Endpoint
12/21/2009
04:12 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Smartphone Security Startup Offers Free Beta

Product to mix lightweight mobile client with cloud-based security, backup, and anti-theft features

A new security startup officially launched today that plans to offer an Internet security suite for smartphones by blending a lightweight client and the cloud.

Lookout received $5.5 million in a Series A round of funding from Khosla Ventures, Trilogy Partnership, and angel investors, including Phil Paul, founder of Paul Capital Partners, Chris Sacca, former head of special initiatives at Google, and Joseph Ansanelli, former CEO and co-founder of Vontu.

"It's no longer about just the computer on your desk; there's a computer in your pocket," says John Hering, co-founder of Lookout, formerly Flexilis, a mobile and wireless security R&D firm. "And it comes with a host of security challenges. After spending a lot of time researching the problem, we decided to go ahead and develop the software to tackle it."

Lookout is currently beta-testing its first product, a consumer offering that uses both blacklisting and whitelisting approaches for malware protection and protection from malicious applications, firewall and IDS, data backup, and recovery and phone management, as well as a way for mobile users to locate and protect smartphones gone missing. Hering says it uses a combination of a lightweight client with a cloud-based service to eliminate performance and other issues that, for instance, drag down PCs.

"This software is cross-platform and is cloud-connected. It protects you from threats like malware, spyware, attacks, and hackers, and protects data itself because we back it up into a secure server," Hering says. "We also protect the device, including 'wiping' it if you can't recover it. And it's all wrapped up in a way that you can manage the device over the air from a Web application."

Lookout is currently offering a beta of the software via a free download for Windows Mobile, Android, iPhone, and BlackBerry. The company plans a full rollout in early 2010 for all platforms, followed by an enterprise version of the software in late 2010 or early 2011.

Security experts say Lookout has come up with a novel approach for locking down smartphones, which increasingly are becoming attractive targets for the bad guys.

"Mobile security isn't about putting old concepts on new devices. It's about rethinking the idea of security and what it means for mobile phones," says Robert Graham, CEO of Errata Security.

Graham says the big difference with Lookout's approach versus the mobile antivirus offerings from AV vendors is that it treats viruses differently and addresses more likely mobile threats. "For example, more people will lose their phones in the next year than will catch a virus. These guys have a solution to that problem -- AV companies don't," Graham says.

Lookout's Hering says his company's product doesn't take the traditional PC anti-malware approach. "Ours protects against the threats facing mobile devices," he says. But he expects to go head-to-head with the big AV vendors, like Symantec and McAfee, in this emerging smartphone security market.

As for whether consumers are ready to get serious about smartphone security yet, Hering says they're starting to realize these devices are basically computers. "Smartphones are mini PCs and need to be protected like your desktop is," he says. "Users are browsing the mobile Internet, downloading apps. Now they are downloading more on their phone than on their computers."

While most attacks on smartphones thus far have been proof-of-concepts or relatively harmless and not widespread, Hering says all that will soon change. The difference will be that smartphone attacks will begin at the applications, and then from the mobile Web, he says. "And of course we'll continue to have easily lost [devices]," he notes.

Lookout's enterprise product will have much of the same core security features and technologies, but with more management capabilities and advanced security policies and functions, he says. "Our focus is security, and we will likely interact closely with other mobile device management technologies," he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3594
Published: 2014-08-22
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.