everything properly and a lot of optimization just keep on happening over time. So in regular use it used to take like 1 to 2% of what the browser would be taking. And the browser is like, you know, such a beautiful solution at this point in time. It automatically optimizes the resources it consumes as well as again the resources that the extension consumes. So let's say you have quite a lot of memory CPU available and it is free to use. There's no other application using the browser can go up to like maybe 70, 80% at times because again, there's some free resource available. But now something comes up, it will constrain that and it will also make sure that the extension automatically gets constrained as well as again, it might go ahead kill off the service worker, which is like the main thread that is running in case if it is exceeding some memory limits. So in a way we are piggybacking on what the browser itself provides. And again, hats off to the Chromium team as well as the Firefox and Safari team. They have done a brilliant job in terms of managing the resources, making, making sure that everything is optimized.

Gregor Vand (22:21)

Yeah, so I think I'd like to sort of go into more of the security side in a second. But yeah, I definitely have a big question, which is the decision around a Chrome extension as opposed to. We've seen some people, I wouldn't say just in security, but in some other realms say, look, Chromium is the de facto browser framework now. Okay, great. So why don't we piggyback on that and we still come up with our own browser. It doesn't deviate too far from Chromium, but it builds in these things. I'm really interested to hear why a Chrome extension was still the decision over saying, this is the Squarex browser.

Jeswin Maathai (23:04)

Yeah, so that's a great question. We looked into the other companies who had rolled out the browser and we realized again, it didn't pick up. And these are very large companies, some of them were public companies. So the adoption of a new browser is like a very, very high bar because in a way you're asking the user to transition all of their regular workflow from a browser to a new browser. And plus again the I'd say credibility at that point in time because we're a startup, right? So that credibility to build it up to a level where user are comfortable in terms of privacy security, that's going to take a while. So we evaluated all of these options and one biggest concern is that anytime you're using or like building your own browser, let's say there is a vulnerability that comes in, right? So all of those patch management is a very big thing to manage in like every place software patch management is like, it's a management sort of hell, I'd say. So that was one reason because anytime a vulnerability comes on Chromium, right? So the Chrome, the team will go ahead immediately roll out a patch. But now we are deriving something on top of Chromium. So if something comes up in Chromium as a vulnerability now if we have deviated too far, we have to make sure that the patch is conveniently applied here and also the design decision, right? So we can't deviate in such a way that it becomes like, you know, completely something different from Chromium so that all of those patches become like big pain to manage. So from a security standpoint, from a management standpoint, we decided that at this point in time, again just the enterprise browser, it has to be something revolutionary. It has to be something like, you know, it's not possible to do on Chromium at that point in time. We can go ahead decide. So we evaluated the whole extension story. We figured out for most of the security related feature, we have the power with the browser extension, which most people are unaware of. Browser extension are like super powerful. And it sort of checked all of the boxes that we had in mind so that it was purely, you know, management plus security related decision to go with Chrome extension. So let's say again some vulnerability comes in in Chromium, Chrome will automatically patch it. Now we are running as a browser extension. If some vulnerability comes in our software, all we have to do is, you know, push a new update to Chrome Store or the private link that we have and the browser automatically will pull it in after, you know, a few hours time, in case a day's time. So it is much secure version of the solution that we are offering. And the best part is again, user doesn't have to go through any change management. They don't have to, you know, change their regular workflow in any way. Everything works out of the box.

Gregor Vand (25:41)

Nice. When I first saw the product so it was at the Govware in Singapore. It's a bit of a strange name, but it is basically the biggest cybersecurity conference in Singapore other than there's a black hat offshoot that comes to Singapore as well. But yeah, if you sort of think of, I don't know, almost like DEFCON Singapore is sort of like that. But yeah, and I was really, really impressed by just sort of seeing what actually the ultimate capabilities of a Chrome extension or. I mean, just to dive into some small details for a second. I mean, when Square Decks was started, was that. I'm trying to sort of match up times now. Was that the V2 manifest versus V3, or did you guys get lucky and start on V3 or how did that work?

Jeswin Maathai (26:23)

We directly started with V3.

Gregor Vand (26:25)

Okay.

Jeswin Maathai (26:26)

Even though, again, we were not leveraging a lot of heavyweight feature from V2. So again, we could have done it for V2 as well, but we decided that V3 is the best way to go.

Gregor Vand (26:35)

Nice. Okay. So you avoided, I think, a lot of headaches there. Yeah. We've had some other security companies on the podcast and obviously they've been around. Well, they've been around a bit longer and yeah, unfortunately one of the reasons that their extension was sort of lacking to users was just actually that V3 had come along and they were having to take a lot of effort and time to upgrade to V3. So that's one of the powerful things of being a startup is if you can start at the right time, then you can miss these things out. So you mentioned, I think it's interesting, Chromium in terms of, well, if things get patched there, then they deal with it and obviously if there's anything to do with the extension, you would look at that. But it's just in general, from the security landscape, or rather the threat landscape, how do you assess and keep on top of what you considered a threat? I believe one example that you guys cover is malicious QR code. An example. Could you maybe give some other examples of the kinds of things you cover? And then also what's your sort of process for sort of looking out for and keeping on top of what can be considered a threat within the browser context? Because I guess also you've talked about phishing and phishing is this ephemeral thing, as you've just said, it doesn't seem to matter what happens. Phishing just continues because people are smart and plus AI. So, yeah, I'd love to hear all about that.

Jeswin Maathai (27:59)

That sounds great. Yeah. So just to provide some more Context of like what squarex is trying to solve. So we have couple of big players in the market. So we have like what's called edr endpoint detection and response for the consumer folks you'll familiarize with like antivirus solution. So EDR is like antivirus solution but for enterprises. So now these solution, you know they came up with at a time where everything was running on different application on the local machine. So we're talking about Ms. Office, Adobe, your video player, whatnot. So they're great at detecting malware that directly comes on the desk. But over time what happened was everything got transitioned to the browser and ever since the COVID hit, what ended up happening was a lot of work from home, lot of SaaS application like skyrocketed and the browser became the main interface through which everything is happening. No longer we are using, you know, most of the time we won't be using local application and enterprise. 95% of the time users spend on the browser and attackers are like the smartest folk on the planet, right? So even if we have the best security solution, they'll find a way to be beat them. And the way they're beating it right now is by remaining in the browser without triggering any file download they'll try to be on the browser could be like a phishing page or could be a QR code. Now imagine that you are on a corporate device with best security solution. Suddenly you see a QR code. Now the user will be incentivized to, let's say it could be something related to travel deals, it could be a financial tip, whatnot. They'll be incentivized to go ahead, scan the QR code. Now the moment they scan the QR code, you are on a smaller device more susceptible to phishing attacks and more importantly you're using a device that does not have any security solution that the enterprise would have provided. So a couple of these vectors were coming in where attackers are just living on the browser. Another example is I'm not sure if you're familiar with the pop up based scam. So basically what ends up happening is every website in today's time is asking for notification permission, right? So users are used to clicking allow, allow, allow. Now attackers are leveraging the same. So let's say you go to a website that asks for notification permission, you click on allow, nothing will happen to you at that point in time. But few hours later, what you'll see is suddenly pop up appearing from that website. And the way the browser works is that that website doesn't even have to be active when you're seeing those pop ups. So suddenly you see quite a lot of pop up that will show that your account has been compromised or malware detected on your device. So this actually we noticed on like couple of our non tech folks, some of their again family members went ahead and clicked on one of those website and what ended up happening was the pop up was spamming so much that it just filled the screen on the right side such that again you can't even click on the settings button to disable the notification permission for that website. So there's no way out. All you have to do is you'll be forced to click on the pop up. Now when you click on the pop up it will take you to let's say either a malicious website or it will take you to a affiliate marketing link. And the affiliate marketing link could be of genuine corporation, could be like Norton or an antivirus solution. Now the users are thinking that oh, their device has been compromised. Now when you click on it it takes you to Norton. So then you end up purchasing Norton and during this you are using affiliate link of the attacker. So they make money regardless of, you know, the approach they are taking. And this was one of the hardest attack to detect because the user is going to an official Norton website or antivirus company and there is nothing wrong about it. So all of these attacks are happening at this point in time that again it's like so smart of them to use this. And I think in 2022 alone close to 3.4 billion were lost to Norton and some other companies due to this affiliate marketing fraud. And the pop up based attack that is happening now what attackers are also doing is they know that the website will get scanned, right? So there are like a lot of point of presence around the globe which are held by security companies. And they're constantly scanning websites from different location, figuring out whether something is malicious or not. And attackers, the way they are evading that is by applying tactics such as they figure out the traffic is coming from data center, so they'll suddenly change the website's behavior and show a very simple page that doesn't have anything malicious. But now if the traffic is coming from a regular ISP from where the user will be accessing, they'll suddenly show the malicious website. So this is one tactic based on again the origin of the request, we show different behavior and this we are terming as like polymorphism or like polymorphic website. It is popularly used in malware, polymorphic malware they change their own behavior and this is exactly what is happening for the website in today's world. Another tactic is again they'll put a recaptcha on top of their website. Now let's say a security scanner is scanning, it can't go ahead bypass that recaptcha, only a human can. So but again this way again the security scanner are unable to pick it up. And lot of these website are out there in the wild for a long time. So even we tried, you know, reporting to Chrome and it takes them close to like even 16 to 24 hours to acknowledge and then fully take down the website and the process itself. It could be possible that some websites are up to like you know, couple of weeks to even months before they are finally classified as dangerous. So that's where again with square X the idea is that we sit on the browser, we see what the user is seeing. So we are acting on the last mile. So let's say you go to a phishing site, we can figure out that the sentiment is of login and the website looks like Microsoft, but it is not Microsoft. So and this could be like numerous number of indicators. First is again the visual based on the text that we have similarly again checks on the domains. So for example, if it's a domain it's like very newly registered, then it's a red flag. Now attackers are very creative, they'll go ahead, use a, they'll purchase a domain that is already there in the market for a long time to evade this sort of check. But in this case again we can perform checks such as again who is the owner of the domain and it looks like Microsoft, the website looks like Microsoft, but the owner is not the same as what Microsoft would be generally using. Similarly again from where the traffic is coming in a lot of parameters across like what is the server headers, whois related information, what are the way the SSL certificates are issued, who is the in a way signer of the certificate. All of these key metrics we are able to gather by sitting as an extension. And based on that we can deduce that oh this is like a bit risky, bit dangerous for a user to go to. So a lot of like in a way intelligence is embedded right there on the browser extension. And we are also having like some AI models that are packaged with like the ONNX model. It's a good thing that we can run on the browser. So all of those are packaged to go ahead analyze the content that the user sees. And all of this is happening in a Privacy safe way. More importantly, because we wanted to reduce the amount of data we'll be sending to the cloud. So most of this thing that I mentioned is part of our enterprise offering, how we are protecting the end users for businesses. And there again the challenge is we can't send a lot of data to the cloud because again, it's corporate data. So the more detection we do on the browser, the more data we reduce, the more again we are performant in terms of cost as well as again, in the whole user experience is much more seamless.

Gregor Vand (35:28)

Yeah, that makes a lot of sense.

Jeswin Maathai (35:30)

Developers, we've all been there. It's 3am and your phone blares, jolting you awake. Another alert. You scramble to troubleshoot, but the complexity of your microservices environment makes it nearly impossible to pinpoint the problem quickly. That's why Chronosphere is on a mission to help you take back control with Differential Diagnosis, a new distributed tracing feature that takes the guesswork out of troubleshooting. With just one click. DDX automatically analyzes all spans and dimensions related to a service, pinpointing the most likely cause of the issue. Don't let troubleshooting drag you into the early hours of the morning, just DDX it and resolve issues faster. Cycronosphere was named a leader in the 2024 Gartner Magic Quadrant for Observability Platforms at Chronosphere IO Sed.

Gregor Vand (36:20)

So you've talked quite a bit about, I guess, sort of learning and detecting from what is happening from actions. And also you talked just there about being able to use models, AI models that again run on the browser. There still must be some degree of threat intelligence that you have to be aware of and bring into the platform. I'm curious about that because if we look at other security domains like attack service management, I would say without naming names or companies, I would say that the leaders now are the ones who have internal threat intelligence teams who are able to bring that right into the product leading edge effectively. How are you guys looking at that? Because as you've just said, the attackers are the smartest people on the planet. And I would agree with that in the sense that they're very smart and there's no rules, so they can do almost whatever they want and try whatever they want. So how are you guys bringing that into squarex?

Jeswin Maathai (37:20)

So yeah, that's a great question. At this point in time, our idea is not to reinvent the wheel for some of the things. For example, we don't want to dwell into, you know, threat intel for Malware analysis, we don't want to do that, that we are building our own full blown malware analysis platform because the past two decades industries have established and a lot of big players are there. So we leverage threat intel for like some of the things that are already there. For example, we integrate with like crowdstrike reversing lab to get insights from them and then our analysis runs on let's say parallel to catch the points that they wouldn't be analyzing. So in a way again bit of our own intelligence is there for based on our experience, right. So we are a bit disappointed that again the big players, some of them are not doing that great of a job when it comes to like let's say office documents and we did a full research publication on the same that Google, Outlook, all of the big players, email vendors, none of them are doing as aggressive check as they should be. And we're able to demonstrate that a simple malicious office file can go through and VirusTotal will only give like certain hits where everyone should be flagging up at that point in time. So again, leveraging the intel where we can. Plus again our own intelligence is built out similarly for web application we are leveraging the Intels that are around provided by the big players. Because anytime let's say a malicious website has been classified by someone, if it is malicious then we immediately block on top of this what we are doing is we are building our own intelligence for the web. Because again the intelligence everyone has is a bit outdated. It is not capable of capturing the new attack that we are seeing out there. So that's where again the whole analogy of browser detection and response comes in. So we are the first browser detection and response solution and the idea is the same that will provide the threat intel for the web based attacks that are happening. Any attacks that other vendors are not capable of detecting, that is something the void we are going to fill and that's our positioning at this point in time. And slowly we'll go behind other vendors as well. But we realize that there's a big market for us to capitalize on the whole browser security space. And again once we do that at that point in time we'll definitely dwell into the limitations various vendors are having and maybe have our own analysis engine and all of those segments.

Gregor Vand (39:42)

Again, just to sort of paint a picture for I think listeners in this space. Am I right in saying if it's not what the solution that squarex is providing, it's actually more of a solution where you're almost kind of using a Sort of VM browser almost. I'm sort of trying to think of some other vendors. I'm not going to name the names exactly, but some other big players there where I say, oh, our browser is the safe browser and there's no latency and so on so forth. But you're kind of effectively using a VM virtual browser or something to that extent. How would you categorize the competition just from a technology standpoint?

Jeswin Maathai (40:23)

That's a great question. So in our case we are running as a browser extension on users browser. So in terms of performance everything is super good. There's no VM or container based access being provided for their regular workflow. Now what we have a feature is called isolation. So let's say enterprise is not comfortable with, you know, users accessing a website on their regular device. They can either block it. So if you block it, they can't access it or you allow it, they can access. But now with the isolation feature, what happens is that's where we have a container that is created on the cloud and we have a desktop environment that runs on the container and that view is streamed back to the end device. So this way again, any website you access in the container, it's completely isolated and the user wouldn't be in a way in the risk of, you know, security threats that are. So that is one. And our preference to be honest was to avoid isolation technology as much as possible because again, it is running remotely, right. And it is a remote browser and users are used to using their regular browser. They are way more familiar with it and they wouldn't be able to, you know, get that hundred percent of the feel on the remote browser. So our recommendation is to only use isolation for like some website, not make the isolation as the main browser which a lot of other vendors are doing. Because again, it gets super frustrating, super annoying when you're seeing, you know, the latency go up and suddenly you're trying to watch a video, it, it starts to lag and all of those things start to happen. So yeah, that's where again with square X, the detection, the analysis, everything happens locally to make sure again the user experience is the best in any website they're visiting.

Gregor Vand (42:08)

Nice. I think it's still helpful to call out to our listeners. This is still quite an evolving space. Right? You know, I think it's only been sort of fairly understood quite recently that actually the browser is basically where most of the problems happen. And whether it's email, as you've called out, phishing is where this happens. A lot. And that can obviously be where the email providers are saying, look, we'll try and take care of this. But equally, at the end of the day, it's still mostly happening in the browser to some degree. So it makes a lot of sense that we evolve the solutions around what is happening in the browser from a security standpoint. And unfortunately we can't just rely on, I don't know, Google building in things into Chrome. There's a big enough job there just to run Chromium itself. And unfortunately we're seeing things like Firefox unfortunately, kind of dying away a little bit because it is too hard to keep up with the, the requirements of today. And obviously on their side, that's purely open source and I'm sure there's some funding there. But it's difficult for Firefox to really keep up with the juggernaut that is Chromium and Chrome, et cetera. As we sort of come to a close here, where does squarex go from here? And what are the sort of anything that you can share in terms of, I know, over the next six to 12 months, what are the sort of things that we can maybe expect to start to see from squarex?

Jeswin Maathai (43:39)

I think that's a great question. So at this point in time, what we realized was that all of the vendor, right, so we have a couple of competitors, I wouldn't say the name, but all of them are not very security or attack focused and they lack sufficient background for, you know, to go ahead, build the detection to prevent the threats that are happening. If they had, then they would have definitely built it by now. So our approach is again to go ahead and build out a full suite of detection across all the attacks. We already have a lot of them built out, but again, to make sure that we just keep on compounding on the library of the detections that we have to make sure again, anytime a user visits a website, even before they see it, we can go ahead, block it. So that is one thing. Additionally, again, there are a lot of features in the pipeline such as again, private app access, VDI replacement, all of those. Those things are also coming in, in a way to make it easy for the, any enterprise that is out there to become like sort of a one shop for again, all the, all the requirements they would have in terms of security, as well as making sure that the productivity is amazing within the organization. So that is something and just making sure that we are the thought leaders, we are the innovators in the industry and that is in our DNA, you know, Knowing the wic, we can run or establish a business, you know, it's relatively easy to rephrase it that we can build a decent business by doing certain things. But here again, it's just in our DNA that we have to be the best in the world and make sure that we are the pioneers, innovators and again, super excited to envision the next couple of months. A lot of these features, parallel research are happening where we are trying to go ahead and block all of the attacks that would be happening on the web. So that's on the horizon. I can't reveal a lot of information, even though I'm tempted to. But again I'll have to check with the company on how much I can diverge.

Gregor Vand (45:36)

All good. I mean that's the great thing about having startups on software engineering daily. We don't expect to be able to hear about sort of the next 12 months that's usually sort of larger companies. So it's just great to be able to have you here. Anyway, one final point, and this might be a question that a few people are just sort of still asking in terms of squarex versus a vpn, because I'm just thinking that might be the product that they're most familiar with in terms of something that might be helping them block malicious things. Could you maybe just summarize actually just how squarex goes beyond a vpn?

Jeswin Maathai (46:11)

So that's a great question. With VPN again you're still vulnerable to a lot of attacks. It's just routing your traffic through a secure network or a secure location. But if you think about it, and let's say you get a malicious website right? So now it is opening on your end device. Now at that point in time that website could lead to some zero day attack that could happen and your device gets compromised. So that is one big concern we have around all VPN solution. And what will end up happening is with vpn, sadly Mac OS removed the support for split tunneling. So all of your devices traffic is now going through like some location and in a way it will affect the user experience because again the websites will slow down. With squarex disposable browser, a couple of these features, again it's a browser running within a tab of your regular browser. So anything you do there again it's just a tab. And that way again the surfing experience is much more better compared to vpn. And more importantly from a security standpoint, anything that happens there can't impact your regular device in any way. Let's say you go to malicious website it will impact the container that is running and these containers are like hardened from day to day basis making sure it's properly updated, patched and best let's say security hardening mechanisms are put in place to ensure nothing happens in case. Again worst case is some zero day happens and there's no way squarex can can block it on the container level. You're still safe because again it's a remote container that gets compromised. It's square access a part of small part of infra that might get compromised but the user won't be impacted in any way.

Gregor Vand (47:49)

I think that's a great explanation. So as you've heard, you know any user kind of get going with squarex, you know. So just to be clear where's the best place to go and what do they do from there.

Jeswin Maathai (47:59)

Best part about squarex so the domain is pretty short. It is sqrx.com so again just head to squarex.com and take a look at the videos that are there in case if you want to try out the consumer version of the extension then head over to the Chrome store and search for squarex. We have above I think 4.9 rating with 200,000 users actively using the product that will again tell the story for itself. So yeah on Chrome store you can find us as well as on squarex.com and do check out the enterprise offering that we have. It's. It's quite innovative and it is relevant for every organization out there. Everyone is impacted by the attacks that are happening and sadly there is no security solution apart from us who can provide protection on the browser to combat such attacks.

Gregor Vand (48:47)

Nice. That was sqrx.com so head there and check it out. Jeswin, great to have you here. Nice as always to have someone also in Singapore to speak to. Slight novelty for us Software Engineering Daily. So thank you so much for making the time in your evening and hope we get to catch up again in the future. Hear hear how Square X is doing.

Jeswin Maathai (49:09)

Sure, sure. Sounds great. Thank you so much Gregor. It was awesome to be here.