Startups Push Security Management

Two new security management startups are entering the arena this week: KSR, a risk management services company, and Venafi, an encryption management software maker.

KSR, which held its coming-out party today, also announced that after operating under the radar since January, it has now merged with security firm Neohapsis. Venafi, which recently secured Series B funding and has been building products and gathering customers for over a year now, will officially launch tomorrow by announcing a major OEM deal with VeriSign.

The two new security firms are focused on different aspects of a frequently-cited source of headaches for IT: managing all those security appliances and tools. Both startups appear ready to roll, having quietly built up customer portfolios and funding.

"Management is one of the biggest issues in security -- getting your arms around all these different point solutions and products out there in your network and endpoints," says Sandra Palumbo, an analyst with The Yankee Group. "Tying it all together is a challenge."

"A lot of the focus is moving toward what enterprises can do to optimize the security architectures they have put in place and managed services can help some of that," Palumbo says.

KSR already has scored around 100 customers this year and has made some strategic acquisitions. The company calls itself a managed risk services provider (MRSP), and it's targeting Fortune 100 and mid-sized companies, such as community banks. It's backed by venture capital from Trident Capital.

Venafi, meanwhile, is rolling out its Enterprise Encryption Management Solutions software, which automates the deployment and management of encryption technology across applications and desktops and servers.

Mark Iwanowski, president and CEO of KSR, who is the former CIO at Oracle, says his new company is "operationalizing" risk management. "We are taking to the next level what the legacy MSSP players are doing in firewall, IDS, and antivirus management," Iwanowski says. "This is managed services hosting with a compliance-based angle."

Aside from Iwanowski, KSR is made up of an interesting mix of industry professionals formerly with the National Security Agency, Exodus, VeriSign, SAIC, Cable & Wireless, Netscape, and Savvis. Neohapsis will operate as a wholly owned subsidiary under KSR and will continue providing its penetration testing and vulnerability assessment services as well as product testing and professional services.

Among KSR's services are security and risk assessment, risk planning and mitigation management, real-time security services, compliance, and identity management, plus Neohapsis' application security, policy assessment and PCI audit and preparation, lab services, forensics, and network and endpoint security services.

"You typically hear a lot about compliance and meeting regulations, but KSR is putting guidelines around how to track and measure risk management," Yankee's Palumbo says. "That's a different take on what's been out there so far."

Venafi, which has kept a low profile for nearly two years, will go public tomorrow with news that it recently received a $5 million Series B funding boost, which raises its financing to over $16 million. The money will go toward expanding its operations, product development and enhancing marketing, sales, and customer service initiatives.

Venafi's software handles the deployment, management, and control of encryption, from network devices to end points. "We're a systems management company with a focus on managing existing encryption technologies," says Trell Rohovit, president and CEO of Venafi. "We don't make encryption technology, but we're sure going to make it work for you."

With the growing need to lock down laptops and comply with regulatory requirements, encryption technology is finally becoming a priority at many organizations, Rohovit says. Now the trick is turning it on and managing it.

As part of its launch, Venafi is also announcing that VeriSign will offer a customized, VeriSign-branded version of Venafi's Server Encryption Manager for customers that want to automate certificate lifecycle tasks.

Venafi is going after Fortune 500 and 1000 companies directly, as well as through OEM agreements. "The VeriSign OEM agreement is the first piece of the puzzle for our indirect channel" strategy, Rohovit says. Among its dozens of customers, Venafi has secured three major financial services firms as well as three major telcos, he says, although he declined to reveal them.

Venafi's software is available and shipping now, with prices ranging from $25 to $55 per desktop for its client software, and $175 to $450 per managed system for its server software.

— Kelly Jackson Higgins, Senior Editor, Dark Reading