Vendor Spotlight: SanerNow

SecPod gets its name from a contraction of Security Platform. The company produced the SanerNow cloud-based cybersecurity SaaS package. SecPod originally marketed this system as a “cyber hygiene platform” but is now phasing in the term CVEM, which stands for Continuous Vulnerability and Exposure Management.

So, just one paragraph in, we already know that SecPod likes to create its own buzzwords, but is there any depth behind this marketing surface? Well, the founders of the system certainly picked a vital service as the SecPod specialization because vulnerability management is a cost-effective way to protect a business from disastrous and possibly fatal attacks.

The IBM Cost of a Data Breach Report 2023 calculated that the average cost of a data breach reached $4.45 million in 2023, with compromised vulnerabilities cited as a significant factor in these incidents. That’s $4.45 million per event. A small business might find that statistic impossible, but keep in mind that very large corporations are frequently targeted by hackers. A loss of data that disclosed the personal data of millions of customers costs a fortune in fines, cleanup, and reputation damage that leads to a loss of business.

The Mitre Corporation’s definition list of the Common Vulnerabilities and Exposures (CVE) now stands at 190,000 potential loopholes, so the enormity of preventing a breach dictates a requirement for an automated strategy. That’s where SecPod comes in.

Founding and Background

SecPod Technologies Pvt. Ltd was registered on April 14, 2014, in Bengaluru (Bangalore), Karnataka, India. However, this is not the true origin; that goes back to SecPod Solutions, which was registered on April 18, 2008, also in Bengaluru. The founder, Chandrashekhar Basavanna, wanted to get in on the IT boom and started up SecPod Solutions as an outsourced software development house, creating programs for established security brands.

The rebranding to SecPod Technologies coincided with the decision to launch a SecPod product, which was originally called Saner and launched in December 2013. This was an endpoint security scanner. This evolved into Saner 2, an Endpoint Detection and Response (EDR) package, in 2016.

SecPod worked on moving Saner to the cloud to create a SaaS platform that would scan all endpoints on a site. When this system was ready in 2018, it was launched under the name SanerNow. Work continued on the platform and it was expanded to include a network vulnerability scanner.

Cloud Privileged Access Management was added in 2023. In 2024, SecPod changed the designation of SanerNow from a cyber hygiene platform into a Continuous Vulnerability and Exposure Management (CVEM) platform.

Basavanna has been CEO of SecPod from the day of its first registration as SecPod Solutions up to the present day. The business is still headquartered in Bengaluru.

Timeline and Evolution

Here’s a timeline of SanerNow’s evolution:

• 2008: SecPod Technologies was founded by Chandrashekhar Basavanna in Bangalore, Karnataka, India.
• 2009: Basavanna gained experience in cybersecurity and helped train assistants by contributing to open source security projects.
• 2011: The company began coding on contract for more established cybersecurity firms, including AlienVault and CloudPassage.
• 2013: Saner was officially launched as an endpoint security scanner for Windows.
• 2014: The company rebranded itself as SecPod Technologies Pvt. Ltd., reflecting its growth and commitment to expanding its product offerings and market reach. Adds on Linux scanning to Saner.
• 2015: Saner adds on scanning for Macs. SecPod opens a US office in Tulsa, Oklahoma.
• 2016: SecPod expanded its market presence beyond India, establishing partnerships and collaborations with various organizations worldwide.
• 2018: Saner launches a multi-tenant architecture for use by managed service providers (MSPs). SecPod moves its US offices to Redwood City, California.
• 2021: Addition of network vulnerability scanning to the SanerNow platform.
• 2022: Continued improvements were made to the SanerNow platform, including AI-driven capabilities for automated vulnerability detection and management.
• 2023: Cloud Privileged Access Management was added to the platform.
• 2024: SanerNow was classified as a Continuous Vulnerability and Exposure Management (CVEM) platform.

Key People, Company Ownership

SecPod was founded by Chandrashekhar Basavanna, who is still the CEO of the company. He is the sole executive behind the growth of the business, including financing its early operations. The company grew very slowly, starting out as a software development house performing outsourced programming work. Basavanna started the company following a career as a software engineer and senior manager of network and software companies. So, he was well experienced in running development projects.

The company never required external funding, and so it is still almost entirely owned by Chandrashekhar Basavanna. He relates that in order to gain bank loans in the early days of SecPod both he and his brother Mahesh had to put up their homes as security. So it is also possible that Mahesh also has a shareholding in the company. Mahesh was the CFO of SecPod in its early years and started up his own business in November 2015 with the assistance of Chandrashekhar. This is Org Tree, which makes millet-based snacks. Mahesh is the CEO and Chandrashekhar is a director of that company.

Locations

SecPod has 118 employees, operating at two locations. The main offices of the company are in Bengaluru, Karnataka, India. The company also has offices in Redwood City, California.

Target Market and Customer Base

SecPod Technologies primarily targets organizations that need comprehensive cybersecurity solutions, particularly in vulnerability management, endpoint security, and compliance. Here’s a breakdown of SecPod’s target market and customer base:

Target Market

SecPod’s solutions are designed for a wide range of industries that require vulnerability management and endpoint security. Some of their key markets include:

• Enterprises Large organizations with complex IT infrastructures are highly targeted by SecPod. These companies often have numerous endpoints and network devices that require constant security monitoring, vulnerability detection, and patch management.
• Small and Medium-Sized Businesses (SMBs) SecPod offers scalable solutions, making them accessible to SMBs that may not have large in-house security teams but still require protection against vulnerabilities and cyber threats.
• Managed Service Providers (MSPs) SecPod’s SanerNow allows MSPs to create sub accounts for their clients. This feature helps MSPs manage and segregate client data efficiently, ensuring each client’s data is securely isolated and managed independently.
• Government Agencies SecPod targets government entities that need to comply with strict regulatory frameworks and ensure security across many distributed devices and systems.
• Healthcare The healthcare sector, which handles sensitive data and is subject to stringent data protection regulations (like HIPAA), is a key market. Healthcare organizations are often highly targeted by cybercriminals, making vulnerability management crucial.
• Financial Services Financial institutions are prime targets for cyberattacks, and they are subject to heavy regulations regarding security. SecPod’s solutions help these institutions meet compliance requirements and maintain strong endpoint security.
• Education Educational institutions with large networks of connected devices need cost-effective solutions for vulnerability management and patching. SecPod helps them safeguard their networks from cyber threats.
• Manufacturing and Industrial Organizations Industries with operational technology (OT) environments, such as manufacturing, are increasingly targeted by cyberattacks. SecPod helps secure critical infrastructure, protecting industrial control systems (ICS) and other networked devices.
• Retail and E-commerce Retail companies with significant online operations need to safeguard customer data and ensure system uptime. SecPod’s vulnerability management solutions help them avoid breaches that could lead to financial losses or reputation damage.

Customer Base

SecPod’s customer base is global, consisting of companies and institutions from diverse industries that prioritize cybersecurity and compliance. Some key characteristics of their customer base include:

• IT and Security Teams Organizations with dedicated IT and security teams use SecPod to manage the security of endpoints, patch systems, and ensure compliance with security regulations.
• Managed Service Providers (MSPs) SecPod caters to MSPs that offer security-as-a-service to smaller clients. MSPs use SecPod’s products like SanerNow to monitor, detect, and manage vulnerabilities for multiple customers.
• Companies Focused on Compliance Organizations operating under strict regulatory frameworks (such as GDPR, HIPAA, PCI-DSS, or SOX) are typical SecPod customers. Their products help companies maintain compliance by automatically detecting and patching vulnerabilities that could lead to regulatory violations.
• Global Reach SecPod has a growing international presence, providing cybersecurity solutions to companies across North America, Europe, and Asia. Their customer base ranges from local firms to multinational corporations.

SanerNow produces a suite of cybersecurity tools, but it doesn’t market each individually; instead, SanerNow has one product, called SanerNow, a cloud-based SaaS platform. The purpose of this package is to harden IT systems to make them immune from attack. This feature is particularly important for the protection of sensitive data.

Modules of SanerNow

The platform is divided up into specialized modules.

SanerNow VM – Vulnerability Management

This is the core vulnerability management module, providing tools for discovering, assessing, and mitigating security vulnerabilities across the organization’s network.

Key Features:

• Continuous scanning: Checks all connected devices for vulnerabilities based on a vast and regularly updated vulnerability database.
• Comprehensive coverage: Operates across operating systems: Windows, macOS, Linux.
• Risk-based prioritization: Ranks remediation priorities by categorizing vulnerabilities based on their severity and potential impact.

Benefits:

• Real-time visibility: Identifies vulnerabilities across the IT infrastructure.
• Remediates vulnerabilities: Closes loopholes before attackers exploit them.
• Rapid action: Reduces the window of exposure.

SanerNow PM – Patch Management

The Patch Management module automates the process of applying security patches and software updates across all endpoints.

Key Features:

• Automated patching: Deploys patches for Windows, Linux, macOS and third-party applications.
• Patch testing and scheduling: Patches can be tested in controlled environments and scheduled for deployment to avoid disruptions during business hours.
• Patch compliance: It tracks the status of patches across the organization, ensuring that all systems are fully updated and compliant with security policies.

Benefits:

• Reduces risk: Closes down software vulnerabilities.
• Simplifies patching processes: Doesn’t require deep technical knowledge to operate.
• Patch status visibility: Provides an instant audit across the organization, ensuring compliance with security policies and industry standards.

SanerNow RP – Risk Prioritization

This module helps organizations prioritize security risks based on the severity of vulnerabilities and their potential impact on business operations.

Key Features:

• Risk scoring: Each vulnerability is assigned a risk score based on factors such as exploitability, criticality, and asset importance.
• Business context: Allows organizations to focus remediation efforts on weaknesses that threaten critical business functions.
• Actionable insights: Recommendations for mitigating high-risk vulnerabilities efficiently.

Benefits:

• Focuses effort: Ensures that remediation efforts tackle the most critical risks.
• Reduces risk exposure: Addresses vulnerabilities with the highest potential for exploitation.
• Efficient resource allocation: IT teams can focus on the most important tasks.

SanerNow AE – Asset Exposure

This unit provides a clear picture of the assets within the organization and their exposure to vulnerabilities or threats.

Key Features:

• Complete asset inventory: Lists and documents all hardware and software assets across the network.
• Exposure identification: Assesses the potential exposure of each asset by identifying vulnerabilities, misconfigurations, and outdated software.
• Critical asset focus: Prioritizes critical assets that are vital to operations and more susceptible to security breaches.

Benefits:

• Provides full visibility:  into their IT environment.
• Identifies exposed assets: Fosters more focused security efforts.

SanerNow CM – Compliance Management

Organizations adhere to various industry standards and regulatory frameworks such as GDPR, HIPAA, PCI-DSS, and more. This unit addresses those needs.

Key Features:

• Policy enforcement: Defines and enforces security policies that align with industry regulations.
• Compliance auditing: Continuous monitoring and auditing of endpoints to ensure compliance with regulatory requirements.
• Reporting and documentation: Generates compliance reports that are essential for audits and regulatory submissions.

Benefits:

• Enforces regulatory requirements: Enables subscribers to avoid fines and penalties.
• A centralized compliance dashboard: Simplifies adherence to security policies.
• Compliance management automation: Removes the need for manual checks.

SanerNow EM – Endpoint Controls Management

This module provides comprehensive controls for managing and securing endpoints across the organization’s network.

Key Features:

• Configuration management: Enforces secure configurations and system hardening across all endpoints.
• Access control: Manages access privileges and ensures that users follow the principle of least privilege.
• Security policy enforcement: This module can enforce security policies, such as firewall settings, antivirus deployment, and system integrity checks, to ensure consistent endpoint security.

Benefits:

• Consistency: Ensures that security policies are consistently enforced across all endpoints.
• Visibility: Improves overall security posture by making device configurations accessible.
• Risk reduction: Exposes misconfigurations and unauthorized access to sensitive systems.

SanerNow PA – Posture Anomaly Management

This module is designed to detect and manage anomalies that deviate from normal security and operational postures.

Key Features:

• Anomaly detection: Continuously monitors endpoints to identify abnormal behavior, system configurations, or policy deviations.
• Baseline comparison: Defines normal system behavior and alerts administrators to deviations from the norm.
• Automated response: Provides immediate remediation.

Benefits:

• Early threat detection: Continuous scanning spots new problems quickly.
• Security posture improvement: Ensures conformance to secure operating standards.

Strengths of SanerNow

• Comprehensive security solution: SanerNow offers a wide range of security tools in a unified platform, including vulnerability management, patch management, and endpoint protection. This all-in-one approach eliminates the need for multiple disparate tools, saving organizations time and money.
• Automation capabilities: The platform’s automation features include automated patching and compliance enforcement. These significantly reduce the burden on IT teams. This is particularly beneficial for small and medium-sized businesses (SMBs) that may have limited resources to manage security manually.
• Scalability: SanerNow is scalable and can be deployed across small to large enterprises, making it suitable for businesses of all sizes. Its flexibility allows it to grow alongside a company’s needs.
• Proactive vulnerability management: With real-time scanning and risk-based prioritization, SanerNow helps organizations proactively manage vulnerabilities before they are exploited by attackers.
• Cross-platform support: The platform supports multiple operating systems (Windows, macOS, Linux) and integrates patching for third-party applications. This broad support ensures that it can be used in diverse IT environments.
• Strong compliance focus: SanerNow’s strong emphasis on compliance management helps organizations meet various regulatory requirements effortlessly, providing peace of mind in heavily regulated industries.
• Lightweight agent: The endpoint agent used by SanerNow is lightweight and does not consume excessive resources, ensuring minimal impact on system performance while providing continuous protection.

SanerNow Assessment

SanerNow by SecPod Technologies is a powerful, feature-rich platform that covers a broad spectrum of cybersecurity needs, from vulnerability management and patching to compliance and endpoint security. Its ability to automate routine security tasks and provide real-time insights into risks makes it an appealing solution for organizations looking to strengthen their cybersecurity posture.

The SanerNow platform is a strong contender in the vulnerability management and endpoint security space, offering a comprehensive, cost-effective solution for businesses of all sizes. The SecPod team continues to improve the platform, particularly its user interface and list of integrations.

Major Competitors

SecPod is a cybersecurity and endpoint management company known for its SanerNow platform, which provides vulnerability management, patch management, compliance, and endpoint security solutions. Here are some of its major competitors:

1. Tenable A leading player in the cybersecurity space, particularly known for its Nessus vulnerability scanner. The company specializes in vulnerability management and continuous monitoring for risk assessment. Tenable.io and Tenable.sc platforms offer real-time insights into network vulnerabilities, making it a go-to solution for enterprises aiming to maintain strong security postures across various digital assets. It integrates well with third-party tools and emphasizes risk-based prioritization, helping organizations tackle the most critical security risks effectively.
2. Qualys A cloud-based security and compliance platform, renowned for its vulnerability management, detection, and response (VMDR) solutions. It provides an extensive suite of tools for asset management, policy compliance, and web application security. The platform offers continuous monitoring and threat intelligence to help organizations quickly detect and remediate security vulnerabilities. Qualys’ strength lies in its scalability, making it suitable for both large enterprises and small businesses looking for comprehensive cybersecurity coverage and regulatory compliance.
3. Rapid7 Specializes in cybersecurity analytics and automation, offering solutions such as vulnerability management, threat detection, and incident response. Its InsightVM platform focuses on dynamic and real-time vulnerability assessments. By integrating with security information and event management (SIEM) systems, it helps businesses identify risks, monitor compliance, and streamline patching efforts. Rapid7’s user-friendly interface and analytics capabilities enable organizations to prioritize vulnerabilities based on business risk, helping them to better manage their cybersecurity operations and minimize potential attack surfaces.
4. CrowdStrike A leading cybersecurity company primarily recognized for its cloud-native endpoint protection platform, Falcon. It uses AI-powered analytics to offer endpoint detection and response (EDR), threat intelligence, and vulnerability management services. With a strong focus on threat hunting and real-time incident response, CrowdStrike is favored by enterprises requiring advanced protection against modern cyber threats. Its ability to rapidly detect and mitigate vulnerabilities, combined with a lightweight agent, makes CrowdStrike a fierce competitor in the endpoint security and vulnerability management market.
5. Ivanti Provides IT asset and service management solutions with a focus on endpoint security, patch management, and automated risk mitigation. Its platform helps organizations manage and secure their IT environments by automating tasks such as patching, vulnerability scanning, and compliance checks. Ivanti Neurons for Patch Intelligence is particularly strong in automating patch management for third-party applications and operating systems. Ivanti’s comprehensive suite allows organizations to unify IT operations and cybersecurity, enhancing overall IT hygiene and reducing attack surfaces.
6. Microsoft Defender for Endpoint An enterprise-grade security platform offering advanced threat protection, endpoint detection and response (EDR), and vulnerability management. Built into the Windows ecosystem, it provides deep integration with other Microsoft tools, making it a preferred choice for organizations using Microsoft products. The platform uses AI-driven analysis and cloud intelligence to identify and mitigate security vulnerabilities in real time. Its comprehensive approach to threat prevention, detection, and automated remediation positions it as a formidable competitor in the endpoint security and vulnerability management space.
7. McAfee MVISION A cloud-native security platform designed for endpoint protection, threat detection, and vulnerability management. It focuses on providing a unified security experience by integrating endpoint protection, extended detection and response (XDR), and vulnerability insights. MVISION leverages machine learning and behavioral analytics to identify vulnerabilities and prevent advanced threats. Its cloud-based architecture ensures scalability and easy deployment, making it an attractive choice for businesses looking for a flexible yet thorough security solution. McAfee’s brand reputation in cybersecurity adds to MVISION’s credibility as a reliable endpoint management competitor.
8. Sophos Intercept X An advanced endpoint protection platform that combines anti-exploit technology, vulnerability scanning, and EDR capabilities. Known for its AI-driven threat detection and deep learning models, Intercept X offers proactive defense against malware, ransomware, and other advanced threats. It integrates seamlessly with Sophos Central, a cloud-based management console, allowing for centralized security management. Intercept X’s ease of use and strong focus on automated threat prevention and remediation make it a direct competitor in the vulnerability management and endpoint security market, especially for organizations seeking comprehensive, AI-powered protection.
9. Bitdefender GravityZone Offers endpoint protection, vulnerability assessment, and patch management. Known for its high-performance machine learning algorithms, GravityZone provides advanced threat intelligence, ransomware protection, and automated risk mitigation. The platform excels in delivering real-time visibility into network vulnerabilities and offers a range of security tools such as antivirus, anti-exploit, and endpoint detection and response (EDR). Its centralized management console allows organizations to control all security operations from a single dashboard, making Bitdefender a strong competitor for businesses looking for a scalable and comprehensive security solution.
10. ManageEngine Vulnerability Manager Plus Focuses on holistic vulnerability management, offering solutions for threat detection, compliance, and patching. The platform provides real-time insights into network vulnerabilities, misconfigurations, and patch updates for operating systems and third-party applications. It excels in risk-based prioritization, helping organizations focus on the most critical vulnerabilities. ManageEngine’s strength lies in its cost-effectiveness and ease of use, making it popular among small to medium-sized businesses. Its focus on continuous monitoring and integrated patch management positions it as a key competitor in the vulnerability management space.

Spotlight Wrap Up

SecPod Technologies targets a diverse range of sectors that require comprehensive security solutions, with a focus on vulnerability management, patching, compliance, and endpoint security. Its customer base includes organizations of all sizes, from SMBs to large enterprises and government agencies, globally. The flexibility and scalability of their solutions allow them to cater to different industries with varying cybersecurity needs.

Although SecPod has been around since 2008 and SanerNow has been available since 2015, the platform is still one of the smaller contenders in the cybersecurity market. This is because the owner of the business has stressed organic growth, avoiding the need to invite investment funds to take stakes in the company. The results of this strategy have meant that the platform has to work hard in terms of ingenuity to make up for lack of funds; a smaller budget means fewer customers, resulting in not so many customers, low revenue, and thus … a smaller budget.

SecPod continues to improve the SanerNow platform and offer more preventative security measures. The system will need to rapidly expand its cloud security services to keep up with the market.