You only know how good a lock on your door is once someone tries to break it. And if they succeed, it would be nice if they’d tell you to get a better lock, instead of stealing all your belongings. European scale-up, Intigriti, is jimmying the digital locks of some of the world’s largest companies. They have permission though. And thankfully, they’re the good ones.
Finding bugs before the bad guys do so
Intigriti, which was founded in Belgium in 2016,is making a name for itself by testing online systems for vulnerabilities as more and more companies join their bug bounty platform. Paul Down, Head of Sales at Intigriti sat down to talk about the scaleups growth, the challenges of being a rapidly expanding company and how customer relationship management software, Salesforce, helps him to do his job properly.
Intigriti’s bug bounty programme is powered by an ever-increasing community of security researchers. Companies can utilise Intigriti’s community to test the security of their online services. If someone manages to breach the company’s systems, they get paid a bounty and the company can fix their bug before malicious hackers find it.
‘We call them security researchers’
That might sound like companies can ask Intigriti to let hackers loose on them. But right off the bat, Down wishes to clarify that there is a big difference between malicious and ethical hackers. Intigriti is a platform for the latter, he explains: “We call them security researchers.” Down says that eighty per cent of Intigriti’s security researchers are professionals in software engineering and cybersecurity. And everyone in the community is carefully vetted. Down: “For many, hacking is a part-time gig. They do it, for instance, to learn more about their trade and maybe provide better security for their own company.”
Bug bounty programs rewarding ethical hackers for disclosing vulnerabilities are not uncommon. Apple runs its own program for instance. Anyone finding a vulnerability and disclosing that to Apple – and not to anyone else – can get up a million dollars in rewards. Peanuts, compared to the damage the company suffers in case of a similar hostile breach.
A lousy T-shirt
It’s not always about the money though. The Dutch Centre for Cyber Security (NCSC) offers a different reward. Anyone finding meaningful vulnerabilities in a Dutch government website receives a black T-shirt, with plain white letters: I hacked the Dutch government and all I got was this lousy T-shirt. The garment quickly became one of the most coveted prizes in the online security business.
“Large companies have been familiar with bug bounty programs for a while now”, says Down. “They see the value. Intigriti makes the process easier for everyone involved.” For security researchers, it offers the opportunity to collaborate with others, easily report their process and receive payment, up to $100,000 per reported vulnerability, without any hassle.
Fraction of the cost of an actual breach
For companies, it offers an entire community of over 40,000 ethical hackers ready to test their online security without any risk of dealing with shady people. They receive detailed reports on their security and pay only a fraction of the cost of an actual breach, without having to employ an entire security team themselves.
For Intigriti, the quality of the service they offer is largely dependent on the community they’ve built and maintained. The fact that world-famous ethical hacker Inti De Ceukelaire joined the company as Head of Hacker and board member lends it a lot of credibility. De Ceukelaire won prestigious prizes for his IT and security work but gained world fame after he succeeded in manipulating a tweet of then-President Trump. “We went for quality over quantity”, says Down about the community. “The breadth of people participating is immense. They are incredibly skilled and they all talk to each other.”
Intel choosing Intigriti
The focus on quality allowed Intigriti to grow rapidly. In 2021 its headcount grew by 133 per cent. It raised over €4 million in a Series A round in 2020. According to Down, the company doubled in revenue and customers year on year, including names like Brussels Airlines, Randstad and the European Commission.
It currently has over 300 active programmes and has paid more than €3 million in bounties. Last year alone, 17,343 vulnerabilities were reported through the platform, 838 of which were critical. Also last year, Intigriti struck gold when chip manufacturer Intel announced it was moving its bug bounty platform to Intigriti. Down: “The moment that was announced, we had the interest of more significant global vendors.”
Heart-warming growth facilitated by the right technology
In the near future, Intigriti doesn’t look like it’s slowing down. “We can take on the largest companies in the world”, Down confidently says. “For us, that is heart-warming. We are a European-centric company, so GDPR is baked in everything we do. Customers can trust us to manage potentially company-ending information.” With that in mind, it is important for Intigriti to have CRM software that is aligned with that goal. With Salesforce they can securely and efficiently manage customer data.
During the pandemic, many companies switched to remote working. And while some are welcoming employees back to the office, the digitisation they’re going through is not stopping. With the online footprint of companies only increasing in the future, Intigriti has its work cut out. Having Salesforce CRM in place helps them to do so. Their reps can work from anywhere while still allowing for real-time insights into sales performance across the business. This is crucial for Intigriti’s growth journey, says Down.
“Organisations all over the world have been digitising for a long time”, says Down. “Using cloud services is cost-effective and safe. Generally, the cloud services many companies use are secure. But the way they use it often is not. You need to guarantee security across all the digital components you’re using in collaboration with those cloud services.”
Salesforce enables scaling and growth
To enable the rapid growth of the company, Down swears by using Salesforce. “It’s the number one CRM out there. When it comes to managing customer relations, we need a company that can scale as fast as we’re doing. We hired 15 people last month, and everybody knows how to use it.”
Since Salesforce is cloud-based, Down says it is easy to scale up and onboard new people. “I’m a Salesforce expert, I couldn’t do my job without them. It was already in place when I joined Intigriti. If it wasn’t, I would’ve implemented it.”
A global company
A smooth operating sales process is essential for Down since his work is not without challenges. Despite its advantages, bug bounty programs do not sell themselves. “Companies either understand what we do or they don’t. Many businesses are still hesitant. They think you encourage malicious hackers to attack them. But ethical hacking is done in a controlled and safe manner. We’ve never had a malicious hack.”
Financially speaking, it can be attractive as well especially compared to dedicated, in-house security teams. Down: “You’re only paying for results. We work closely with our customers to create a bounty table and you’re only paying for results. Critical bugs are rewarded higher, but in terms of ROI, it’s minimal.”
Intigriti uses Salesforce CRM. Want to find out what CRM can do for your business? Read their handbook that explains how to make a success of your first steps with CRM. You’ll find all the information you need on how to build your CRM strategy, how to maximise your ROI and how to improve your sales and productivity.
