How Sanjay Katkar built India’s most successful IT security firm Quick Heal
Tuesday October 31, 2017,
13 min Read
From a chawl in Pune to building Quick Heal, Sanjay Katkar’s journey to being the one of the most successful tech entrepreneurs of India.
Who would have thought two brothers from Pune’s Wakdewadi chawl would one day build India’s most successful IT security company Quick Heal, that competes and often bests the best in technology and business.
Kailash and Sanjay Katkar’s story of success is one in a million, but teaches the importance of persistence, self-discipline, and the spirit to never give up. Sanjay, our Techie Tuesdays candidate of the week, is the co-founder and CTO of Quick Heal. Here’s an account of his journey in the ever-evolving field of IT security:
Stars of Wakdewadi
Hailing from a small village in Maharashtra’s Satara district, Sanjay’s father moved to Pune where he joined Philips as a tool setter. Despite being recognised as a good worker, he couldn't grow owing to a lack of education and that’s when he decided his children would not go through a similar fate. Sanjay and his siblings, elder brother Kailash and younger sister Asha, were enrolled in an English medium school, a big move for someone in Wakdewadi in the 1980s.
Sanjay struggled through school learning English as neither of his parents were conversant with the language, as were his neighbours. In fact, he was not really even interested in academics in junior school. "I was bunking classes and one day my parents were called to the school for the same. When they informed my father that I've to fail this class, he agreed as he wanted me to learn from the failure."
A shocked and shaken Sanjay soon became serious about his studies. While elder brother Kailash quit studies after failing the ninth class and helped support the household repairing electronics, he made sure Sanjay and his sister continued their studies.
By the time Sanjay completed class 10th, electronics fascinated him and he decided to pursue his engineering in electronics.
Computers were still unfamiliar territory for Sanjay but he got up close with them when Kailash joined Data Star Electronics, which repaired calculators and advanced ledger posting machines used by the banks.
Kailash encouraged Sanjay to study computers and the latter finished his Bachelors in Computer Science from Modern College, Pune.
Welcome to the world of computers, and viruses
It was in the second year of college that Sanjay truly developed an interest in computers and programming with the C language. With limited time allotted for the subject, Sanjay started working on computers that his brother took on to repair at his shop.
That is when Sanjay came face to face with computer viruses. Curiosity led him to Amol Deshpande, the CEO of Soft Aid Solutions. The company had an antivirus software called 'CG-Cure' (for the DOS operating system) which taught him how viruses infect machines. Sanjay also learnt about the 'debug.com' tool that Amol used. He says, "Every machine has DOS which has file debug.com inside it."
In the second year of college, Sanjay learnt about debug.com and started debugging programmes. Debugged a virus-infected file was an experience in reverse engineering and Sanjay learnt how a virus infects machines and it stores itself.
Hooked, Sanjay read about operating system (OS), memory allocation and learnt to clean viruses manually.
Sanjay debugged the boot record of a floppy disk infected by Brain, the very first MS-DOS virus created by Pakistan-based hackers. The virus shifted the boot record to other clean sectors and infected the original boot record with the virus code.
Sanjay cleaned several floppies and computer hard disks. Since he loved C programming, he wrote a programme and it soon became popular among students. In fact, even Kailash started using it to repair computers.
Related read - Milind Borate – the man building the ‘North Star’ of data protection
Building tools - genesis of Quick Heal
The first tool Sanjay created was for the Michelangelo virus. In his second year, he created three to four antivirus. Since internet penetration was negligible in India then, he encountered a new virus once every week or two and took two days to work on a tool.
After his graduation, Sanjay joined Wadia College in Pune to pursue his masters and would spend half the day at Kailash's workshop writing virus solutions. By then, his ‘encounters’ with new viruses had grown to two to three per week.
Sanjay interned at industrial automation tool company Jopasana Software for his masters’ project and while he was offered a job thereafter, Kailash asked Sanjay to design an anti-virus based on all the tools developed by him. This was the genesis of Quick Heal in 1993-94.
Sanjay burned the midnight oil working on packaging the anti-virus during his internship and Quick Heal’s first version for MS-DOS was released in 1995. It was in a floppy disk and had 18-20 anti-viruses for some of the most common viruses infecting Indian computers. For first two years, nobody paid for Quick Heal. Sanjay says,
Piracy was huge in India then. People (with desktops at home) weren't buying software, they just got pirated software. We couldn't convince people to buy anti-virus.
Kailash and other hardware repair workshops used Quick Heal extensively and sold it to troubled customers with a guarantee from Quick Heal.
The name - Quick Heal
While the market was dominated by MNCs’ anti-virus solutions (like Norton), they couldn't clean many viruses specific to people in India. Sanjay's tools/solutions, on the other hand, could clean the viruses quickly as it didn't scan for a whole lot of viruses like other anti-viruses.
Hence the name Quick Heal.
Also read - From earning Rs 400 per month to leading Rs 250 Cr IPO: the Quick Heal story
The Aha moment
In 1997, OneHalf and Dir-II viruses of MS-DOS were troubling many systems and Sanjay saw that the problem run deep.
He started working on a solution and it took him two weeks to come up with a solution that could clean an infected system. The solution soon became popular in Pune, and people started recognising Quick Heal as an anti-virus that could clean these two viruses.
“We made good money that year and decided to discontinue the hardware business next year,” says Sanjay.
Quick Heal expanded its workforce and started working on Windows 95 and Windows NT viruses as well.
By the year 2000, Quick Heal was a known name in Pune and Kailash appointed dealers in Mumbai and Nashik, but they couldn't get much business.
It was only when an employee trained in Pune ran the business in Nashik, exactly as in Pune, did the business thrive. Learning from the experience, Quick Heal followed this model to expand to other cities.
However, retaining developers in the company was a struggle, as were other issues. “To write at a deeper level for Microsoft (like driver level), we needed help from Microsoft but couldn't get it, while the MNCs producing anti-viruses could access that,” says Sanjay.
The Quick Heal advantage
Quick Heal still maintained an edge over MNCs’ products as the solutions were developed based on Sanjay's interaction with people and challenges faced by them in real life situations. His focus was to have fewer features, but solve more critical problems.
In 1998, Quick Heal was the only anti-virus that allowed a user to login to Noel network server and clean all connected machines without individually logging in them. This was revolutionary as the products from the other companies took two to three days to do the same. Sanjay says,
You'll always find the products of MNCs and larger organisations with many features but the customer need only few features which function very well. So, if you focus on those important features and make sure that they are stable and function smoothly, then customers will choose your products more than others.
In the early days, when dropping internet connection was a frequent feature, software updates (including antivirus) had to restart every time. Same in the case of load shedding. To address the issue, Sanjay made sure anti-virus updates resumed download from the same point they were left off at.
He says, "Power cuts weren’t common in the US and other developed countries, possibly that's why the MNCs couldn't think of this problem (and the feature)."
Also, all MNCs’ products had to clean boot the machine. Now, if using pirated OS, it was not possible to get a clean bootable DOS. Quick Heal offered a feature where the anti-virus would create an emergency disk in case of infected systems. The user can then boot using the emergency disk.
Of lows and subsequent highs
In 2001, Sanjay almost gave up telling Kailash that without any developer, he couldn’t keep fighting the MNCs.
Kailash asked Sanjay to hang on for some time and hired some more marketing personnel. Every quarter they started opening a new branch, and business grew. Quick Heal also started advertising in 2004, which helped the sales and branding. Soon, Quick Heal was eating into the market share of major MNCs in India.
Sanjay, on his part, also started submitting the company's products for international certification and cleared some prestigious programmes like Virus Bulletin's VB100. That is when an Israeli anti-virus company sought to collaborate with Quick Heal.
In Israel to train developers, it dawned on Sanjay that he would soon have to work on developing antivirus for over 1000 viruses a day as the threats were increasing.
The answer, he realized, was automation.
For the next year and a half, Sanjay worked on building an automation tool to detect and clean viruses, which was a crucial development in Quick Heal’s journey. Sanjay adds,
Before 2002, there were almost a dozen anti-virus companies in India whereas today only one or two are left. Globally, there are two dozen of anti-virus companies with their own development engines. Only the companies which could create an automation tool to deal with the exponentially increasing virus counts could survive the test of time.
Related read - Story of a programmer who fell in love with Hindi poetry — Satish Chandra Gupta
Evolution of viruses and anti-viruses
From 1995 to 2002, viruses didn't have financial gains and were created for fun. Sanjay says, “One can devote only so much time for something like that and that too when you know that it's benefitting anti-virus solution companies, it's demotivating for the hackers. However, things started to change with the increase in internet penetration and online transactions. Cybercrime started becoming popular and hackers had ROI as there was data and money at stake.”
In 2005, Symbian OS of Nokia Mobile started getting attacked by viruses, and Quick Heal was the first to introduce a feature to clean mobile phone viruses. The anti-virus also introduced a feature to track lost systems. Sanjay adds,
Quick Heal used to put a telemetry on its server after cleaning a device (connected to internet). Gradually, they had the telemetry of one complete install base at their lab. The proactive threats were looked into based on the telemetry data and it helped a lot.
Threats and acquisitions
The security field is fast growing and Quick Heal faces two major challenges:
- Threats are more advanced and come from all directions.
- Newer companies are solving specific threats which most anti-virus companies have missed on. Eg. Fire Eye monitors the log parallel, understands the analytics, and caches threats. This wasn’t present in any security product and became very popular. The company also went for an initial public offering. Security vendors like Quick Heal needed to be alert and focus on every aspect of the competition.
Since 2010, cybercrime and state-sponsored threats constituted over a third of the total malware. Sanjay says, “These type of malware are either backed by huge funding, or have financial incentives. They are complicated in nature and a lot of research work goes behind developing them.”
To equip itself with the latest technology, Quick Heal has acquired the following technologies over the last few years:
- Behaviour detection system from a US-based company to focus on behaviour of application and help in proactive detection
- DLP (data loss prevention) related technology developed by an ex-Quick Heal employee. This feature is used in safe banking.
- Sandboxing of all OS related transactions
Explaining the company’s acquisition philosophy, Sanjay says,
We look at what problem are they solving. Since we're in the market, we know what are the pain points of customers. If someone has a technology solving these problems (which we haven't been able to) and if we know that it'll take some time (a year or more) to solve it ourselves, then we decide to acquire. Time is money.
From funding to IPO
From 2003 to 2010, Quick Heal grew 100 percent every year, and was cash rich when Sequoia Capital, India, showed interest. Initially, Sanjay and Kailash weren't convinced about the idea of raising funds but when the company gave ESOPs to retain employees, the brothers thought of putting an external valuation to the company.
Every chartered accountant valued the company differently and that's when the idea of raising funding from Sequoia Capital made perfect sense for Quick Heal. Sequoia helped Quick Heal streamline some of their departments, and had come in with an exit plan of four to five years.
Quick Heal later, chose IPO route rather than raising another VC funding round. Sanjay adds,
"We thought of going for an IPO in 2013 but the markets weren't great. So, we filed it later in 2015.”
In the last few years, Quick Heal has hired some senior professionals and experts from the industry. The company’s tech team is now over 450 people strong.
Also read - Meet Vasan Subramanian – CTO Accel Partners, India – the man with an everlasting itch to build tech products
Cyber security myths
According to Sanjay, enterprises know about the cyber security threats but ignore them because they believe hackers won't target them. He says, “Hackers don't know people/companies personally. It's automated and can target anyone. One of the biggest threats from last year was Mirai. The botnet who created it himself didn't know how many cameras, routers and computers were affected. It's all automated. With everything coming digital, you've to think about security seriously.”
Of culture and values
Sanjay believes patience is the most important virtue, apart from in-depth knowledge to be a cyber security professional. “As a culture, when we're working on certain feature and product, it is to the level we're satisfied with, even if it means delaying the release date.”
Sanjay wants to make Quick Heal one of the top 10 security companies in the world.
Cyber Security is challenging with threats coming in daily, and till there are challenges and problems, I cannot sleep.