- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
Two security start-ups have released their first products this week, claiming to break new ground in the way companies evaluate app security and stop information leaks.
Veracode's software automatically evaluates companies' own software for security problems, and Provilla makes a system designed to keep tabs on sensitive data. Both officially launched on Monday.
Veracode announced $19.5 million in venture capital funding at the same time as launching several versions of its automatic, on-demand security analysis system, SecurityReview. The company said SecurityReview is the industry's first on-demand security review service.
The service comes in three flavors: for enterprises, vendors and partners. Enterprises can use the service to continually evaluate programs for security issues, including bugs in the binaries, but also such higher-level issues as missing security features, or problems that can arise from combining two otherwise secure programs.
The vendor version looks at security that has been purchased before it's integrated into the rest of the infrastructure, and works with vendors to improve their applications. The partner version lets platform vendors evaluate the security level of partner-developed applications.
Because the service analyses binaries, companies don't have to allow outsiders access to their source code. Its approach has limitations, though - it doesn't provide manual analysis and doesn't fix the problems it uncovers, like some security firms.
Companies can stumble into security issues even if all their programs, separately, are secure, said Veracode chief scientist and co-founder Christien Rioux in a company blog post. The ability to continually scan programs is one answer to this problem, he said. "The digital immune system needs to be ‘always-on’, and deal with the occasional infection with speed and then come to recognize problems quicker the next time they surface."
The company's president and chief executive, Matthew Moynahan, is former vice president of Symantec’s Consumer Products and Solutions division.
Device lockdown
Meanwhile, Provilla makes a distributed system called LeakProof designed to address the security threat posed by ever more mobile and transient devices, including laptops, USB keys and wireless networks.
The system has a server and a lightweight application that runs in the background on endpoints such as PCs and laptops, recognizing data that has been designated as sensitive via its algorithmic "fingerprints".
It is designed to address a wide variety of potential leak points, including network or I/O ports such as USB, Firewire, PCMCIA, Bluetooth, Wi-Fi, IrDA, serial and parallel ports, and devices such as USB drives, flash cards, (S)ATA and EIDE storage, printers, video cameras and other imaging devices.
The system monitors e-mail services, instant messaging systems, Web sites, ftp servers and peer to peer networks, and can operate on laptops and PDAs even when they are offline, since the agent locally stores its own updated fingerprint database.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment