7 hot security companies to watch

There's a rush in security startups looking to tackle everything from identity management to encrypting cloud data. Here are some of the latest companies worth keeping an eye on.

OneID

Headquarters: San Jose, Calif.  March 2011  Not disclosed  Steve Kirsch, co-founder and CEO  Kirsch is a wealthy serial entrepreneur whose lineup of startups have included Mouse Systems, Frame Technology, Infoseek and other firms.

Founded:

Funding:

Leader:

Fun fact:

Why we're following it: This week Kirsch is launching OneID for what he calls the "next-generation PayPal" for digital identities. Kirsch says the basic technology, developed with engineers Jim Fenton, Adam Back and Bobby Beckman, is integrated into websites to let users create their own digital identities and hold payment information securely and use it as a form-filling capability. Kirsch also says the firm in the future intends to tackle hard identity issues such as proving age, citizenship and residency. It's a change-the-world infrastructure play, and OneID wouldn't be the first to find out it's hard to change the world. But one company, Salsa Labs, which handles payments and marketing services for about 2,000 nonprofit organizations, says it's integrating the identity and payment technology into its platform and OneID says to expect to hear from other companies supporting it in the future.

IN PICTURES: Hot security upstarts 

BACKGROUND: 10 scariest hacks from Black Hat and Defcon 

MORE: Security companies to watch

Pwnie Express

Headquarters: Barre, Vt.  2010  No venture-capital funding  Dave Porcello, CEO and technical lead  Pwnie Express may be a one-man band, but it's profitable.

Founded:

Funding:

Leader:

Fun fact:

Why we're watching it: Mark Hughes, director of marketing and sales for the startup, admits it can be hard to get a good phone connection in this rural area of Vermont. But that didn't stop company founder Dave Porcello from coming up with vulnerability-assessment penetrating tools, including one called PwnPlug, that range in price from about $570 to $800. The network penetration tools, largely based on open source, compete with those from Core Security and Rapid7, among others. Pwnie Express is tiny, but with about $300,000 in revenues last year, was profitable.

Pindrop Security

Founded: 2010  Atlanta, Ga.  Undisclosed amounts from angel investors, plus a National Science Foundation grant  Vijay Bala, founder and CEO, and Chairman Paul Judge  The firm's technology originated in research at Georgia Tech College of Computing.

Headquarters:

Funding:

Leaders:

Fun fact:

Why we're watching it: The firm is out to work with banks and any other type of organization that finds there are plenty of fraud attempts in telephone calls from crooks pretending to be customers. Banks are always looking for new ways to augment the measures they have in place to detect phone fraud, and according to Johnny Baker, Pindrop Security's vice president of sales and business development, the firm's technology is an alternative to caller ID. It can pick up dozens of separate technical factors related to a voice call and put them together into an audio fingerprint of the caller and the call path. This can be used to flag suspicious calls. The firm can't disclose customers but Baker says interest in high not only in the banking industry but national intelligence agencies.

Click Security

Headquarters: Austin, Texas  2009  Undisclosed amount from Sequoia Capital  Co-founders CTO Brian Smith and CEO Marc Willebeek-Lemair  Smith founded TippingPoint in 2001 and served as chief architect and later CTO in 2009.

Founded:

Funding:

Leaders:

Fun fact:

Why we're watching it: Click Security, which just released a product called the Automated Security Analytics Platform (ASAP), is out to provide real-time information to detect stealthy infiltrators into the corporate network. ASAP does that by aggregating information widely across the network, but the co-founders reject being bracketed in the security information and event management (SIEM) category, claiming ASAP breaks new ground in threat detection. Some analysts agree. "While some of the things they do are similar to what SIEM vendors claim to do, they are much more than a central repository for log data," says Richard Stiennon, chief research analyst with consultancy IT-Harvest. "Click Security has more in common with threat-intelligence services such as Unveillance, ShadowServer or Seculert, combined with NetWitness or Solara Networks." ASAP is being used by about half a dozen companies, though none have been disclosed.

Porticor

Headquarters: Tel Aviv, Israel  2010  Glilot Capital for about $1 million  Gilad Parann-Nissany, co-founder and CEO  Co-founder Yaron Sheffer was formerly technology manager at Check Point and is currently co-chairman of the IETF IPSECME committee.

Founded:

Funding:

Leader:

Fun fact:

Why we're watching it: Porticor is tackling the timely problem of encrypting data at rest in cloud-based computing centers where customers rent disk space or servers. What Porticor does that's unique is it's come up with a "split key" method in which the service to encrypt and decrypt doesn't work unless both pieces of the key are together. According to Parann-Nissany, the enterprise holds the "master key," and the idea is to foster trust by putting the customer in complete control. The service provider doesn't even see the mater key in the encryption method that's applied based on AES 256 or Blowfish. At least one enterprise, the assurance, tax and consulting firm McGladrey & Pullen, is trialing the encryption service now.

WWPass

Headquarters: Bedford, N.H.  2009  Private and undisclosed  Founder Gene Shablygin  The first American venture for Russian-born entrepreneur Shablygin, who founded the Moscow-based technology firm Jet Infosystems, WWPass relies on crypto expertise from Moscow.

Founded:

Funding:

Leader:

Fun fact:

Why we're watching it: WWPass, which debuted last month, has the ambitious goal of revolutionizing how users authenticate to websites through WWPass technology that will give users single sign-on capability and crypto-based authentication that lets users manage their own encryption keys. Neither WWPass nor the website knows what they keys are or who the users are. The user just needs the PassKey, available as USB fobs, smartphone apps and card form factors. It could be used with the near-field communication technology coming into use for smartphones, says Eric Scace, chief strategy officer. Under the business model, the plan is to charge service providers supporting WWPass authentication about $5 per 1,000 authentications. It could be an uphill battle to get attention for something as novel as PassKey, but WWPass execs say they knows there's a business need for it.

StopTheHacker

Headquarters: San Francisco  2009  Undisclosed amount from Runa Capital and private investors, plus a $600,000 research grant from National Science Foundation  Peter Jensen, CEO  Co-founder Michalis Faloutsos is a computer science professor at University of California, Riverside, who is teaming with research student Anirban Banerjee, StopTheHacker's co-founder and now its vice president of research and development.

Founded:

Funding:

Leader:

Fun fact:

Why we're following it: Malware that hackers embed onto websites to launch iFrame and JavaScript code attacks and other assaults on visitors remains a problem, and StopTheHacker is out to, well, stop it by detecting it through largely behavior-based methods and Web crawling. The company, which debuted last month, isn't the first to try, of course, and will be competing against firms such as Armorize and Dasient (recently acquired by Twitter). Some early adopters, including Maryland-based Christopher Imaging, say it works.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies