In spite of the headwinds from a stormy economy, these start-up companies are down the runway and taking off with innovative
products and services for information technology security. On their radar can be found a focus on botnet and malware detection
as well as mobile and virtualization security.
Damballa
Founded: 2006
Headquarters: Atlanta
Focus: Detection of botnet-infected computers
Why it's worth watching: With botnets used by criminal organizations to steal sensitive information, there's more incentive than ever to be able to identify infected machines. Damballa's Failsafe gateway appliance, out this year, is designed to spot bot activity on networks.
How company got its start: Its roots have grown from academic research on malware and botnet detection done by Damballa's four founders, Merrick Furst,
Wenke Lee, David Dagon and Richard Lipton, all professors at Georgia Institute of Technology.
How company got its name: A voodoo snake god
CEO: Steven Linowes, formerly in corporate development at Yahoo; also was CEO of Mercatus
Funding: $8.5 million from Sigma Partners, others
Who's using the product: About a dozen, including Procter & Gamble
Dasient
Founded: 2008
Headquarters: Palo Alto, Calif.
Focus: Detection and quarantine of malware infections on Web sites
Why it's worth watching: Millions of Web sites are infected each year because attackers, through various means such as SQL injection attacks, find a way to load up malware onto legitimate Web sites, creating attack pages — a problem Dasient believes its Web Anti-Malware service can mitigate effectively.
How company got its start: Co-founders Neil Daswani (formerly security product manager at Google) and Shariq Rizvi (Google software engineer) departed
Google last year to found Dasient with Ameet Ranadive, whose background include stints at consultancy McKinsey and HP.
How company got its name: Has no specific meaning "but we will give it meaning," the co-founders say
CEO: not named
Funding: $ 2 million from sources that include Radar Partners, Stratton Sclavos, Maples Investment and Eric Benhamou.
Who's using the product: Several beta customers, including Family Communications
Delfigo Security
Founded: 2008
Headquarters: Boston
Focus: Fraud detection for Web sites with log-in procedures
Why it's worth watching: Delfigo's software-as-a-service model delivers a real-time scoring of security risk related to the user's normal Web site authentication
procedures to in order to validate genuine identity. The Delfigo analysis includes geo-spatial IP and keyboard language methods.
How company got its start: As a consultant, Ralph Rodriquez got the idea for the fraud-detection system while observing some Department of Defense systems
combating fraud issues.
How company got its name: Variation on the Latin word "defigo" to fix firmly, secure.
CEO: Rodriguez, previously senior vice president at the technology practice at research firm Aberdeen Group, also was CTO at Brooks
Automation's Enterprise Software Group and CIO at Excelon. Rodriguez is also a Research Fellow at MIT in the School of Engineering.
Funding: undisclosed from Waltham, Mass.-based Stage 1 Ventures
Who's using the product: undisclosed
Related story: Start-up measures user trustworthiness for entry into sites
Egress Software Technologies
Founded: 2007
Headquarters: London, U.K. with U.S. base in Chicago
Focus: Software-as-a-service encryption
Why it's worth watching: Called "Switch," this software-as-a-service that debuted this spring allows the end user, via the Egress client software,
to apply encryption to data on any media type and authorize intended recipients. The Egress Switch in the cloud maintains an audit trail of the shared information, which signals back the data's status, whether it
was decrypted or used, and allowing the data owner to make changes.
How company got its start: Co-founders Tony Pepper (CEO) and Neal Larkin (COO) saw the usefulness in wrapping controls around data being transmitted
via a cloud-based service.
How company got its name: Means data that goes out
CEO: Tony Pepper, formerly executive at Reflex Magnetics, which was acquired by Pointsec, which later became part of Check Point
Funding: Undisclosed and self-funded
Who's using the product: Royal Bank of Scotland, Computer Sciences Corp.
FireID
Founded: 2006
Headquarters: Capetown, South Africa
Focus: Mobile phone security
Why it's worth watching: This South African upstart wants to take on giants RSA and VeriSign in one-time crypto-based password generation with FireID
software. The product, introduced in January, generates a one-time password on mobile phones.
How company got its start: Co-founders and entrepreneurs Justin Stanford and Eric Zlanderen believe the work done by CTO Malan Joubert (the third co-founder)
on OATH-compliant cryptography for mobile phone security will be in demand as mobile-computing with serious applications takes
off.
How company got its name: Burning with ideas, the founders liked the word "fire."
CEO: Jenny Dugmore, formerly regional manager at Sybase
Funding: undisclosed
Who's using the product: Sybase in South Africa as well as firms Tsohle, among others
Founded: 2007
Headquarters: Mountain View, Calif.
Focus: policy-enforcement for VMware security
Why it's worth watching: Virtualization rollouts are spurring new developments in management and security technologies. HyTrust's offering is a policy-enforcement
gateway appliance for VMware.
How company got its start: Two of the co-founders, Eric Chiu and Rena Budko, worked together at Cemaphore Systems, and Budko's prior work experience
at VMware convinced her a policy-management engine for VMware would find need among the user base. The other two founders,
Boris Strongin and Boris Belov, are software design engineers with experience at various high-tech firms, including Determina,
Cisco and Entercept.
How company got its name: high hopes on high trust
CEO: Chiu
Funding: $5.5 million from Trident Capital and Epic Ventures
Who's using the product: Stanford Hospital & Clinics
InDorse Technologies
Founded: 2006
Headquarters: New York City
Focus: SharePoint security
Why it's worth watching: Microsoft's SharePoint server application is popular, and the InDorse Discover, Tag and Protect toolset released in March adds security controls to monitor, detect and if necessary block the
use of data associated with SharePoint, in a manner akin to data-leak prevention and digital rights management.
How company got its start: Founder Rob Marano credits software development work on tagging he saw at a small company called House of Development in
Jeddah, Saudi Arabia for inspiring the creation of the InDorse Suite.
How company got its name: Play on the word "endorse"
CEO: Marano, formerly founder of Riversoft and Micromuse
Funding: $5 million investment from Bahrain-based VC Bank, with House of Development as minority investor
Who's using the product: Undisclosed
SafeMashups
Founded: 2009
Headquarters: San Antonio
Focus: Tools for establishing trust and security in Web 2.0 applications
Why it's worth watching: Web mashups largely lack security controls today, but the SafeMashups MashSLL Web toolkit, as it's called, could change that. It's basically a protocol for a Web application to talk to another
application through a browser to trusted code combined on the fly over the Web in "mashups." This system of trust won't just
require inventive technology, but broad industry support.
How company got its start: Founder Ravi Ganesan became intrigued by the security issues posed by the mashup, where code is re-combined on the fly.
How company got its name: Making mashups safe—or safer at least
CEO: Ganesan, research professor and crypto expert at the University of Texas and previously founder of TriCipher
Funding: Backing under the $3.5 million incubator program at the Institute for Cyber Security at the University of Texas at San Antonio,
which draws in student, staff and university facilities as available resources to work on projects.
Who's using the product: Undisclosed.
Talis Data Systems
Founded: 2006
Headquarters: San Diego
Focus: Network security for the desktop
Why it's worth watching: The Datagent 3.5-inch hardware-based security device, integrated into desktop computers, sets control on access to USB ports and allows
controlled access to networks based on a wide variety of factors, such as domain separation and time of day.
The U.S. military has set up separate networks, such as NIPRnet and SIPRnet, with differing security classifications, and
the Datagent is intended to appeal to that audience, but could find use in commercial business networks, too.
How company got its start: Co-founders, Brad Saunders, Matt Castelli and Terence Slyntz have backgrounds with firms providing support for the military,
including at Holocom Networks, and they saw the need to make it easier to set up compartmentalized networks.
How company got its name: Sounds like "talisman," an object with magical power to protect
CEO: Tom Darton is the firm's president; a CEO has not been named.
Funding: Undisclosed amount of private venture capital that includes a 60% equity stake of $2.3 million from Pilot Power group, a
retail electric provider based in San Diego.
Who's using the product: Undisclosed
Trusteer
Founded: 2006
Headquarters: Tel Aviv, Israel, U.S. headquarters New York City
Focus: Anti-phishing software for the desktop
Why it's worth watching: Primarily intended to be offered by financial services firms to their customers for free, the Web browser plug-in Rapport
software released last year is customized to warn banking customers of phishing attempts and protect online financial transactions.
How company got its start: The rise of sophisticated trojans aimed at stealing financial data was a factor in the decision by Mickey Boodaei to develop
browser-based protection software specifically for the financial sector.
How company got its name: Connotes trust in online transactions
CEO: Boodaei, who previously co-founded Web-application firm Imperva
Funding: $10 million from US Venture Partners and private investors, including Check Point and Imperva founder Shlomo Kramer
Who's using the product: ING Direct, Royal Bank of Scotland, Pennsylvania State Employees Credit Union and about 20 other institutions.
UnboundID
Founded: 2007
Headquarters: Austin
Focus: Building a highly-scalable, high-performance directory server
Why it's worth watching: Large-scale identity and personalization services of the future provided over the Internet and wireless networks will need
directories of user information that must be fast, reliable and scalable, and UnboundID is targeting this.
How company got its start: The founders — Steve Shoaff, Don Bowen, David Ely, Neil Wilson and Andy Land — are experts in directory services and identity
management who, laid off from Sun, went off to build a directory server that's also part database for high-volume data reads
for telecom companies. The UnboundID Directory Server will scale to millions of subscriber entries. Other industries may also
benefit down the road.
How company got its name: ID is identity, unbound is no limits
CEO: Steve Shoaff, formerly technical director and chief of staff of the Identity Management product division at Sun
Funding: About $3 million from Silverton Partners
Who's using the product: Alcatel-Lucent, which is also selling into the telecommunications market.
The Connected Enterprise