Okay, quiz time. Have you heard of RSA Security? If you answered yes, give yourself a point. Heard of ISS? If yes, give yourself two points. Heard of Microsoft Corp. (Nasdaq: MSFT)? If you answered "Yes, but I wish I hadn't," give yourself two aspirin and a CISSP certification.
The security industry is teeming with all manner of technology vendors, ranging from wise old elephants like Aventail Corp. and Check Point Software Technologies Ltd. (Nasdaq: CHKP) to the upstart cheetahs and jaguars like Sourcefire Inc. (Nasdaq: FIRE) and e-Security Inc. If you've done any sort of RFI lately, you've probably heard more prospective names than an expectant Angelina Jolie.
Still, unless you have even less of a life than we do (and that would be truly remarkable), we're betting that you haven't heard 'em all yet. In fact, we've culled 10 that probably aren't even on your radar screen but are interesting enough to merit more than a blip.
Take a gander at our list and see how it stacks up with yours. And if you know vendors that should be on this list but aren't, drop us a line at [email protected]. If you can stump us with a security vendor we've never heard of, we'll give you a free cookie.
- Ciphire Labs
- Sana Security
- Asempra Technologies
- Enterasys Networks
- Force Field Wireless
- Exploit Prevention Labs
- BitArmor Systems
The Staff, Dark Reading
Next Page: Ciphire Labs
Most of us security folk like the idea of email encryption, except for three things: It's expensive, it's complex, and it's a bandwidth hog. Ciphire Labs AG is out to prove that email encryption can be done easily and cost-effectively, and it's got a novel approach toward doing it -- a free client. Any individual, nonprofit organization, educational institution, or fluff writer like us can have Ciphire Mail for nothing, and we don't even have to agree to say nice things about it afterwards.
Apparently, Ciphire is backed by a group of private -- and wealthy -- "business angels" who want to see email become a safer medium. The company won't say who these angels are, but officials say they aren't interested in additional financing, so we're guessing that money's not a problem. Obviously, Ciphire is planning to charge enterprises and government organizations for the software, though it won't say how much.
If it's installed on both ends of an email transmission, Ciphire Mail offers two levels of security. On the sender's end, the client intercepts outgoing mail, performs a security check on the recipient and retrieves his or her public key from the Ciphire Certificate Directory. The email is then encrypted for its trip across the Internet. At the other end, the recipient's client does a check on the sender, verifies his or her digital signature, and then decrypts the message. Neither the sender nor the recipient has to do anything to make the encryption work -- it's all done transparently by the client.
Ciphire still has a lot to prove to enterprises, particularly the questions of cost and the impact of encryption on message delivery times. But they've brought down the barriers of cost and complexity, and that makes them worth a look.
Next Page: Sana Security>
We liked its original name better -- Company 51 Inc. -- but Sana Security Inc. has gotten some attention since it adopted its new identity, and it's warranted. The company makes "threat protection" software that automatically detects, classifies, and responds to evolving threats, sort of like the Terminator without all the attitude.
Sana's suite of host-based, clientless software is based on something called Active Malware Defense Technology, a unique concept for securing the network that is patterned after the human immune system. The Sana software "learns" normal software behavior by observing code paths in running programs, then identifies anomalies in the form of bugs, misconfigurations, injected code, and other forms of attack. When the software detects an anomaly, it can stop system call executions, effectively closing the potential vulnerability before it can lead to system trouble.
Sana's concept has been around since 2000, but the company is now getting some much-needed backing in its budget and in its boardroom. The company recently received another round of funding from its venture investors, and it has enlisted Don Listwin -- the one-time heir apparent to John Chambers at Cisco Systems Inc. (Nasdaq: CSCO) -- as its chairman of the board. Sana has yet to test its mettle in the largest enterprises, but with a truly different concept and decent funding and leadership, it will probably be heard from.
Next Page: Asempra
Okay, technically, it's not a security vendor. But if you ever experience a loss of data or a system failure as a result of a security problem, you might be glad you've heard of it, because Asempra Technologies is offering a method of backing up data in real time.
There are a ton of good backup products on the market, but they all have one thing in common: They only back up your data at specific, designated times. If you back up at night, and you have an outage during the day, you'll be able to recover all your lost data from the past week -- but everything you did that day is toast.
Asempra, a three-year-old company backed by some $29 million in venture funding, offers a system that backs up data as it's recorded, in real time, all day long. When an outage occurs, the user can roll back to saved data that's as little as a minute old, then get right back to work.
Unlike larger competitors such as Veritas Software Corp. or IBM Tivoli , Asempra doesn't offer tape backup or long-term archival, so it can't compete as an enterprise document storage solution. This could make Asempra's products less attractive to some enterprises that don't want to buy two backup systems. However, if your business is transaction-oriented, where the loss of a even few hours' data could cost big bucks, Asempra might be a vendor worth investigating.
Next Page: CoreStreet
When it comes to keeping the bad guys out, there's nothing quite so effective as a locked door. But although smart cards have been around for decades, many enterprises are still struggling with the cost and complexity of managing card access control lists across multiple buildings, especially at remote sites where card systems aren't part of the headquarters network.
Enter CoreStreet Ltd. , a venture-backed startup that offers a validation system that integrates digital identities for both network and physical access control. CoreStreet's technology lets companies lock their doors using the same access lists they use to restrict network access, eliminating the cost and complexity of managing separate systems.
Here's how it works: A smart card picks up a validation proof -- which contains a user's identity, access control list, role, or any other identifying attribute -- when the user authenticates to the network or swipes his card on a CoreStreet-enabled card reader. When the user accesses a remote card reader, the reader validates the proof and, if everything checks out, opens the lock. If not, the door stays locked.
CoreStreet is coming into its own at a good time, especially now that the Department of Defense is initiating several projects that require integrated physical and network credentials. The company has strong experience after developing a robust validation authority for the PKI world, and it has a known leader in chairman and CEO Peter Hussey, formerly president of GTE Cybertrust. If integrating your physical and logical access control methods is important to your organization, CoreStreet is a vendor to watch.
Next Page: SecureLogix
You may think you've build a solid security perimeter, but have you checked your phone lines? Rogue modems connected to remote-control software, fax machines quietly awaiting use, and unprotected voice calls over the public switched telephone network can all lead to the loss of sensitive data. And as voice-over-IP technology becomes more prevalent, the problem gets worse.
SecureLogix Corp. , an eight-year-old venture backed in part by Symantec Corp. (Nasdaq: SYMC), might have an answer to the voice vulnerability problem. The company offers the Enterprise Telephony Management system, a telecom firewall that blocks calls based on phone numbers and call type, detects war-dialing, and defends against other voice-based attacks. Founded by IDS Software and vulnerability scanning pioneers Lee Sutterfield and Rick Jordan, SecureLogix has the war chest and the leadership needed to be a major player in the voice security space.
If you aren't convinced that your organization is vulnerable to attack via phone lines, take a walk through your data center and see how many modems are connected to equipment for out-of-band access. Many managed devices, including routers and PBXs, are linked to the telephone network via modem, and a surprising number of inbound enterprise phone lines also still have a modem attached. If you haven't investigated this issue yet, you will, and SecureLogix could be part of the solution.
Next Page: Enterasys Networks
Yes, Enterasys Networks Inc. (NYSE: ETS) -- the old Cabletron guys. Okay, so maybe you have heard of them, but you may not know that the company has become a leader in the field of nework access control (NAC). Last year, the company was acquired by an investment group led by the Gores Technology Group LLC and Tennenbaum Capital Partners. Last month, Enterasys got a new CEO and president in former CA Inc. (NYSE: CA) VP Michael Fabiaschi. Between the new money and the new blood, Enterasys may be just about ready to break out.
If your organization is seriously considering NAC purchases, Enterasyss Secure Networks and Sentinel products should be on the short list. Enterasys has been quietly leading the NAC wave for some time on its own routers and switches, offering one of the first network-centric enforcement solutions to deliver port-level access control. The company also offers third-party vendor infrastructure control via 802.1x and SNMP.
As it moves deeper into the security space, Enterasys is focusing on network controls, leveraging partnerships with companies like Lockdown Networks Inc. to fill out its product portfolio. The company's Sentinel Trusted Access Manager brokers authentication and access requests between clients and the back-end systems. Once it makes a decision, the system signals the Trusted Access Gateway to apply the appropriate policy. Trusted Access Manager can even base its decisions on network port, time of day, or other factors. With this type of technology in place, Enterasys continues to push the limits of access control technology, and it could be a major player in the space.
Next Page: Force Field Wireless
Force Field Wireless
Force Field Wireless is the one wireless security company that can also sell you a 10-piece paintbrush set along with its data defending products. Thats because Force Field makes paint that it claims will keep unwelcome wireless waves out while keeping your data safely within four walls.
The company says that just one coat of its metal-laced DefendAir paint and paint additives can keep out radio waves up to 2.6 GHz, perfect for blocking 802.11b/g WiFi, Bluetooth, or some WiMax transmissions. But what if you need to defend against 5GHz 802.11a signals? Simple, just add another coat of paint.
At between $40 and $80 per gallon of paint, it could prove to be a costly business if you want to do the whole house like a giant Faraday cage. For the enterprise users Force Field generally sells to, however, it may prove to be the simplest and most effective way of blocking out -- or keeping in -- wireless signals.
Founded in 2003, the San Jose, Calif., company lists 3M Co. (NYSE: MMM), Microsoft Corp. (Nasdaq: MSFT), the U.S. Department of Labor, and the U.S. Army and Navy among its customers. The one drawback for the aesthetically conscious radio wonk is that the firms paint comes in any color you want -- as long as its white.
Next Page: Exploit Prevention Labs
Exploit Prevention Labs
Okay, you may have heard about this company, since it emerged from stealth today, but Exploit Prevention Labs ' (XPL) SocketShield approach to zero-day protection has an interesting hook to it.
CTO Roger Thompson sums it up best. "What if I turned my distributed honeypot around and turned it into a distributed hunting pot?" he asks. That way, XPL finds malicious sites, identifies the exploits they're using, and pushes protection to customers.
By discovering such exploits in the wild, and not in the zoo (think your own desktops and servers), XPL believes it can prevent about 80 percent of such malware from ever affecting your internal operations.
XPL is also quick to trumpet its ability to stop an exploit before it ever reaches a user, and keep systems protected till a patch can be developed, tested, and pushed out. And it says it can offer scaleable protection for port 80 traffic that its competitors leave unchecked.
The startup, formerly called WormRadar, is privately backed by angel investors that the company wont identify, nor will it divulge capitalization levels. After SocketShield finishes up its beta test, annual desktop subscriptions will cost $30. The plan then is to make an SDK available and lasso partners, including ISPs that might want to bundle it into a managed service for their customers. Enterprise and mobile versions of SocketShield are projected to follow in the next year or so, according to the companys ambitious roadmap.
Whether customers bite on the inverted honeypot concept -- or prove willing to entrust something this critical to a startup -- remains an open question. And thats fine with Thompson, who says the companys near-term goals are more modest. "We're just trying to be another layer of security, not replace firewalls or anti-virus software," he says.
Next Page: BitArmor Systems Inc.
We here at Dark Reading love a mystery, but we understand that you out there in Reader Land may not. So be forewarned that this next vendor on our list is a bit coy. Even our most suave cajoling didnt get us a lot further than whats posted on its Website.
"We provide persistent and pervasive end-to-end data protection and encryption, going after the compliance and risk mitigation markets," intoned Mark Buczynski, VP of marketing for BitArmor Systems Inc. , sounding like he gets to say that about 100 times each hour, when reached at the startup's Pittsburgh headquarters.
But it all sounds more like data-at-rest protection to us, designed to help customers show they're in compliance with a myriad of state and federal data privacy laws. Presumably, BitArmor will have some sort of audit or reporting mechanism that also measures and demonstrates to shareholders, regulators, and other nosey-parkers that every little byte is safe, sound, and accounted for.
Apart from headlines that track the latest gaffes in compliance and lost laptops, BitArmor's Website won't tell you a whole lot more. Apparently well all have to wait until later this summer when the company sheds its cloak of semi-invisibility -- July or August, according to Buczynski.
Next Page: CounterStorm
"It's a combination of behavioral analysis and NAC so that you can quarantine machines quicker," says Zeus Kerravala, VP of infrastructure research Yankee Group Research Inc. , of the startup's CounterStorm-1 technology.
Most security vendors fall into either the NAC camp, à la Cisco Systems Inc. (Nasdaq: CSCO) and Juniper Networks Inc. (Nasdaq: JNPR), or the behavioral analysis camp, such as Mazu Networks and Lancope Inc. But no one, according to Kerravala, currently offers a combination of the two.
CounterStorm uses a 1U device to scan internal LAN switches for unusual behavior such as connection attempts to points not on the network -- typical worm behavior. A 2U management device then quarantines infected devices such as servers and laptops.
So far, the startup has racked up around a dozen customers, although only the New York Presbyterian Hospital, and The Brookings Institute have been made public. This is due, no doubt, to the startup's close links with Uncle Sam, although Warner Music Group was added to the customer list recently.
CounterStorm started life back in 2001, born out of security research that Columbia was undertaking for the U.S government. "It was really at the encouragement of the Defense Advanced Research Projects Agency (DARPA) that a commercial entity was formed to provide the technology," explains Matt Miller, the startup's VP of engineering.
CounterStorm has since racked up $23.5 million in VC funding and clinched two Small Business Innovative Research (SBIR) grants totaling $1.5 million from the DHS. Miller told Dark Reading that the startup can also work with NAC offerings from the likes of Cisco.
Kerravala feels that CounterStorm could be good acquisition bait for a number of vendors. "There's a lot of network vendors, like Foundry Networks Inc. (Nasdaq: FDRY) and Extreme Networks Inc. (Nasdaq: EXTR), that could improve their security portfolio," he notes.