There’s a rush in security startups looking to tackle everything from identity management to encrypting cloud data. Here are some of the latest companies worth keeping an eye on.
OneID
Headquarters: San Jose, Calif.
Founded: March 2011
Funding: Not disclosed
Leader: Steve Kirsch, co-founder and CEO
Fun fact: Kirsch is a wealthy serial entrepreneur whose lineup of startups have included Mouse Systems, Frame Technology, Infoseek and other firms.
Why we’re following it: This week Kirsch is launching OneID for what he calls the “next-generation PayPal” for digital identities. Kirsch says the basic technology, developed with engineers Jim Fenton, Adam Back and Bobby Beckman, is integrated into websites to let users create their own digital identities and hold payment information securely and use it as a form-filling capability. Kirsch also says the firm in the future intends to tackle hard identity issues such as proving age, citizenship and residency. It’s a change-the-world infrastructure play, and OneID wouldn’t be the first to find out it’s hard to change the world. But one company, Salsa Labs, which handles payments and marketing services for about 2,000 nonprofit organizations, says it’s integrating the identity and payment technology into its platform and OneID says to expect to hear from other companies supporting it in the future.
Pwnie Express
Headquarters: Barre, Vt.
Founded: 2010
Funding: No venture-capital funding
Leader: Dave Porcello, CEO and technical lead
Fun fact: Pwnie Express may be a one-man band, but it’s profitable.
Why we’re watching it: Mark Hughes, director of marketing and sales for the startup, admits it can be hard to get a good phone connection in this rural area of Vermont. But that didn’t stop company founder Dave Porcello from coming up with vulnerability-assessment penetrating tools, including one called PwnPlug, that range in price from about $570 to $800. The network penetration tools, largely based on open source, compete with those from Core Security and Rapid7, among others. Pwnie Express is tiny, but with about $300,000 in revenues last year, was profitable.
Pindrop Security
Founded: 2010
Headquarters: Atlanta, Ga.
Funding: Undisclosed amounts from angel investors, plus a National Science Foundation grant
Leaders: Vijay Bala, founder and CEO, and Chairman Paul Judge
Fun fact: The firm’s technology originated in research at Georgia Tech College of Computing.
Why we’re watching it: The firm is out to work with banks and any other type of organization that finds there are plenty of fraud attempts in telephone calls from crooks pretending to be customers. Banks are always looking for new ways to augment the measures they have in place to detect phone fraud, and according to Johnny Baker, Pindrop Security’s vice president of sales and business development, the firm’s technology is an alternative to caller ID. It can pick up dozens of separate technical factors related to a voice call and put them together into an audio fingerprint of the caller and the call path. This can be used to flag suspicious calls. The firm can’t disclose customers but Baker says interest in high not only in the banking industry but national intelligence agencies.
Click Security
Headquarters: Austin, Texas
Founded: 2009
Funding: Undisclosed amount from Sequoia Capital
Leaders: Co-founders CTO Brian Smith and CEO Marc Willebeek-Lemair
Fun fact: Smith founded TippingPoint in 2001 and served as chief architect and later CTO in 2009.
Why we’re watching it: Click Security, which just released a product called the Automated Security Analytics Platform (ASAP), is out to provide real-time information to detect stealthy infiltrators into the corporate network. ASAP does that by aggregating information widely across the network, but the co-founders reject being bracketed in the security information and event management (SIEM) category, claiming ASAP breaks new ground in threat detection. Some analysts agree. “While some of the things they do are similar to what SIEM vendors claim to do, they are much more than a central repository for log data,” says Richard Stiennon, chief research analyst with consultancy IT-Harvest. “Click Security has more in common with threat-intelligence services such as Unveillance, ShadowServer or Seculert, combined with NetWitness or Solara Networks.” ASAP is being used by about half a dozen companies, though none have been disclosed.
Porticor
Headquarters: Tel Aviv, Israel
Founded: 2010
Funding: Glilot Capital for about $1 million
Leader: Gilad Parann-Nissany, co-founder and CEO
Fun fact: Co-founder Yaron Sheffer was formerly technology manager at Check Point and is currently co-chairman of the IETF IPSECME committee.
Why we’re watching it: Porticor is tackling the timely problem of encrypting data at rest in cloud-based computing centers where customers rent disk space or servers. What Porticor does that’s unique is it’s come up with a “split key” method in which the service to encrypt and decrypt doesn’t work unless both pieces of the key are together. According to Parann-Nissany, the enterprise holds the “master key,” and the idea is to foster trust by putting the customer in complete control. The service provider doesn’t even see the mater key in the encryption method that’s applied based on AES 256 or Blowfish. At least one enterprise, the assurance, tax and consulting firm McGladrey & Pullen, is trialing the encryption service now.
WWPass
Headquarters: Bedford, N.H.
Founded: 2009
Funding: Private and undisclosed
Leader: Founder Gene Shablygin
Fun fact: The first American venture for Russian-born entrepreneur Shablygin, who founded the Moscow-based technology firm Jet Infosystems, WWPass relies on crypto expertise from Moscow.
Why we’re watching it: WWPass, which debuted last month, has the ambitious goal of revolutionizing how users authenticate to websites through WWPass technology that will give users single sign-on capability and crypto-based authentication that lets users manage their own encryption keys. Neither WWPass nor the website knows what they keys are or who the users are. The user just needs the PassKey, available as USB fobs, smartphone apps and card form factors. It could be used with the near-field communication technology coming into use for smartphones, says Eric Scace, chief strategy officer. Under the business model, the plan is to charge service providers supporting WWPass authentication about $5 per 1,000 authentications. It could be an uphill battle to get attention for something as novel as PassKey, but WWPass execs say they knows there’s a business need for it.
StopTheHacker
Headquarters: San Francisco
Founded: 2009
Funding: Undisclosed amount from Runa Capital and private investors, plus a $600,000 research grant from National Science Foundation
Leader: Peter Jensen, CEO
Fun fact: Co-founder Michalis Faloutsos is a computer science professor at University of California, Riverside, who is teaming with research student Anirban Banerjee, StopTheHacker’s co-founder and now its vice president of research and development.
Why we’re following it: Malware that hackers embed onto websites to launch iFrame and JavaScript code attacks and other assaults on visitors remains a problem, and StopTheHacker is out to, well, stop it by detecting it through largely behavior-based methods and Web crawling. The company, which debuted last month, isn’t the first to try, of course, and will be competing against firms such as Armorize and Dasient (recently acquired by Twitter). Some early adopters, including Maryland-based Christopher Imaging, say it works.
