04:12 PM
Connect Directly

Smartphone Security Startup Offers Free Beta

Product to mix lightweight mobile client with cloud-based security, backup, and anti-theft features

A new security startup officially launched today that plans to offer an Internet security suite for smartphones by blending a lightweight client and the cloud.

Lookout received $5.5 million in a Series A round of funding from Khosla Ventures, Trilogy Partnership, and angel investors, including Phil Paul, founder of Paul Capital Partners, Chris Sacca, former head of special initiatives at Google, and Joseph Ansanelli, former CEO and co-founder of Vontu.

"It's no longer about just the computer on your desk; there's a computer in your pocket," says John Hering, co-founder of Lookout, formerly Flexilis, a mobile and wireless security R&D firm. "And it comes with a host of security challenges. After spending a lot of time researching the problem, we decided to go ahead and develop the software to tackle it."

Lookout is currently beta-testing its first product, a consumer offering that uses both blacklisting and whitelisting approaches for malware protection and protection from malicious applications, firewall and IDS, data backup, and recovery and phone management, as well as a way for mobile users to locate and protect smartphones gone missing. Hering says it uses a combination of a lightweight client with a cloud-based service to eliminate performance and other issues that, for instance, drag down PCs.

"This software is cross-platform and is cloud-connected. It protects you from threats like malware, spyware, attacks, and hackers, and protects data itself because we back it up into a secure server," Hering says. "We also protect the device, including 'wiping' it if you can't recover it. And it's all wrapped up in a way that you can manage the device over the air from a Web application."

Lookout is currently offering a beta of the software via a free download for Windows Mobile, Android, iPhone, and BlackBerry. The company plans a full rollout in early 2010 for all platforms, followed by an enterprise version of the software in late 2010 or early 2011.

Security experts say Lookout has come up with a novel approach for locking down smartphones, which increasingly are becoming attractive targets for the bad guys.

"Mobile security isn't about putting old concepts on new devices. It's about rethinking the idea of security and what it means for mobile phones," says Robert Graham, CEO of Errata Security.

Graham says the big difference with Lookout's approach versus the mobile antivirus offerings from AV vendors is that it treats viruses differently and addresses more likely mobile threats. "For example, more people will lose their phones in the next year than will catch a virus. These guys have a solution to that problem -- AV companies don't," Graham says.

Lookout's Hering says his company's product doesn't take the traditional PC anti-malware approach. "Ours protects against the threats facing mobile devices," he says. But he expects to go head-to-head with the big AV vendors, like Symantec and McAfee, in this emerging smartphone security market.

As for whether consumers are ready to get serious about smartphone security yet, Hering says they're starting to realize these devices are basically computers. "Smartphones are mini PCs and need to be protected like your desktop is," he says. "Users are browsing the mobile Internet, downloading apps. Now they are downloading more on their phone than on their computers."

While most attacks on smartphones thus far have been proof-of-concepts or relatively harmless and not widespread, Hering says all that will soon change. The difference will be that smartphone attacks will begin at the applications, and then from the mobile Web, he says. "And of course we'll continue to have easily lost [devices]," he notes.

Lookout's enterprise product will have much of the same core security features and technologies, but with more management capabilities and advanced security policies and functions, he says. "Our focus is security, and we will likely interact closely with other mobile device management technologies," he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: 2014-10-21
Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.