6 Security Companies to Watch
This group of security companies includes several that want to capitalize on technology ideas that were originally devised to serve communities of special interest but could now take on a wider cybersecurity role. Fixmo, for example, has its roots in the National Security Agency where its mobile security makes it possible to run critical applications in sandboxes that are insulated from the rest of the machine, making them less likely to fall victim to malware that might have infected the device.
MORE ON SECURITY: A quick look: The Megaupload Kim Dotcom hullabaloo
Or Emerging Threats Pro, which started off as an open source intrusion detection project that needed better-quality assurance to make the leap to widespread use in businesses and as an element of other security products.
And as is often the case with young companies, they form around individuals whose creative spark and energy bring new products to life. Sticking with Emerging Threats Pro, its founder, Matt Jonkman, is also president of the Open Information Security Foundation (OISF), which is working on the Suricata intrusion detection engine on which the commercial venture is based.
Also in this crop of companies to watch, Kenneth Weiss, the daddy of two-factor SecurID authentication, is hoping to make another winner with Universal Secure Registry's three-plus factor authentication. And Matthew and Prince Lee Holloway, both alumni of open source anti-spam Project Honeypot, are continuing their efforts to block junk Internet traffic with their content delivery network, CloudFlare.
Cisco Fellow Patrick Peterson is behind Agari, an email security company based on work Peterson started at IronPort before Cisco bought it. Still a Cisco fellow, he spends most of his time on the new venture.
Here are brief descriptions of a half-dozen security companies to watch, what they can do for enterprises and why they are worth keeping an eye on.
Headquarters: Palo Alto, Calif.
Founded: 2009, as Authentication Networks
Funding: $2.5 million Series A funding from Alloy Ventures with participation from Battery Ventures, First Round Capital and Greylock Partners
Leader: Cisco Fellow Patrick Peterson
Fun fact: The idea for Agari came out of research being done by IronPort when Cisco bought the company. Also, Agari means "to win" in Japanese.
Why we're following it: This email security service will block fake emails, a valuable means for cutting down on successful phishing attacks, but the company gets a leg up because it has support for its portal from AOL, Google, Microsoft and Yahoo, which will be put in place for their customers. Millions of customers will be using it without knowing it.
Key to the service is its accuracy in nailing malicious email without blocking legitimate messages, which company founder Patrick Peterson estimates at one false positive per million blocked messages.
The service can block emails being spoofed under the domain names of legitimate businesses, but also notifies businesses when their domain names are being hijacked to send phishing messages and emails with malicious attachments.
It's worthy of note because it plans to develop support for enterprise-grade email platforms such as Microsoft Exchange. And the company is working to expand support for its filtering to ISPs and telecom carriers in Europe to block the source of more malicious emails.
Success relies on cooperation of major service providers, and Agari has secured that broadly in the U.S. and is seeking it out in other regions. It is also being offered to the financial services industry via the financial services information sharing and analysis center (FS-ISAC), and the Financial Services Roundtable. Information about URLs that are sending illegitimate emails can be sent to takedown services, making a contribution to cleaning up the Internet in general.
Given its leadership, current industry support, road map and financial backing, Agari can be looked to as a means to help better control email-borne threats.
Headquarters: San Francisco
Funding: $22.1 million from New Enterprise Associates, Pelion Venture Partners and Venrock
Leaders: Its three founders are CEO Matthew Prince and Lead Engineer Lee Holloway (both veterans of Project Honeypot), and Customer Experience executive Michelle Zatlyn.
Fun fact: The company started as a Harvard Business School project, and when its founders graduated they moved via U-Haul cross-country to San Francisco.
Why we're following it: There are lots of content-delivery networks, but this one offers a significant number of services free, weeding out bad traffic to websites, mitigating DDoS attacks and in the process cutting load times, on average, in half.
Preparation to use the service requires a simple change to customers' DNS settings to direct traffic through CloudFlare's network. No hardware, no software.
The company stores customers' static Web page content in its 13 nodes worldwide so it's closer to requesters and lowers latency. The service can store a limited version of Web pages that it can continue to serve from CloudFlare nodes should a customer's Web servers fail.
The company claims its filtering of bad requests can reduce the amount of traffic Web servers handle by 65%, making better use of Internet bandwidth.
Part of what's attractive about CloudFlare is that the founders come at CDN after it has already been well defined as a service network category, but they have the luxury of starting fresh with hardware and custom software that optimizes what they want to do.
Toss in that the founders have a demonstrated passion for eliminating spam and improving Web performance as shown by their participation in Project Honeypot, which tracks the IP addresses used to harvest email addresses that are then spammed. And they've managed to attract the attention of respected venture firms who have contributed more than $20 million.
Given all that, it's worth keeping an eye on CloudFlare to see what it comes up with in its planned enterprise version that was supposed to launch at the end of last quarter, but didn't. Nevertheless, when it does appear, it will be worth a look.
Headquarters: Cambridge, Mass.
Funding: Fairhaven Capital, amount undisclosed
Leader: CEO John Bruce
Fun fact: The actual founder is shrouded in mystery, partly because he still works for a firm that had a need for the type of service CO3 offers due to repeated breaches, and he doesn't want to bring all that up again publicly. The company name is based on its three goals, all of which start with the letters "C-O": contain, control and comply.
Why we're following it: CO3 fills an ever-increasing need: how to respond quickly to all the legal reporting requirements that come into play after a business suffers a data loss.
The company offers software as a service that generates an action list of what businesses have to do to meet those requirements, drawing on its constantly updated database of what 46 states, three commonwealths and 14 federal agencies demand.
When customers suffer losses, they enter the nature of the breach into the service's Web portal, and the portal produces a list of what agencies need to be notified, how soon and the penalties if the deadlines aren't met. It also details how to contact the pertinent parties and the actual language of legislation and regulations that apply.
The alternative is to manually piece together the same information and map it to a spreadsheet, something that CO3 says is virtually impossible to do while also hitting all the deadlines; there just isn't enough time.
Given the trauma of having to make a public disclosure about a data loss, this service can get organizations quickly on track to do the requisite reporting, meeting their obligations and avoiding fines.
Breaches became commonplace and high-profile in 2011, and they are now viewed more as inevitabilities than they are as something that can be avoided. CO3 offers a service that could help businesses do the right thing in the eyes of the law. It bears watching to see what customers who fall victim and wind up having to use the service have to say about it.