Jose Ramon Palanco holds a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. Jose Ramon is the founder of Dinoflux, a cybersecurity product specialized in threat intelligence generation and distribution to different cybersecurity systems (IDS, Firewalls, IPS, SIEM, etc), boosting pre-existing technologies in order to provide a wider range of threat detections. From 2018 to date, Dinoflux is one of the partners of the cybersecurity area of the company Telefonica.
Can you tell us more about your academic background and your beginnings as freelancer?
I studied telecommunications engineering in Madrid, while studying at university some classmates and I started our first steps as entrepreneurs providing cybersecurity services on ethical hacking, website issues and error alleviation reports for multiple clients
Thanks to the experience gained during this time, Jose Ramon expanded his vision and detected several gaps in other areas of cybersecurity and threat intelligence, such as the way malware detection and protection systems identified, classified and consequently blocked malicious information, which at the same time he envisioned as a “business opportunity”.
How did this lead you to focus on Threat Intelligence?
This led me to develop a more detailed analysis of malware which through a sample managed to extract all the intelligence contained in it (where it connects, what functions it has in the Windows system, if it creates files, if it opens directories, and other activities that the malware can do) in order to create a profile of the malware that could be exported in different formats (STIX, snort, etc.) to be consumed not only by IDS, Firewalls, IPS, SIEM technologies but also by antiviruses…
By the time Jose Ramon was working as a freelancer in 2014, different kind of technologies helping to protect companies from cyberattacks were developed, “technologies such as IDS, Firewalls, IPS, SIEM, among others…”. From all of the cybersecurity systems available in that time the antivirus systems already had databases rich enough to provide information for detecting malicious content. The more recent malware detection systems, unlike this, did not have evolved much and lacked of a rich database. These systems also had old IOC (indicators of compromise) “blacklists” that used a hash (static identification) standard with 100% similarity recognition that narrowed the possibilities to detect more malware threats.
When was Dinoflux finally conceived?
The idea of creating Dinoflux arose initially when a client asked me to generate intelligence and malware identification reports manually… consequently, I generated rules of IDS in snort format, rules of file identification in YARA format, and generic rules in STIX format… I realized this could be useful for other clients who also wanted to generate intelligence. In order to help me do this, I developed a small, basic program making use of a “sandbox” (a security mechanism that allows you to run programs and malware in a controlled environment without compromising your equipment). Through the constant evolution of this, I had somehow created Dinoflux
How does it work…
The intelligence reports of Dinoflux provide detailed information on threats that enrich the system’s databases which through the “attribution of an actor” (in other words, the identification of who is behind the creation of the threat and the behavior analysis) can recognize similar behavior in future threats.
What Dinoflux does is provide any cybersecurity product, for instance IDS, with extra intelligence… IOC of Dinoflux are more advanced and more descriptive which enables it to detect a wider range of threats
Dinoflux IDS Integration
When and how did Dinoflux begin to be offered as a consolidated tool?
As Jose Ramon explained us, Dinoflux already had a database that was updated daily and autonomously, and which could be consulted by customers at any time. Although something that adds even more value to the way Dinoflux system is enriched is that the client can also contribute to the database and, if they so wish, publicly share what has been reported, allowing intelligence to be generated for all other clients. By the time Dinoflux was already more established as a cybersecurity platform, its subscription price amounted to USD 80,000 per year with the option to try a free trial before paying the annual subscription.
Even before it was finished, Dinoflux services could already deliver value from the first moment, this motivated me to start offering it to different clients upon subscription… All the intelligence generated by Dinoflux is stored in the cloud, therefore, not only is the intelligence that the clients’ system collects, on top of that they could also consult the database that we have updated in the cloud, in addition to the daily intelligence reports that we gave them… This was something that customers valued a lot
Dinoflux as a promising startup and INCIBE
After offering Dinoflux to several clients to give a boost to threat detection devices. José Ramon decided to venture into new challenges and position Dinoflux to another level. It was at that moment when he was suggested to participate in INCIBE’s cybersecurity startup program “Cybesecurity Ventures” in 2017.
INCIBE is the National Institute of Cybersecurity of Spain (INCIBE) which, in collaboration with the Junta de Castilla y León, through the Institute for Business Competitiveness of Castilla y León (ICE), and the Leonese Institute for Development, Training and Employment (ILDEFE) launched the Cybersecurity Ventures International Acceleration Program for Cybersecurity Startups. The program has a duration of a year in which the participating projects must meet a number of activities.
What can you tell us about Dinoflux’s participation in the “Cybersecurity Ventures” program?
Each startup had 2 minutes to pitch their idea and how you were going to execute it as a business, there were experts from different companies in front that the people from INCIBE had hired, we went phase by phase with the highest valuation … That was very motivating. In addition to the fact that we were learning because during the program you are getting mentors who explain to you what approach you can give to your project, they help you define the price that is most appropriate, marketing strategies, how to scale as a company … the business part I evolved a lot thanks to the startup program… we were in contact with the main companies of the IBEX 35. It was almost like a master because we had courses from different areas of the legal part, human resources, strategy, and best of all is that we as master classes in which successful entrepreneurs came to teach the master class
Dinoflux and Telefonica
During the time that Dinoflux was participating in the INCIBE program, Jose Ramon and his team had contact with the Telefonica company, which had shown interest in Dinoflux. Although they had been approached by other companies, Telefonica was the one with the largest portfolio of clients in Spain, the United Kingdom, Germany, the United States and Latin America.
At that time Dinoflux had grown significantly therefore maintaining the servers was too expensive.
We had employed 15 maximum-capacity servers with 64 gigabytes of RAM… that was expensive to maintain and at the moment we had no clients, the first big client we could try to get was Telefonica
A few months before concluding its participation in the “Cybersecurity Ventures” program, Telefonica reiterated its interest in Dinoflux, which would be a great relief for Jose Ramon and his partners to have a client such as Telefonica, surprisingly the company approached not with the intention of becoming a client but to buy the startup.
A few months after Telefonica’s approach to Dinoflux, the program ended, of the almost 100 participants Dinoflux obtained second place, thus receiving a prize of EUR 24,000. Thanks to Dinoflux’s successful participation in this program, the Telefonica company reaffirmed its interest in acquiring Dinoflux.
Despite the high costs that Dinoflux generated for Jose Ramon the idea of selling was never contemplated, but finding himself in a somewhat complicated economic situation in which Dinoflux was self-financed, was becoming increasingly costly, market competition was growing and Dinoflux’s client portfolio was not yet so large (since being in talks and negotiations with Telefonica, among the conditions was not acquiring more clients until they had an agreement), the idea of selling was not so inadmissible in the end.
To have continued like this, it would have been a “suicide”… thanks to the second position in the INCIBE program we got some money and could pay for some of the things, but even so it was all very much to the limit. An incredible job had to be done because, if we did not win any position, Telefónica would also lose interest in us
After the approach by Telefonica in the spring of 2017 and after a year of various negotiations, the agreement was finally closed in July 2018 when Dinoflux was acquired to become part of the ElevenPaths portfolio of products and services. ElevenPaths is the Telefónica Group’s cybersecurity unit which combines startup innovation and the experience of a company that has been consolidated for years.
After the acquisition by Telefonica, Dinoflux was able to grow much more as a product, but also as a company since it currently works with better capabilities, which allows it to renew itself and adapt to the changes that may occur in the future.
Experiences as entrepeneur
During all the time that Jose Ramon worked as a freelancer and since Dinoflux was taking shape until reaching what it is today, he had to go through many economic challenges that never discouraged him or made him stop on his journey as an entrepreneur. If not, all of this led him to work even harder and educate himself on business to take his product to the next level. Before INCIBE and during the beginnings of Dinoflux, Jose Ramon participated in various entrepreneurship workshops in which, in a way, they helped him train and be prepared for what he would later experience in his year in the INCIBE program.
This matter of entrepreneurship had been calling my attention for many years, so I traveled almost every year to San Francisco, which is the birthplace of startups, everything is there… I used to go to an event that helped me a lot, the RSA Conference
Jose Ramon participated in events such as the Palo Alto Startup Weekend in which he learned innovative methodologies such as Lean Startup, very useful for the development of a product and which Jose Ramon and his partners applied a lot during the development of Dinoflux and which later they would also apply during the INCIBE program. Among other methodologies learned was the Bussines Model Canvas.
On the Canvas you draw who are key partners, key activities, value proposition, customer relationship, customer segment, key resources, distribution segment, cost structure and revenue stream and once these are identified, each certain period of time you update the information to get a clear idea of your business. For a startup that is starting, this topic is super critical. In Lean Startup, you make an assumption, for example “I think that companies in Spain need extra cybersecurity intelligence for their products, therefore, to get to them I am going to do these experiments”, so you are creating a product with what is known an MVP (minimum viable product) that is the minimum, the cheapest thing you have to do to fulfill that need. You are teaching this product to unfinished customers while they give you feedback, so if there is something they don’t like, you redo it or modify it… the idea is to pivot until you come up with a good idea that your customers validate
According to Jose Ramon, they relied heavily on these two methodologies to develop Dinoflux, which saved them a lot of money and at the same time benefited them when they arrived at the INCIBE cybersecurity program, since they participated in other events and workshops for startups. such as Lean Startup Madrid, Philippines Startup Weekend and the aforementioned RSA Conference and Palo Alto Startup Weekend. Even at some point it was thought to take Dinoflux to the entrepreneurship program carried out by Telefonica, the same company that acquired them years later, this in the end was not possible because the Telefonica program supported the development of companies in earlier stages and Dinoflux, being an already advanced product, no longer met the requirements requested by Telefonica.
An important part of his experience as an entrepreneur was working in the ideal place where he could take a break and relax from the stress that can come from starting a project by himself. Jose Ramon found this space in the Philippines, a place he always returned to restart and find the concentration necessary to continue.
It was one of the best things I could have done… I would have liked to live my whole life there, but for work reasons and because from 2017 it was a continuous negotiation process, at the end I had to return to Spain, but between 2015 and beginning of 2017, I can say that I was very happy
Jose Ramon is currently working remotely by contract as Vice-President of Threat Intelligence of Telefonica. This was arranged under his conditions as a “vesting contract” in which basically he is subjected to commit compulsory with three years in the company. Although right now Jose Ramon finds himself in very comfortable situation in terms of stability, he is hoping to keep doing what he likes the most “start a project” in which he can focus all his energy and passion, just like he did with Dinoflux.