• United States
Senior Editor, Network World

Sana Security: A start-up to watch

Apr 21, 20033 mins
Intrusion Detection SoftwareNetworking

These young vendors offer fresh approaches for addressing today's enterprise network challenges, from setting up secure wireless LANs to virtualizing data center resources.

Sana Security

Company name: The founder sees parallels between the human immune system and computers, believing you can “sanitize” server programs against new threats, such as attempts to exploit vulnerabilities.

Origin: Founded in October 2000 by Steven Hofmeyr, a computer scientist and authority on computer security, immunology and adaptive computation.

Funding: A $10 million second round closed in June 2002, bringing total funding to $12 million.

Investors: El Dorado Ventures, Esther Dyson Ventures, The Entrepreneur’s Fund and Sevin Rosen Funds.

CEO: John Zicker, a veteran software entrepreneur.

Product: Primary Response.

Stopping known worm or hacker attacks is something many security products, including antivirus software and firewalls, can do these days. But recognizing and blocking a new and unknown attack? That’s a bigger challenge, and start-up Sana Security is out to prove that you can guard your servers against the perils of the dark unknown.

Sana Security, of San Mateo, Calif., which spent last year in stealth mode under the name Company 51, made its debut in February with server-based software called Primary Response. The software learns the “normal behaviors” of server programs and operating systems in a few days, then is prepared to recognize attacks and either block them or alert administrators, says Steven Hofmeyr, founder and chief scientist.

For now, Primary Response runs on Sun Solaris and Microsoft Windows servers and is priced beginning at $6,500. The company plans IBM AIX and Linux versions.

Early adopters of the intrusion-prevention software buttress Hofmeyr’s claim. “It detects changes and anomalies and gives you an alarm,” says Tammy Lowe, CIO at Smith & Hawken, a retailer in Novato, Calif., that is rolling out Primary Response enterprisewide. “We’ve had people try and attack us from other countries, and it has detected and blocked [the attacks].”

Hofmeyr, a computer scientist who pursued his ideas while working a year at the Massachusetts Institute of Technology’s Artificial Intelligence Lab, explains: “The body has the ability to take on new pathogens it hasn’t seen before and respond to them.” Computers can be given the same sort of advantage by constructing an “immune system” for them that detects abnormal activity, he says.

Developments in this area are known as “behavior-blocking software,” for which a few players are trying to establish a name for themselves. Cisco is acquiring one of those that has, Okena, for $154 million in stock. Others include BBX Technologies, Entercept Security Technologies and Harris.

A drawback to behavior-blocking software is that it can be demanding in terms of configuration and oversight. Sana is out to prove it can sanitize servers without being a management burden.

Go to previous start-up profile | Go to next start-up profile