Emerging Threats Pro
Headquarters: Lafayette, Ind.
Funding: Private Leader: CEO Matt Jonkman, also president of the Open Information Security Foundation (OISF)
Fun fact: Suricata, the IDS engine developed via OISF and that underlies Emerging Threats, is funded by the Department of Homeland Security.
Why we're following it: Intrusion detection is a must-have in any layered network defense, and Emerging Threats Pro is weaving its way into the fabric of open source intrusion detection software, with the company's CEO Matt Jonkman as the driving force.
The IDS is based on the open source Suricata engine. The open source ruleset that goes along with Suricata comes from the Emerging Threats project. That is different from Emerging Threats Pro, which is a commercial enterprise set up to apply quality assurance to the Emerging Threats ruleset so it is more likely to find its way into commercial products. Jonkman says an open source community alone could not afford the equipment needed to do top-notch QA.
That sounds a lot like the relationship between the Snort IDS engine and Sourcefire, and it is. But Emerging Threats Pro touts its multi-threading support that effectively boosts the potential line speed of IDSs that use it. And the Emerging Threats rules are compatible with the Snort IDS engine, so they can be used to augment Snort as well as other IDS rulesets that incorporate Snort.
The company has a number of partners including Bridgeway Security, Critical Intelligence, Digital Pathways, Kaspersky Labs and Nitro Security, among others, which use Emerging Threats in various ways. Kaspersky, for instance, partners with Emerging Threats Pro to help expand its ruleset based on new malware it detects in its labs. It also uses the ruleset for its internal research.
Given its potential to work its way into a variety of commercial security platforms and its open source community that provides quick responses to new threats, Emerging Threats Pro is a company to watch.
Headquarters: Sterling, Va., and Toronto
Funding: $29.5 in Series B and C funding in 2011 from Extreme Venture Partners, Horizons Ventures, iNovia Capital, Kleiner Perkins Caufield Byers, Panorama Capital and Rho Ventures Canada
Leader: CEO and founder Rick Segal |Fun fact: Core Fixmo technology was developed by the National Security Agency.
Why we're following it: As mobile devices increasingly make their way into corporate networks, it becomes more important to make sure they comply with security policies and stay that way.
Fixmo addresses this concern with software that continuously monitors mobile gear so it remains in authorized, trusted states, helping to prevent data loss and other security breaches. It also sets down audit trails to prove that devices maintained trusted state in order to satisfy regulators.
Perhaps more important, Fixmo addresses the problem of bring your own device: How does a business allow employees to access corporate resources via their personal device (smartphone, tablet, etc.) without exposing those resources to the dangers inherent in unrestricted private use of the device? An employee hitting websites in the absence of URL filtering and downloading unvetted apps could compromise the gear and therefore valuable company information. Or a compromised device could be used as a means to compromise the network to which the device connects.
Fixmo can partition these devices and create a secure sandbox in which corporate data is handled, ensuring that data can't be accessed by the rest of the machine, blocking it from potentially being compromised. The products are already being used by the Department of Defense to secure Android devices.
With these solid credentials and an infusion of $29.5 million last year, the company should have noteworthy expansion and enhancements soon.
Universal Secure Registry
Headquarters: Newton, Mass.
Leader: Founder is Kenneth Weiss
Fun fact: Weiss is the creator of what is now the RSA SecurID two-factor authentication token.
Why we're following it: You can't have enough factors in multi-factor authentication, and Universal Security Registry is boosting the number to three-plus.
Kenneth Weiss, the founder of Universal Secure Registry, brings an impressive credential to the venture: He is the father of the two-factor authentication tokens known as SecurID.
With USR, he's upping his game with an additional biometric authentication factor that would be used to support electronic wallets. With the technology that he calls three-plus factor authentication, critical data used in transactions aren't stored on the phones. Rather, the multi-tiered authentication enables a connection to a server that stores customer data such as credit card numbers. That data is transmitted via a secure channel to a point-of-sale device.
Using the system, customers in the checkout line punch in passwords (something they know) followed by a randomly generated number from their phone (something they have) followed by reciting a phrase into the phone to create a voiceprint (something they are). If all three line up, customer data is sent to the point-of-sale device including a photo of the customer for the clerk to verify against the person standing there with the phone (that's the "plus").
The Universal Secure Registry could just as well be used for network logins. The constantly changing PIN generation is based on SecurID patents that are now in the public domain.
With the wide interest in digital wallets and Universal Secure Registry's goal of licensing the technology to others, it has the chance to become a widespread authentication tool that could give SecurID a run for its money.
The company is privately funded and has competition against some formidably well-heeled adversaries including Google, Visa, AT&T, Verizon and T-Mobile, the latter three of which are teaming up on a scheme called Isis.
Read more about wide area network in Network World's Wide Area Network section.
This story, "6 Security Companies to Watch" was originally published by Network World.