• United States
Senior Editor, Network World

Security start-ups offer new brands of protection

Jan 26, 20043 mins
Intrusion Detection SoftwareNetwork SecurityNetworking

Three security start-ups this week are vying for a spot in the corporate network with products designed to protect data by monitoring for network-based attacks and stopping outbound transmission of sensitive data.

Three security start-ups this week are vying for a spot in the corporate network with products designed to protect data by monitoring for network-based attacks and stopping outbound transmission of sensitive data.

BeadWindow has built an intrusion-prevention and firewall appliance called BeadWindow 100 that sits at the Internet perimeter to block about 1,000 known attacks detected by Snort, the open source intrusion-detection system (IDS). The appliance, which runs at 300M bit/sec, also can check outbound traffic flows, with options for scanning e-mail content for policy violations such as attempts to transmit sensitive customer data.

One customer using BeadWindow 100 is Jazzercise of Carlsbad, Calif., which has 5,000 franchises that access its Web site. The company mainly has used the intrusion-prevention appliance to block incoming attacks.

While the appliance, which starts at about $11,000, has worked well the past three months, the company says, there have been a few problems that required careful tuning.

“We started out by blocking everything that could be blocked but we found that users couldn’t access some applications,” says David West, director of IT at Jazzercise.

BeadWindow, founded by its President Tim Platt, formerly COO at security firm ZNQ3, is privately funded with less than $1 million.

A second start-up, Vontu, is tackling the challenge of blocking data from leaving the organization if it violates corporate policy. The latest version of its product, Vontu Protect, which ships this week, is Windows server-based software that sits behind the Internet-facing firewall to monitor outbound e-mail-, FTP- and HTTP-based traffic to look for keywords and patterns indicating data that’s not supposed to leave the premises. If it sees forbidden data – such as Social Security numbers or account information, for example – it blocks it and notifies the manager.

“It works by pattern-matching the file to specific data they don’t want going out of the network,” says Jim Hurley, vice president at Aberdeen Group. Hurley says Vontu customers, which prefer not to be named, report that the Vontu product rarely generates false positives in its monitoring of outbound data. Vontu Protect costs $35 per user, with discounts depending on volume.

Vontu, which was founded by CEO Joseph Ansanelli and vice president of engineering Michael Wolfe – both former Kana Communications executives – and CTO Kevin Rowney, has $15 million in venture capital from Benchmark Capital and Venrock Associates, among others.

The third security start-up making its debut is Protego Networks, which has developed what it calls the Mars line of threat management security appliances. These appliances combine a number of security functions: collecting network topology information; vulnerability scanning for network and application holes; and aggregating information from firewalls and IDS to provide a bird’s-eye view of security.

Currently, the Mars appliance line is limited to gathering event information generated by Check Point, Cisco and NetScreen Technologies IDSs and firewalls.

The Mars-50, Mars-100, and Mars-200, which cost $15,000, $45,000 and $75,000, respectively, are mainly differentiated by the number of firewall and IDS each can support via the management console. Mars-200 supports up to 500 devices reporting 10,000 events per second.

The vulnerability scans on the equipment work via integration with Nessus freeware and the eEye Digital Security’s Retina scanner. Protego was founded by its CTO Partha Bhattacharya, formerly technical lead/architect at Cisco for firewalls, ISO security and IDS, with $6.3 million in venture-capital funding from Miramar Ventures.