New companies have to be brash to enter the network security market, given that the industry has witnessed an explosion in creativity over the past five years and considering that big players such as Microsoft and IBM increasingly are throwing their weight around in security. Nonetheless, anyone who takes the time to listen to what IT managers say they would like to see from the security industry can't walk away without the impression that there is plenty of room for the new.
For example, Ryan Bagnulo, vice president and head of software architecture and innovation at Wachovia, says he'd like to see more industry action on automating security-policy administration based on the Organization for the Advancement of Structured Information Standards' eXtensible Access Control Markup Language.
Sometimes entire groups of users stand up and declare they need something new. The Jericho Forum wants to see a new generation of products and services designed for the world of e-commerce, where traditional firewall-edge boundaries are vanishing.
User demand will have the final say about whether security start-ups pan out as the successes their founders envision -- or end up as brief footnotes in the epic of networking. Here are our selections for 10 security newcomers worth watching:
2Factor
Founded: 2006
Headquarters: Maumee, Ohio
Funding: US$1.6 million in first-round financing
CEO: David Burns
What the company offers: Real Privacy Management (RPM) software that offers continuous, two-factor user authentication and data encryption based on a patented, real-time algorithm that limits the opportunity for intrasession hack attacks and threats.
Why it's worth watching: Authenticating users has become a security best practice, but once is not enough. Methods such as public-key infrastructure (PKI) authenticate the user at first logon but leave the session open to hacker attacks thereafter. By performing continuous mutual authentication and encryption during every transmission between client and server, 2Factor reduces the potential for data theft and fraud by closing the window of opportunity for hackers.
How the company got its start: After working in cryptography for many years, founder and chief scientist Paul McGough saw the need for a simpler, more nimble and more effective alternative to PKI and other security technologies. The company claims RPM is based on provable mathematics, is as much as 100 times faster than PKI, and can be deployed quickly and easily in any type of software, chip or device.
Where the company got its name: A reference to two-factor security, where the first factor is "what you know" (typically a user name and password) and the second factor is "what you have" (typically some type of card or token).
Customers: The company says it's in discussions with several major financial institutions, plus mobile phone operators, digital media companies, government agencies and large healthcare institutions - but won't name names.
NetWitness
Founded: 2006
Headquarters: Herndon, Virginia
Funding: US$7.5 million from undisclosed angel investors
CEO: Amit Yoran
What the company offers: NextGen, a security product that monitors and analyzes inbound and outbound traffic and stores and analyzes it based on users, applications and content.
Why it's worth watching: Business and government agencies are under pressure to boost network security and comply with numerous regulatory requirements to show they're meeting security policies. Thus, there's growing demand for tools to do this.
How the company got its start: Amit Yoran, former National Cyber Security Director at the U.S. Department of Homeland Security and also founder of security-services firm Riptech, was familiar with the version of NetWitness developed by CTX for national-intelligence agencies. Yoran last year led the buyout of ManTech's product assets, acquired when that company bought CTX.
Where the company got its name: It "witnesses" network traffic.
Customers: Washington, D.C.-area law-enforcement and intelligence agencies for which NextGen was developed originally. The latest commercial version, developed for broader use, was released in September.
