Securly’s Response to Lightspeed Systems’ Competitive Study

Today, Lightspeed Systems issued the results of an internal competitive study that positions Securly’s and another vendor’s products as inferior in enforcing CIPA compliance.

Our initial instinct was to not respond since it was apparent to us how the market generally reacted. Having said that, the amount of concern coming from our customer and prospect base compels us to issue a fact-based response of who Securly is and why we do what we do. I have organized my response into 3 distinct sections:

  • What is student safety, really? With the advent of 1:1 programs, does “CIPA Compliance” and “Student Safety” mean the same thing in the year 2018?
  • PageScan – The portion of our product that acts as the first line of defense for inappropriate websites.
  • The team behind PageScan and Securly. Why we feel qualified to build security products for K-12.

What is Student Safety?

Securly has taken the deliberate position that speaking about “Student Safety” and “CIPA compliance” in the same sentence would show us as a company that is out of touch with current events. Here is why.

In the last 15 years, the proliferation of the social web has moved bullying from the locker rooms to the screens of students’ devices. Additionally, students have become prone to declare their intent to self-harm online over other traditional media. To top it off, “school violence” no longer means a school-yard fight. Nearly a dozen school shootings scar the national conscience on a yearly basis.

Securly’s vision to equip schools in aspects of student safety that extend beyond CIPA compliance was initiated in 2014 when we released the first version of our bullying/self harm detection on social media platforms. In the year 2018 alone, we have released the following products that are designed to keep kids safe from violence, self-harm, and bullying:

  • A 24-hr monitoring service that has saved 38 lives in a limited Beta rollout to only a handful of districts in 2018.
  • A Tipline where humans work in concert with AI to reduce false positives.
  • The industry’s first parent portal apps for Android/iOS that allows parents customized visibility into their child’s online life on a school device and sets policies when those devices come home. This allows districts to bring parents in as partners in online safety. Actively used by 500K parents.
  • Self-harm and cyberbullying detection for Google Docs debuting Fall 2018 augments email protection currently offered by our Auditor product. (On the topic of CIPA compliance, the CIPA law calls for monitoring all electronic communication including email – not just web traffic).
  • A Plug n’ Play Hub that helps parents at home ensure that their kids stay safe online is our foray into consumer tech.

And there is more where that came from.

This video does a great job of summarizing how Securly’s mission of ubiquitous child safety translates into product strategy.

Having said that, we realize that Securly launched with a web filter whose primary obligation is to keep our 2000+ paying customers CIPA compliant. PageScan is our way of ensuring that this “baseline functionality” remains robust.

PageScan Overview

The internet has probably added thousands of sites between the time I typed out these words and the time you read them. The PageScan approach is premised on the fact that any static blacklist approach to blocking pornography is akin to playing a game of whack-a-mole. Blacklists will need to learn and adapt to new sites on a constant basis in order to remain effective.

PageScan is that blacklist.

And we hope that outlining in full transparency how it works will give customers and prospects confidence in our web filtering technology.

Here is what PageScan does:

  • When a Securly student goes to a website that is NOT in one of our blacklists, the website is let through the first time.
  • That website then goes through PageScan which dynamically categorizes the site as belonging to one of the following categories – pornography, gambling, games, and anonymous proxies.
  • The time between when a student browses a website and when it gets added to PageScan is 2 seconds.
  • Securly’s 5 Million enrolled Chromebooks continuously feed information into PageScan’s database and improve coverage for all Securly provisioned devices including Macbooks, iPads and PCs.

Here is what PageScan activity looks like (summer shows less activity than normal):

Screen Shot 2018-08-01 at 3.20.20 PM.png

PageScan uses a number of heuristics to classify sites dynamically:

  • The textual content of the website. Easy enough, but an appliance web filter will have trouble doing this in real time due to computational constraints.
  • For those pornographic sites that are light on text, PageScan uses skin-tone detection via deep-learning.
    • Examples of sites detected (NSFW): allsexgifs.tumblr.com, cartoonsex.name, atlct.tumblr.com
  • Over 1000 inappropriate keywords are routinely fed into the Bing search engine and the top 50 results for each keyword are then analyzed for sites we may be missing from our database.
  • When in doubt, PageScan consults a third party API (industry’s best in class classification engine).

In full disclosure, PageScan does have limitations:

  • Pornographic sites needing logins before they display their “product catalog” are not covered.
  • Classification is based on the top level domain and not the URL.
  • PageScan errs on the side of marking sites as clean. We realize that the price of miscategorization is high for web filters (lost instructional time).

Regarding the “32%” number from Lightspeed’s study, the vast majority of any missed sites should be classified by PageScan with 2 minutes of being provisioned by a Securly Chromebook.

The team that builds & sells our products

Here are our team’s key accomplishments:

  • Securly’s co-founders are enterprise security veterans with a combined 20+ years in network security, with experience as architects at companies like McAfee and Huawei-Symantec.
  • Our VP of Engineering built and ran McAfee’s botnet lab responsible for sourcing their signature database.
  • The engineer who built PageScan has a degree from the Indian Institute of Technology (IIT), one of the most prestigious technical institutions in the world.
  • Our Director of Engineering Operations is a Microsoft/Amazon alum in addition to also being an IIT graduate.
  • Our VP of Sales has spent 17 years selling web filtering to K-12 schools and was the founder of CIPAFilter.
  • Our Director of Student Safety is an award-winning former principal who took his school from an 85% graduation rate to over 97%.
  • Our VP of Consumer Sales and Marketing scaled Bain & Company’s strategy consulting practice in LA from 5 to north of 100 team members.
  • Our VP of Account Management was responsible for a $60M P&L for one of the worlds best known EdTech curriculum companies.

We hope this clears up any misunderstandings or misinterpretations.

Bharath Madhusudan
Co-founder, CRO
Securly, Inc.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s