Endpoint
12/21/2009
04:12 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Smartphone Security Startup Offers Free Beta

Product to mix lightweight mobile client with cloud-based security, backup, and anti-theft features

A new security startup officially launched today that plans to offer an Internet security suite for smartphones by blending a lightweight client and the cloud.

Lookout received $5.5 million in a Series A round of funding from Khosla Ventures, Trilogy Partnership, and angel investors, including Phil Paul, founder of Paul Capital Partners, Chris Sacca, former head of special initiatives at Google, and Joseph Ansanelli, former CEO and co-founder of Vontu.

"It's no longer about just the computer on your desk; there's a computer in your pocket," says John Hering, co-founder of Lookout, formerly Flexilis, a mobile and wireless security R&D firm. "And it comes with a host of security challenges. After spending a lot of time researching the problem, we decided to go ahead and develop the software to tackle it."

Lookout is currently beta-testing its first product, a consumer offering that uses both blacklisting and whitelisting approaches for malware protection and protection from malicious applications, firewall and IDS, data backup, and recovery and phone management, as well as a way for mobile users to locate and protect smartphones gone missing. Hering says it uses a combination of a lightweight client with a cloud-based service to eliminate performance and other issues that, for instance, drag down PCs.

"This software is cross-platform and is cloud-connected. It protects you from threats like malware, spyware, attacks, and hackers, and protects data itself because we back it up into a secure server," Hering says. "We also protect the device, including 'wiping' it if you can't recover it. And it's all wrapped up in a way that you can manage the device over the air from a Web application."

Lookout is currently offering a beta of the software via a free download for Windows Mobile, Android, iPhone, and BlackBerry. The company plans a full rollout in early 2010 for all platforms, followed by an enterprise version of the software in late 2010 or early 2011.

Security experts say Lookout has come up with a novel approach for locking down smartphones, which increasingly are becoming attractive targets for the bad guys.

"Mobile security isn't about putting old concepts on new devices. It's about rethinking the idea of security and what it means for mobile phones," says Robert Graham, CEO of Errata Security.

Graham says the big difference with Lookout's approach versus the mobile antivirus offerings from AV vendors is that it treats viruses differently and addresses more likely mobile threats. "For example, more people will lose their phones in the next year than will catch a virus. These guys have a solution to that problem -- AV companies don't," Graham says.

Lookout's Hering says his company's product doesn't take the traditional PC anti-malware approach. "Ours protects against the threats facing mobile devices," he says. But he expects to go head-to-head with the big AV vendors, like Symantec and McAfee, in this emerging smartphone security market.

As for whether consumers are ready to get serious about smartphone security yet, Hering says they're starting to realize these devices are basically computers. "Smartphones are mini PCs and need to be protected like your desktop is," he says. "Users are browsing the mobile Internet, downloading apps. Now they are downloading more on their phone than on their computers."

While most attacks on smartphones thus far have been proof-of-concepts or relatively harmless and not widespread, Hering says all that will soon change. The difference will be that smartphone attacks will begin at the applications, and then from the mobile Web, he says. "And of course we'll continue to have easily lost [devices]," he notes.

Lookout's enterprise product will have much of the same core security features and technologies, but with more management capabilities and advanced security policies and functions, he says. "Our focus is security, and we will likely interact closely with other mobile device management technologies," he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant