Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

6/15/2006
09:20 AM
50%
50%

IPLocks Locks Up $11M

Database security startup looks to spread its software message

Database security startup IPLocks has clinched $11 million in Series D funding as the vendor plans to expand its global operations and exploit compliance initiatives around the world.

The Series D, which brings IPLocks' total funding to $23 million since 2002, was provided by a group of institutional and individual investors. Ron Radcliff, the startup's vice president of business development, however, would not reveal the identity of these backers.

But Radcliff was a little more forthcoming on what the firm will do with its cash influx. "What we're doing is expanding our field sales support. We're also enhancing our marketing awareness campaigns," he says, adding that the firm's R&D efforts will also get a boost.

The startup's flagship offering is its Database Security and Compliance software, which aims to lock down database information through user monitoring and auditing. The software runs on either a Microsoft Windows or Linux server attached to a user's database server.

According to IPLocks, the software works across all major database platforms, including IBM, Microsoft, Oracle, Sybase, and Teradata. The vendor has already racked up over 130 customers. These include some big names, such as Ernst & Young, NEC, and Western Corporate Federal Credit Union.

Last year IPLocks expanded its presence in the Asia-Pacific region, announcing a reseller agreement with Decillion Solutions Group, which is part of NEC, and Radcliff says that the firm will now refocus its transatlantic efforts. "We're beginning to expand our operations in Europe. Currently we're mostly U.K.-based."

But IPLocks is not the only vendor playing in the database security space. Fellow startup Imperva, for example, recently clinched $17 million in second round funding to support its own security efforts.

Imperva, however, takes a different approach, relying on its own SecureSphere family of appliances to monitor database traffic. (See Imperva Pushes Database Security.) Another startup, Guardium, also offers specialist hardware. (See Security Fears Draw VC Bucks.)

A key selling point for IPLocks, according to Trish Schaefer Reilly, the startup's vice president of marketing, is that the vendor can operate without installing an agent on the database servers. Instead, the IPLocks software accesses the databases as a "read only user."

Although IPLocks also offers agents that can be installed on devices, Schaefer Reilly told Byte and Switch that 90 percent of the firm's customers prefer the simplicity of the agentless approach.

The idea here is that, by avoiding the use of agents, users can side-step the hassle of issuing patches and software upgrades throughout their infrastructure. That said, some users have already expressed a preference for security in dedicated hardware. (See Microsoft in Whale of a Deal.)

Either way, database security is fast becoming big business. The SANS Institute, for example, recently listed online database attacks as one of its Top 20 most critical Internet security vulnerabilities, which reflects the recent trend toward data-targeted exploits, in which criminals steal user information rather than funds. (See SANS Exposes 'Safe' Technologies.)

Database issues have even led to high profile security flaps at the FBI and the White House, underlining the importance of locking down critical data. (See FBI Flap Highlights Security Challenge.)

Additionally, the advent of regulatory requirements such as Sarbanes Oxley, and similar legislation in countries such as Japan, appears to be paving the way for security startups. (See Users Splash Cash on SOX, Gartner: Sarbanes Struggle Continues, and CA's Clarke: SOX Driving IM.) "Regulatory requirements are kicking things into overdrive," explains Schaefer Reilly. "We want to make the market much more concerned about securing their databases and about data protection."

The San Jose, Calif.-based vendor, which currently has around 65 employees, will also be looking to increase the size of its workforce, according to Schaefer Reilly, although she would not say by how much.

— James Rogers, Senior Editor, Byte and Switch

Organizations mentioned in this article:

  • Ernst & Young International
  • Guardium Inc.
  • IBM Corp. (NYSE: IBM)
  • Imperva Inc.
  • Microsoft Corp. (Nasdaq: MSFT)
  • NEC Corp. (Nasdaq: NIPNY; Tokyo: 6701)
  • Oracle Corp. (Nasdaq: ORCL)
  • The SANS Institute
  • Sybase Inc.
  • Teradata

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 9/25/2020
    9 Tips to Prepare for the Future of Cloud & Network Security
    Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
    Vulnerability Disclosure Programs See Signups & Payouts Surge
    Kelly Sheridan, Staff Editor, Dark Reading,  9/22/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-15216
    PUBLISHED: 2020-09-29
    In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
    CVE-2020-4607
    PUBLISHED: 2020-09-29
    IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
    CVE-2020-24565
    PUBLISHED: 2020-09-29
    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
    CVE-2020-25770
    PUBLISHED: 2020-09-29
    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
    CVE-2020-25771
    PUBLISHED: 2020-09-29
    An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...