10 IT security companies worth watching, including those focusing on video surveillance, data leakage and application whitelisting.
Our picks for this year's 10 IT security companies to watch offer products and services that involve everything from video surveillance to application whitelisting to malware blocking, and you can view samples of their products in this slideshow. But if there's a common theme among most of these vendors, as with 2007’s top 10, it's that trusted personal relationships forged in universities, business and the military played an essential role in inspiring their founders and convincing employees to join them. And that's not to mention the millions in seed money not just from venture capitalists but also angel investors, and yes, family.Behavioral Recognition Systems
Focus: AISight is video-analytics technology that can convert images captured by a camera into machine-readable output that provides real-time intelligence about the surveillance to generate an alert.
Why it's worth watching: As use of video-monitoring grows, business and government may want to automate surveillance to be warned of unexpected events. AISight can be used with existing video-monitoring systems.
How company got its start: Founder Ray Davis saw a gap in the effectiveness of video surveillance systems and backed a team of scientists working on artificial-intelligence recognitions systems for video.
How company got its name: The BRS artificial-intelligence technology uses adaptive learning to anticipate behavior based on knowledge it accumulates over time.
CEO: Davis is an entrepreneur involved in technology start-ups from the '90's, including SimDesk, CyNet and OnDisk.
Funding: $23 million from undisclosed angel investors.
Who's using the product: None announced but eight pilot tests in progress in energy, financial services, government and a sports stadium.
Founded: Officially in 2001, but dormant until 2007
Focus: Specializes in application whitelisting software; its Bouncer products for the enterprise are designed to prevent unauthorized applications from running on desktops and servers based on Windows, Solaris and in the future, Linux.
Why it's worth watching: As combating malware continues to get tougher due to just its numerical increase, alternates to using just antivirus software are getting attention. Whitelisting -- the method of allowing only stipulated applications to run -- is one approach. However, whitelisting software in general still has a reputation as difficult to manage, something CoreTrace says it tackles with its product.
How company got its start: Co-founders Daniel Teal, CTO, and his brother Richard, vice president of engineering, came up with their basic concept years back, but didn't pursue launching a firm until last year when they teamed up with Toney Jennings, now the CEO, with whom they had worked at Trident Data Systems and the Air Force several years ago.
How company got its name: The Bouncer software operates in the kernel of the operating system, so the goal is to trace any attempt to make changes to the core of the operating system.
CEO: Jennings was formerly president and CEO of Mirage Networks. His career also includes being founder, CEO and chair of WheelGroup, which was sold to Cisco.
Funding: $8.2 million from Hunt Ventures and Venrock.
Customers: State of Texas, Horry Telephone Cooperative, Click Forensics
Headquarters: Louisville, Colo.
Focus: Its managed video-surveillance services include installation of cameras in business locations, then remotely managing them through the Denver-based data center. Envysion can also enable detection of theft through correlating sales data generated electronically through cash registers and bar-coding with video-surveillance recordings of activity.
Why it's worth watching: IP-based digital-surveillance systems are becoming more popular in business, but not every organization wants to install and manage them. Envysion's approach provides businesses with a managed service that has Internet and Web-based access to live and stored video feeds.
How company got its start: The company, now with 35 employees, was founded by CEO Matt Steinfort, Chairman Dan Caruso and CTO Rob Hagens. All were formerly with Level 3 Communications, where they saw growth in business video surveillance occurring and became convinced a managed service would prove popular.
How company got its name: Play on the word "envision."
CEO: Steinfort, formerly COO, was named CEO this year after his success in bringing in venture capital and on the sales side, national customer accounts.
Funding: $12.5 million, including Columbia Capital, High Country ventures and Bear Equity, plus angel investors
Customers: About 40, including Chipolte, IHOP, and Captain D’s seafood chain
Headquarters: Los Altos, Calif.
Focus: An online fraud-prevention service, FraudMap is primarily for financial institutions. It takes a real-time feed for a company's online banking application to protect customer accounts dynamically.
Why it's worth watching: The service blends Quova's IP geo-location technology into the Guardian Analytics technology to be able to score risk in real-time partly based on a determination of the physical location of the user or the fraudster.
How company got its start: Founder Tom Miltonberger saw the possibility of a fraud-detection service for banks that would be able to stop fraudster takeover attacks against customer accounts through a technique that models each customer account to determine suspicious behavior.
How company got its name: Combines concept of analysis about banking-account use to guard against fraud.
CEO: Miltonberger was formerly a senior vice president with Quova and was responsible for gaining Quova's backing to support the start-up through a technology-licensing arrangement.
Funding: $7.5 million from Foundation Capital
Customers: One Credit Union, Digital Federal Credit Union
Headquarters: San Jose, Calif., in the United States, and Glasgow, Scotland in Europe
Focus: MetaFortress is software designed to prevent tampering, piracy and theft of applications through use of a digital-hash checksum-based mechanism. When it detects software has been altered, it can either kill the process to eject the attacker, shut down the application or take other actions.
Why it's worth watching: Optimally, MetaFortress should be incorporated into development environments such as Visual Studio to be installed into applications. With piracy still a huge drain on the software industry, it may look at MetaFortress as a means to thwart theft.
How company got its start: Both from Scotland, Andrew McLennan, CEO and Linda MacKellar, COO, founded Metaforic, which now has 15 employees, to commercialize technology from a 5-year research project funded by the Scottish government. Neil Stewart is CTO. The three had worked together at games developers Slam games and Steel Monkeys, where they worked with Hasbro and Microsoft.
How company got its name: A metaphor for good security by building the antipiracy protection into the application itself.
CEO: McLennan, in his unmistakable Scottish brogue, says he needed to establish a beachhead in Silicon Valley this fall in order to introduce the advantages of using MetaFortress to the high-tech industry.
Funding: $10 million, including Pentech ventures and the Scottish Co-Investment Fund
Customers: Not yet announced.
Headquarters: Santa Clara, Calif.
Focus: Data-leak prevention via an appliance called Information Search and Security (Compare data leak protection products.
Why company is worth watching: NexTier has a mechanism for crawling through stored files that its founders believe will differentiate it from what has become a crowded field of competitors.
How company got its start: Tarique Mustafa, founder and CEO, says nexTier's technology has its roots in artificial-intelligence research he did as a graduate student at the University of Southern California.
How company got its name: Mustafa combined the word "next" with "frontier," since he regards effective DLP as security's next frontier.
CEO: Mustafa also founded Network Utilities, served as principal architect at Nevis Networks, and held technical positions at Symantec, DHL Airways and MCI WorldCom.
Funding: $2 million from Ecosystems Ventures, Archimedes Capital
Customers: None announced, but said to be in trials at several Fortune1000 companies.
Headquarters: Madison, Wis.
Focus: NovaShield behavior-based detection software to catch, quarantine and eradicate malware.
Why company is worth watching: NovaShield, facing a number of competitors in behavior-based detection, hopes to differentiate itself via what Jha calls "specification-based monitoring" to ensure secure interaction between application programs.
How company got its start: Co-founders Somesh Jha, chief scientist, and Praveen Sinha, CEO, were involved in research and academics at the University of Wisconsin, and came up with what they say is a way to detect and block malicious drive-by downloads. The first version of the Windows-based NovaShield software was released in its commercial form earlier this year.
How company got its name: It was simple, and gets across the idea of creating a shield against malware.
CEO: Sinha previously co-founded UltraVisual Medical Systems, which merged with Emageon in 2003. He was also product manager at ADAC Labs, and his academic accomplishments include a Ph.D in physics, an master's degree in computer science and an M.B.A.
Funding: $4.7 million from angel investors and $200,000 in small tech-business funding from the NSF.
Customers: None announced
Headquarters: Santa Fe, N.M.
Focus: The Network Forensics Search Engine is Linux-based software that provides a Web interface for network managers to see an analytical profile of host-to-host activity based on NetFlow router data and other log information related to an organization's security systems. It is adopting an open source strategy early next year.
Why it's worth watching: Packet Analytics, which regards Splunk and LogLogic as competitors, designed its tool to sift through voluminous amounts of NetFlow data to help determine the context of how a compromise may have occurred.
How company got its start: Co-founders Ben Uphoff and Paul Criscuolo were technical staff members at Lawrence Livermore National Lab when they developed the Net/FSE in response to requests from the FBI to provide detail on network activity based on a list of IP addresses related to possible security problems.
How company got its name: Pretty simple -- the product performs analysis on network packets.
CEO: Andy Alsop has had management stints at Panorama Point, Lucent Technologies, the Georgia O’Keefe Museum and Cowboy & Indians Magazine.
Funding: $100,000 from Los Alamos National Lab Venture Acceleration Fund, plus $100,000 from Flywheel Ventures and an undisclosed angel investor.
Customers: Los Alamos National Bank
Focus: The Purewire Gateway managed security service for protecting enterprise users from being victimized by malicious-code attacks while surfing the Web online. (Compare secure Web gateway products.)
Why it's worth watching: Managed security services are gaining in popularity, but there are few today that act as secure Web gateway services.
How company got its start: Co-founders Mike Van Bruinisse, president and COO; Paul Judge, CTO; and Mark Caldwell, vice president of sales, were formerly executives at messaging-security firm Ciphertrust, acquired by Secure Computing two years ago. They saw an opportunity in providing Web security as a service.
How company got its name: Purewire expresses the idea of providing business users with a connection to the Internet free of malware during Web use.
CEO: Steve Raber was formerly president and CEO at CipherTrust, and his 25-year career includes managing director at iGate Capital, vice president and general manager of Compaq's global professional services, and 18 years with IBM.
Funding: $1.75 million from its co-founders and angel investors, and $2 million from other sources, including Imlay Investments, and $1 million from InterSouth Partners and the State of Georgia Seed Fund.
Customers: Technical College System of Georgia, the state agency responsible for overseeing the state's technical colleges and adult-education programs, S1 Corp., Peachtree benefits and Tabletop Media
Headquarters: Sunnyvale, Calif.
Focus: The Transaction Networking System (TNS) appliance for network-based entitlement control via Layer 7 access-control lists to guard user access to applications.
Why it's worth watching: Designed by former Cisco engineers, TNS aims to upend the traditional perimeter firewall through its own method of controlling user access to applications via Layer 7 access-control lists.
How company got its start:
Rohati's five co-founders, who had all been working for Cisco, departed the router giant in the spring of 2006 to launch the start-up to pursue their idea of a more modern type of firewall.