Endpoint
12/21/2009
04:12 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Smartphone Security Startup Offers Free Beta

Product to mix lightweight mobile client with cloud-based security, backup, and anti-theft features

A new security startup officially launched today that plans to offer an Internet security suite for smartphones by blending a lightweight client and the cloud.

Lookout received $5.5 million in a Series A round of funding from Khosla Ventures, Trilogy Partnership, and angel investors, including Phil Paul, founder of Paul Capital Partners, Chris Sacca, former head of special initiatives at Google, and Joseph Ansanelli, former CEO and co-founder of Vontu.

"It's no longer about just the computer on your desk; there's a computer in your pocket," says John Hering, co-founder of Lookout, formerly Flexilis, a mobile and wireless security R&D firm. "And it comes with a host of security challenges. After spending a lot of time researching the problem, we decided to go ahead and develop the software to tackle it."

Lookout is currently beta-testing its first product, a consumer offering that uses both blacklisting and whitelisting approaches for malware protection and protection from malicious applications, firewall and IDS, data backup, and recovery and phone management, as well as a way for mobile users to locate and protect smartphones gone missing. Hering says it uses a combination of a lightweight client with a cloud-based service to eliminate performance and other issues that, for instance, drag down PCs.

"This software is cross-platform and is cloud-connected. It protects you from threats like malware, spyware, attacks, and hackers, and protects data itself because we back it up into a secure server," Hering says. "We also protect the device, including 'wiping' it if you can't recover it. And it's all wrapped up in a way that you can manage the device over the air from a Web application."

Lookout is currently offering a beta of the software via a free download for Windows Mobile, Android, iPhone, and BlackBerry. The company plans a full rollout in early 2010 for all platforms, followed by an enterprise version of the software in late 2010 or early 2011.

Security experts say Lookout has come up with a novel approach for locking down smartphones, which increasingly are becoming attractive targets for the bad guys.

"Mobile security isn't about putting old concepts on new devices. It's about rethinking the idea of security and what it means for mobile phones," says Robert Graham, CEO of Errata Security.

Graham says the big difference with Lookout's approach versus the mobile antivirus offerings from AV vendors is that it treats viruses differently and addresses more likely mobile threats. "For example, more people will lose their phones in the next year than will catch a virus. These guys have a solution to that problem -- AV companies don't," Graham says.

Lookout's Hering says his company's product doesn't take the traditional PC anti-malware approach. "Ours protects against the threats facing mobile devices," he says. But he expects to go head-to-head with the big AV vendors, like Symantec and McAfee, in this emerging smartphone security market.

As for whether consumers are ready to get serious about smartphone security yet, Hering says they're starting to realize these devices are basically computers. "Smartphones are mini PCs and need to be protected like your desktop is," he says. "Users are browsing the mobile Internet, downloading apps. Now they are downloading more on their phone than on their computers."

While most attacks on smartphones thus far have been proof-of-concepts or relatively harmless and not widespread, Hering says all that will soon change. The difference will be that smartphone attacks will begin at the applications, and then from the mobile Web, he says. "And of course we'll continue to have easily lost [devices]," he notes.

Lookout's enterprise product will have much of the same core security features and technologies, but with more management capabilities and advanced security policies and functions, he says. "Our focus is security, and we will likely interact closely with other mobile device management technologies," he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2086
Published: 2015-02-26
Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.

CVE-2015-2087
Published: 2015-02-26
Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.

CVE-2015-2088
Published: 2015-02-26
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVE-2015-2089
Published: 2015-02-26
Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (...

CVE-2015-2090
Published: 2015-02-26
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.