Over the past year, Indian Small and Medium Businesses (SMBs) have faced an unprecedented wave of impulsive and opportunistic cyber attacks, driven by the nation’s rapid yet uneven digital transformation. As of 2025, nearly 74% of Indian SMEs reported experiencing at least one cyber incident, with many falling victim to automated, high-volume threats like phishing (34%) and ransomware (35%).

Unlike targeted corporate espionage, these “impulsive” attacks exploit low-hanging fruit: unsecured cloud configurations, weak employee credentials, and a lack of formal security policies. With 73% of organizations often unaware they have even been breached, the financial fallout is devastating. Many SMBs, particularly in Tier 2 and 3 cities, struggle to recover, highlighting a critical need for basic cyber hygiene in India’s backbone industry.

Based in Mumbai, SafeSquid is a specialized cybersecurity company known for its high-performance Secure Web Gateway (SWG). It provides advanced content filtering, malware defense, and granular internet access controls for global enterprises. Manish Kochar, Director at SafeSquid Labs, speaks on the way SMB organizations need to rethink cybersecurity.

Q1. SafeSquid’s architecture is built on a multi-threaded web proxy for Zero-Trust security. In practical terms, how does this inherent architectural difference provide superior defense against sophisticated zero-day web attacks and ransomware compared to legacy perimeter security solutions?

Web-based zero-day threats camouflage as legitimate web traffic. As a result, Zero-Trust Web Security requires continuous, multi-dimensional Layer-7 inspection, not just URL classification. Every DNS, TLS, and HTTP transaction must be inspected end-to-end—protocol metadata and payload—combining identity, device, and client application context, content and file traits, DOM/script behavior, request sequencing and timing, and policy intent, then correlating signals across sessions and destinations.

Legacy perimeter stacks typically achieve depth by chaining security middleware in a multi-process pipeline (proxy → scanners → DLP → loggers → engines). Each hop introduces queueing, context rehydration, IPC overhead, and repeated parsing/copying, which compounds into latency. In practice, teams often reduce inspection depth or disable expensive checks to protect user experience—creating blind spots that zero-days and ransomware rely on.

SafeSquid’s multi-threaded proxy takes a different approach: it runs a shared-memory, in-stream processing pipeline where multiple specialized “software processors” execute in parallel on the same transaction context. Malware inspection, homograph detection, MIME/file analysis, script/WASM heuristics, DLP classifiers, reputation scoring, and correlation engines operate as cooperating thread sets with zero-copy handoff and in-memory feature sharing, rather than cross-process handoffs. In addition, high-value signals across thousands of concurrent connections—redirect chains, host/subdomain cardinality, file fingerprints, behavior sequences, policy decisions—are recorded, cached, and reused in the same shared memory, enabling correlation without reprocessing overhead. 

This architecture enables deeper inspection without turning depth into latency, and it allows SafeSquid to aggregate “on-the-wire” learnings across large traffic volumes and apply the resulting intelligence immediately across concurrent sessions—closing the timing gap that sophisticated ransomware delivery chains exploit. Thus, while traditional security technologies struggle to even detect cross-site traffic, SafeSquid can even neutralize threats like XSS and trackers very easily, without disturbing the user experience.

Q2. Data Leakage Prevention (DLP) is crucial for SMBs managing proprietary information. How does SafeSquid’s “Security Correlation Engine” move beyond basic URL or keyword filtering to contextually analyze and prevent the egress of sensitive business data over sanctioned web applications?

Until recently, perimeter “DLP” often meant blunt controls—block uploads of certain file extensions or block entire categories of sites. However, in modern enterprise workflows, proprietary data legitimately moves through sanctioned web apps (M365, Google Workspace, CRM, ticketing, file-sharing). So, the real control question is not “is the site allowed?” but who can send what, to where, how, and under what business context.

SafeSquid’s DLP Engine enforces granular, contextual pathways for content exchange, including application awareness, action semantics (upload vs share vs pastes vs API post; interactive vs background), with the destination intent (tenant, repository, folder/channel, or sanctioned workflow) before allowing or blocking an egress action. 

Furthermore, SafeSquid’s Content Intelligence goes well beyond signature-based detection. A true file-type neuron validates real file structure (magic bytes / MIME/container format) to catch file spoofing, a common technique used by mischievous insiders. Extraction layers unpack archives and embedded objects and analyse images inside documents. Image pipelines apply Machine Learning & OCR techniques to detect and mask confidential/PII content inside images in-transit.

For highly confidential datasets, SafeSquid supports a customer-controlled training and validation path inside the customer’s environment, keeping raw training data inaccessible to the vendor, while the resulting classifier runs inline at the gateway with full correlation context—preventing exfiltration over sanctioned apps without disrupting legitimate business workflows.

Q3. Given the complexity of Web 2.0 applications and HTTPS traffic, where traditional security often struggles, how does SafeSquid ensure high-performance, non-intrusive SSL/TLS inspection while maintaining the deep content security necessary to detect embedded threats?

“Non-intrusive” is an antithetical term for TLS inspection. Deep web security requires full, policy-governed TLS decryption and re-encryption, plus anomaly detection in the handshake and in the payload.

An HTTP transaction minimally requires DNS resolution, TCP handshake, and additionally requires an encrypted handshake if it is HTTPS. For elementary security, URL categorization is mandatory. Traditional security generally has to perform the entire processing stack for each connection and essentially depends on caching responses from remote web servers to reduce latency. With the rise of Web 2.0, most web server responses are dynamic, and the benefit of caching them is negligible. SafeSquid’s neural network parallelly executes the processing stack and uses shared memory to cache the outcome, besides an idling pool of connections, maximizing reuse and resumption across thousands of connections. The neural network thus drastically abbreviates the processing overheads and promises substantially lower latency than traditional technologies.

Unlike traditional security that depends on multi-process pipelines of independently functioning security processors, SafeSquid loads all security processors in the same shared memory that also handles the actual data exchange on the wire, aiding the machine learning of each neural node, and reusing the outcome instantly across all connections.

Net effect: full HTTPS inspection stays practical at scale. Deep content controls still run—file/MIME validation, embedded object extraction, script/WASM heuristics, and correlation-driven decisions—without weakening inspection depth to protect user experience.

The multithreaded architecture also makes SafeSquid SMP aware, so it can optimally use all the CPU cores available. The enhancements in the Linux kernel now offer improved RSS/RPS capabilities. SafeSquid makes full use of that to improve throughput and optimize resource utilization.

Q4. SafeSquid emphasizes enforcing “secure operating practices.” For an SMB or mid-market company with limited IT staff, what is the most actionable, real-time intelligence the embedded WebUI and logging system provide to help them immediately identify deviations from policy and mitigate insider cyber-slacking risks?

Secure operating practices are never one-size-fits-all. They depend on business role, risk appetite, and what “productive web use” means for that organization. The goal is consistent: draw a clear line between business facilitation and detrimental usage, then enforce it with minimum operational load.

SafeSquid’s embedded WebUI makes that practical for lean IT teams by turning policy into something readable and auditable. Policies are rendered in plain, explicit terms so an administrator can quickly understand what is allowed, what is restricted, and why a decision was made. The dashboard provides a near real-time view of traffic health and user-impacting anomalies—DNS failures, repeated blocks, handshake errors, upstream reachability issues, and outage symptoms—so a misconfiguration or a policy drift shows up immediately, not after a ticket storm.

For insider deviation and cyber-slacking, the most actionable signal is behavioral deviation from expected policy intent, not raw log volume. SafeSquid surfaces who is triggering exceptions, which categories/apps are consuming time and bandwidth, and which actions are policy-sensitive (uploads, bypass attempts, repeated denials, risky destinations, unusual spikes, new domains). 

When deeper triage is needed, SafeSquid’s Remote Debugging allows an admin to reproduce and explain a policy anomaly directly from an end-user desktop view—without installing extra tools or spending time inside the console. The logging layer remains the forensic backbone: it preserves the full decision trail (user, device, app, URL/object, policy matched, and action taken), so the same dataset supports immediate intervention and later audit.

Q5. With the shift to cloud and remote work, many organizations are adopting Secure Access Service Edge (SASE) frameworks. How is SafeSquid’s In-Cloud Secure Web Gateway solution positioned to integrate with, or function as a foundational component of, a modern SASE strategy for decentralized enterprises?

Cloud and remote work accelerate SASE adoption, but they are rarely the root driver. The bigger driver is economics and operational resilience. Traffic volumes keep rising, deep inspection needs more compute, and on-prem hardware failure becomes an outage event. For decentralized enterprises and small offices, the TCO and failure-domain risk is hard to justify.

SafeSquid’s In-Cloud Secure Web Gateway fits SASE as a foundational security enforcement point for web traffic. Since 2004, SafeSquid has remained free to download and deploy, and the packaging has matured to support ISO images and cloud-init. This not only makes lift-and-shift straightforward: deployments can move from on-prem to off-prem, but also a hybrid deployment without changing how policies are authored or managed. The management WebUI, policy constructs, and enforcement semantics remain consistent across form factors, so the security posture does not get re-designed every time the hosting model changes.

In a SASE stack, SafeSquid is deliberately modular. It integrates cleanly as the SWG layer while leaving the enterprise free to choose or replace adjacent layers—SD-WAN/SDN, ZTNA, CASB, RBI, DLP, and identity—without lock-in. That flexibility is the strategic fit for decentralized environments: place inspection close to users (cloud PoPs, regional VPCs, private clouds), keep policy and operations stable, and evolve the rest of the SASE layers at will.

Q6. As a core technology developed by Office Efficiencies (India), SafeSquid has already secured over 20 million users. What is the company’s specific geographical expansion strategy for the next 18 to 24 months, and is the focus on deepening penetration in the SMB market or actively pursuing larger global enterprise accounts?

Responding to the call for building India’s cybersecurity sovereignty is our topmost priority. Having been in the cybersecurity space, we fully appreciate the need and understand the urgency. We are now collaborating with other Make-In-India OEMs to prevent suppression of threat intelligence, particularly malware. We believe this is extremely crucial to protect sensitive establishments that may fail to detect threats if the feed providers were regulated and subservient to non-Indian government bodies. We have already witnessed the disasters because the security vendor was prevented from releasing necessary malware signatures.

Since its maiden release, distributing SafeSquid as a download-and-deploy technology enabled the use of standard off-the-shelf server platforms. In 2014, we optimized the standard distribution of generic Debian Linux as a software-defined appliance to deploy SafeSquid-based secure web gateways. Recently, we added components for quick deployment on any cloud PaaS like Google, AWS, Azure, Digital Ocean, etc. We have always maintained a user experience to be as simple as possible, that unnecessitated tedious training programs, enabling security administrators with minimal technical expertise to set up and manage their deployments. This strategy is paying richer dividends today because we can partnerwith  System Integrators in the large numbers required to meet our GoI delivery goals.

We are now testing PCSWG – a Private Cloud Secure Web Gateway as a distribution form factor. This would enable agencies such as NIC, C-DAC, and CERT-IN to deploy highly scalable and yet dedicated Layer-7 perimeter security nodes for various GoI establishments, and even PSEs. 

We expect PCSWG to enable various system integrators and managed security service providers to also serve smaller organizations, including SMBs and larger distributed enterprises, by rolling out highly scalable, easily manageable SWG / SASE solutions. Leveraging our open-architecture, the delivery partners can also offer customization that you would simply never expect from any other cloud-based security solutions.

Thus, over the next 18-24 months, we should be able to make a significant contribution to not only India’s cyber security independence, reduce foreign exchange outflow, and reducethe financial burden of cyber security on SMBs. Since we have always ensured our technology is globally competitive and accessible, we expect increased adoption in other geographical markets.