Slide Show: 10 Security-Service Startups To Remember In 2012
With the security services market growing by more than 23 percent per year, it's no wonder that 2012 had its share of startup launches and young companies taking off
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc94608acf452fd67/655cf371ab171e040a838b2a/329050_DR23_Graphics_Website_V5_Default_Image_v1.png?width=700&auto=webp&quality=80&disable=upscale)
The interaction between two strong business trends -- security services and cloud services -- made 2012 a strong year for startups combining aspects of both industries. Companies offering cloud security services were expected to accumulate $1.9 billion in revenue this year, a figure that is expected to grow to $4.2 billion in 2016, according to business-analysis firm Gartner.
Using cloud security gateways to manage identity and mobile users, as well as threat analysis services, were among the strongest trends this year, says Lawrence Pingree, research director at Gartner. Companies such as PwnedList and WWPass focused on protecting identity, albeit in different ways, while CrowdStrike, Lastline, and SecurityStarfish focused on threat intelligence and gaining information on attackers. Such services -- security information and event management (SIEM) and security intelligence engines -- top the list of services that companies plan to adopt in the next 24 months, Pingree says.
A number of companies that were focused on the same trends didn't make this list, because they did not qualify as startups, did not announce services, or were focused strictly on consumers. Six-year-old OpenDNS, for example, launched its Umbrella service to help secure nomadic workers, while secretive BlueBox plans to unveil its own service -- likely next year -- to help companies lock down mobile devices. And Jumpshot, a service funded through Kickstarter and started by two security researchers, aims to simplify IT for consumers.
Another area to watch: Cloud-service brokerages. In the near future, cloud-service gateways will become a key way that CIOs can manage their company's use of cloud services, reigning in the shadow information-technology that undermines companies' security, says Pingree.
"Business groups are swiping their credit cards and going around IT, and they represent risk to the organization," he says. "Anything that helps the CIO gain visibility into that ... companies are looking at."
Startup Allgress came out of stealth mode in February 2012, announcing its Business Risk Intelligence 4.0 software for managing and extracting information from a company's security program. While the product is designed to run on-premise, it can also be configured as a cloud service. Allgress aims to help security managers identify risk issues, and then present them to company executives.
In 2010, Pravin Kothari founded CipherCloud, a company that uses a gateway architecture to secure data, not just in cloud storage, but in a variety of cloud applications. In September, the company announced AnyApp, an appliance that allows companies to secure data in any cloud service that they use. With data security and privacy topping companies' concerns in the cloud, CipherCloud has had little problem growing to more than 100 employees and securing $30 million in its latest round of funding.
CrowdStrike's recipe for success: Take a group of top-notch security professionals with a controversial goal -- to make defense more offensive -- and then, while widely discussing the issue, refuse to talk about your actual tactics. Former McAfee security stars George Kurtz and Dmitri Alperovitch founded the consultancy and service startup, which ironically has not exited "stealth" mode, and hired Shawn Henry from the FBI to head up their federal services practice.
The brainchild of three security researchers -- Engin Kirda of Northeastern University and Christopher Kruegel and Giovanni Vigna of the University of California at Santa Barbara -- Lastline uses automated analysis of malware to gather intelligence on threats to improve corporate defenses. The researchers have a number of systems for sussing out information on botnets to their credit, including Anubis, Disclosure, and Wepawet.
In 2011, PwnedList started as a project to collect compromised account information posted online by data thieves and then alert customers of their leaked account information. This year, the group behind the project launched the company aimed at gathering intelligence on breaches and notifying customers. With a parade of data breaches -- from Stratfor to Global Payments to Gamigo -- and a deal with LastPass to vet its customers' accounts, PwnedList is growing quickly.
Another startup focused on gathering botnet intelligence, Seculert offers its Sense service to companies who want to check whether any systems within their network are infected with bot software. Founded by Dudi Mator and Aviv Raff, Seculert has gained attention for its analysis, in cooperation with software security provider Kaspersky Lab, of the Mahdi attack in the Middle East and the Shamoon virus that struck 30,000 systems at Saudi Aramco.
Founded by executives from eBay and FishNet, SecurityStarfish aims to ease the sharing of information on security incidents between firms. The company's subscription service analyzes attack intelligence from its member companies and warns subscribers, while offering defensive options. The startup hopes to turn the ad-hoc sharing of information via close-knit social networks into a more reliable source of intelligence.
While it launched in September, Social Fortress's service offerings are still in the early adopter stage. Originally aimed at consumers who want greater control over their social-network posts, the company has also developed an enterprise service that will allow companies to manage and secure data using encryption. Allowing both companies and individuals to regain control over their data has become a popular meme among many data security firms, including CipherCloud and Wave Systems' scrambls.
Founded in 2010, botnet intelligence service provider Unveillance may best be known for being targeted by the LulzSec group, a band of Internet hacktivists and hooligans that breached large targets to prove that security is an illusion. Yet Unveillance has provided a view into a number of massive botnets by gleaning information from their C&C servers. In October, Mandiant scooped up the firm to create its own intelligence service, which rivals Seculert's offering.
Despite a growing number of breaches that expose passwords and high levels of reuse, the security-challenged keys to the online kingdom are unlikely to be done away with anytime soon. Startup WWPass aims to change that by allowing users to secure all their online accounts with a single physical device, PassKey. The service maintains no database of user identities and stores access information in fragments around the globe. However, it does require that online services support its sign-in technology, a major hurdle.
Despite a growing number of breaches that expose passwords and high levels of reuse, the security-challenged keys to the online kingdom are unlikely to be done away with anytime soon. Startup WWPass aims to change that by allowing users to secure all their online accounts with a single physical device, PassKey. The service maintains no database of user identities and stores access information in fragments around the globe. However, it does require that online services support its sign-in technology, a major hurdle.
Despite a growing number of breaches that expose passwords and high levels of reuse, the security-challenged keys to the online kingdom are unlikely to be done away with anytime soon. Startup WWPass aims to change that by allowing users to secure all their online accounts with a single physical device, PassKey. The service maintains no database of user identities and stores access information in fragments around the globe. However, it does require that online services support its sign-in technology, a major hurdle.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024