Thursday, 26 March 2015

10 young security companies to watch in 2015

One common thread is helping to make detection and remediation easier

A wealth of young security companies is trying to capitalize on businesses moving toward security platforms that help them respond more quickly when they suffer successful cyberattacks in hopes of limiting the damage they do.

These firms take varying approaches to cybersecurity, including analyzing suspected attacks, automating responses, encrypting to make data theft more difficult, and sorting through alerts triggered by other security platforms to help prioritize responses.

These startups are plowing fertile ground, with corporate customers eager to avoid destructive attacks that can hurt their brand names. At the same time customers are fighting ever more inventive adversaries whose exploits require new defensive approaches.

So they are willing to open their wallets, with 46% of respondents to a Computerworld survey of IT leaders saying their spending on security this year will show double-digit increases while at the same time overall IT spending increases only 4.3% - so security is definitely a priority. In fact it has been for the past 10 years, Computerworld says, getting double-digit boosts in each year.

Here are 10 startups worth watching this year because they bring fresh eyes, talent and investment to problems that continue to plague security executives

Fun fact: John Thompson, Microsoft’s chairman, sits on Illumio’s board.
Why we’re following it: Illumio’s Adaptive Security Platform enforces policies about what specific ports on what machines are allowed to talk to what other ports on what other machines in order to limit that damage a compromised machine can do by limiting what it is capable of doing. This is a valuable asset at a time when breaches are accepted as inevitable. The platform also sends alerts when machines try to violate policies so staff can remediate the problem.

Fun fact: Founders Engel and Mumcuoglu served in the Israeli Defense Force
Why we’re following it: LightCyber’s Magna Breach Detection Platform provides agentless monitoring and analysis of endpoint machines as it looks for signs of possible intrusions. It winnows out incidents that are most likely intrusions and sends alerts, prioritizing and greatly reducing the number of incidents that have to be checked out by human analysts. The company is methodically going about adding integration with other security platforms so Magna Breach has a mechanism for automatically blocking detected threats. Integration partners so far include Palo Alto, Check Point, RSA Arcsight, FortKnox and Microsoft (Active Directory).

Fun fact: The company name comes from its algorithms that look for events that are statistical outliers.
Why we’re following it: Outlier’s detection and forensic tools are designed to help analysts respond to compromises more quickly, making the analysts more efficient. The system passively analyzes endpoints through data gathered by Windows Network Services and Windows Management Instrumentation and triggers alerts when it detects suspicious behavior. The alerts are accompanied by a compilation of the data that led the platform to conclude there was an intrusion, giving analysts a jump on where to check for compromised machines and figure out what action to take.

White House making it easier to get an L-1 visa
Uber's Amsterdam office raided by Dutch authorities
Cisco patches autonomic networking flaws in IOS routers and switches

Leaders: Executive Chairman Steven Chen, President Jeffrey H. Reed, CTO Carlos R. Aguayo
Fun fact: The technology comes from research at Virginia Tech funded by the Department of Defense, the Defense Advanced Research Projects Agency, and the Department of Homeland Security that sought a way to identify whether software-defined radios have unauthorized software running on them

Why we’re following it: PFP’s system monitors CPUs to establish baseline radio-frequency activity when devices are known to be performing legitimate tasks. Its analysis engine can detect anomalies from that baseline that indicate the device is running unauthorized processes that could indicate a breach. Its reliance on hardware cues and its physical separation from the devices it monitors make it difficult for attackers to circumvent. It can be used to detect infections on devices delivered from the factory as well as those in the field.

Fun fact: Chief Security Office Justin Harvey has worked for successful security vendors - FireEye/Mandiant and Hewlett-Packard/ArcSight
Why we’re following it: Resolution1’s endpoint agent can identify and verify malicious behavior then automate the resolution workflow. It integrates with third-party security systems to validate alerts they send in order to reduce the number of false-positives security teams have to chase down.

Fun fact: The company says a supercomputer making 19 quadrillion calculations per second would have to work for about 30 times the age of the universe to crack its encryption.
Why we’re following it: Secure Channels offers a platform that enables flexibly encryption parameters that give customers great leeway in determining the strength and complexity of the encryption. Secure Channels’ encryption for data at rest or data in motion quickly breaks it in to varying sized chunks and encrypts each chunk with its own key. The technology gives users the option to first encrypt an entire document, then further encrypt that in chunks so that even when a chunk is decrypted, it doesn’t appear as plain text. Its encryption schemes work with whatever encryption algorithms a business has on hand. The software runs entirely in RAM and randomizes its use of processor clock cycles to disguise patterns in the underlying data.

Fun fact: The company started life under the name Foresight.
Why we’re following it: Sentrix mirrors customers’ Web sites in Amazon Web Services and Azure clouds where it dynamically expands site resources during distributed denial-of-service attacks to keep the sites running until attackers exhaust their resources, give up or move on to easier targets. Data requests that get delivered to customers’ actual Web server back-ends are limited to those seeking the business-logic of the sites, not static content. This is a unique service that supplements other defenses and can keep sites up and running during a range of attack types including distributed denial-of-service, cross-site scripting, cross-site request forgery, SQL injection and website defacement.

Fun fact: The name Swimlane comes from a term used in security operations centers meaning a person’s area of responsibility.
Why we’re following it: Swimlane makes it simpler to gather data from its customers’ various security platforms, evaluate alerts and automate responses and puts all this in the context of faster response time and saving money. It gives each customer flexibility in what security platforms it deploys and reduces the time analysts have to spend figuring out what the current threat is. While other startups may have more money and bigger names, Swimlane is trying to address a real problem expressed by specific customers, which could be a recipe for success.

Fun fact: Tempered’s technology stems from a project at Boeing to secure its manufacturing systems.
Why we’re following it: Tempered’s appliances can create multiple overlay networks within existing network infrastructure, securing traffic in each from all the others, giving businesses the capability to isolate sensitive devices from the Internet, for example, without having to re-architect the entire network. Its founders, Hussey and Mattes, have impressive credentials and have attracted investments of credible venture capital firms.

Fun fact: Evers and Flowers have worked together three times before at nCircle, kozoru and Inquisit.
Why we’re following it: The company uses patented technology to create lightweight malware markers called behavior expressions that can detect all known attacks using a relatively small library of these markers as opposed to traditional signature libraries. For example, it says it can identify all known viruses using just 14 sets of behavior expressions. The company claims that in two years of testing attackers have never been able to compromise its platform protects. It can protect systems against attacks trying to exploit newly found vulnerabilities, so the company has issued its first version for Windows XP machines, which Microsoft no longer patches. It plans to support other Windows operating systems, Linux and Macs by the end of 2015.

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Tuesday, 3 March 2015

iOS vs. Android reaches stalemate and 7 other mobile development trends

Programmers seem to impact just about everything these days and mobile developers, in particular, are playing an ever-growing role in the world. The ubiquity of smartphones and tablets and the rise of the Internet of Things (IoT) make the people who are creating the apps and tools for all the smart devices in our lives all the more important. A new global survey helps to shed light on the trends among mobile developers and the mobile economy, in general.

The 8th edition of VisionMobile’s Developer Economics: State of the Developer Nation Q1 2015, was released earlier this month. The report is based on a survey of over 8,000 mobile developers in 143 countries. Among other things, it reveals trends in the platforms they target, the tools they use, and what motivates their work. Use the arrows above to learn 8 things about mobile developers that you might not have known.

The battle between iOS and Android for developers is at a stalemate

Android is the primary platform for 40% of full time mobile developers worldwide, while 37% of developers build for iOS primarily, a split that hasn’t changed much in a year. iOS dominates for developers in North America and Europe (42% vs 33% for Android), while Android is the dominant primary platform for developers in the rest of the world (48% to 30% for iOS). Windows Phone is in a distant third place among mobile developers, being the primary platform for just 8% of them worldwide followed by those who primarily target mobile browsers, at 7%.

Report quote: “The positions of the platforms are becoming entrenched. Apple cannot move down-market without cannibalising their high-end sales. Android handset makers are increasingly unable to compete effectively for the premium customers. …the battle may already be effectively over.”

Editor's Note: If you are unable to advance to the next slide, try disabling AdBlock. We apologize for the inconvenience.

Mobile developers are adopting Swift at unprecedented rates
Just months after Apple first released Swift, 20% of mobile developers across the globe are already using it, although, just 2% are using it as their primary language, reflecting a decision to proceed cautiously with the new language. Swift is the 7th most popular language among mobile developers, with Java being number one, used by 57% worldwide, with 29% of developers using it as their primary language. The vast majority of developers who’ve adopted Swift, 77%, are already using Objective-C; 29% of Swift programmers still use Objective-C as their primary language.

Report quote: ”... it’s fair to say that adoption levels are totally unprecedented. For a language that’s still evolving and for which the tools are not yet mature … this is highly remarkable.”

The middle class of app developers is disappearing
There’s a growing polarization in the revenues developers earn from apps, with most earning either a whole lot or a whole little. Worldwide, just 24% of mobile developers earn between $1,000 and $10,000 per month in app revenue; more than half (52%) make less than $1,000 per month in app revenue, and 24% earned more than $10k per month. The middle class of app developers is smaller in more developed regions, around 20% in Oceania, North American and Western Europe, than in less developed areas such as South American, Eastern Europe and Russia, where it’s closer to 30%

Developers who do iOS development primarily tend to make the most money and have the largest middle class; 15% earn more than $50,000 per month in revenue, while 37% of iOS-first developers make less than $500 per month. Things are bleaker and more polarized for Android-focussed programmers: 55% earn less than $500 per month in app revenue, while 7% earn more than $50k per month.

Report quote: “In the more mature markets with higher smartphone penetration, the middle class of small independent app developers is disappearing. This is understandable as they compete with larger and more sophisticated developers for direct revenues from the stores but also for contract work with those in other countries with lower living costs. This is causing revenues to polarise.”

Most mobile developers are creating software for the Internet of Things
While the market for software for the Internet of Things (IoT) is still relatively immature, more than half of mobile developers (53%) are already working on IoT projects. However, it appears that most are just experimenting with creating IoT software at this point; 30% of mobile developers working on IoT projects are doing so as purely as a hobby (30%) or as a side project (just under 20%). The top IoT market being targeted by mobile developers is that for home and building management (targeted by 37% of developers) followed by wearables (35%).

Report quote: “The major smartphone players are making their bids for several IoT markets by extending their existing software ecosystems. The most popular [IoT] markets for those developers to target are the ones where the smartphone platforms have their biggest bets.

More mobile developers are using cross-platform tools
83% of mobile developers reported using at least one 3rd party tool. User analytics tools are the most popular, used by 47% of all developers, followed by ad networks (31%), cross-platform tools (30%), push notifications (24%) and games development tools (24%). Developers who primarily targeted iOS were the most likely to use 3rd party tools, with 57% of them using user analytics tools (vs. 47% of Android coders), 36% using app store analytics ( Android: 14%) and 17% using cross-promotion networks (Android: 6%). Cross-platform tools are increasingly popular, now used by 30% of all mobile developers, 40% of mobile browser developers, 34% of iOS programmers, and 25% of Android coders.

Report quote: “Both web hybrid approaches and Xamarin are increasingly popular with enterprise-focused developers. This has resulted in cross-platform tools moving from being uncorrelated with revenues to having a positive correlation. ... there’s a lot of demand from enterprises for cross-platform development.

More mobile developers are using cross-platform tools
83% of mobile developers reported using at least one 3rd party tool. User analytics tools are the most popular, used by 47% of all developers, followed by ad networks (31%), cross-platform tools (30%), push notifications (24%) and games development tools (24%). Developers who primarily targeted iOS were the most likely to use 3rd party tools, with 57% of them using user analytics tools (vs. 47% of Android coders), 36% using app store analytics ( Android: 14%) and 17% using cross-promotion networks (Android: 6%). Cross-platform tools are increasingly popular, now used by 30% of all mobile developers, 40% of mobile browser developers, 34% of iOS programmers, and 25% of Android coders.

Report quote: “Both web hybrid approaches and Xamarin are increasingly popular with enterprise-focused developers. This has resulted in cross-platform tools moving from being uncorrelated with revenues to having a positive correlation. ... there’s a lot of demand from enterprises for cross-platform development.

Mobile developers are increasingly targeting the enterprise
While most mobile developers (64%) still target consumers first, 20% of all mobile developers now primarily target the enterprise, up from 16% six months ago. The greater willingness of businesses to pay for useful software also translates into more revenue for enterprise developers: 45% make more than $10,000 per month vs. just 19% of consumer-focussed developers. Programmers targeting the enterprise are also more likely to develop for cross-platform, since businesses often require it; for example, 11% of enterprise developers target mobile browsers primarily vs. just 5% of consumer-oriented mobile programmers.

Report quote: “... demand for good mobility solutions for enterprises outstrips supply at the moment and really well executed products and services are getting a lot of word-of- mouth marketing. Also, the competition for consumer attention is so fierce that getting a large user base for any app is often prohibitively expensive.

iOS developers, more than others, are motivated by money
VisionMobile segmented mobile developers based on their motivation. Almost half of all developers were classified as either Explorers, those using side projects to gain experience, (23%) or Hunters, those looking build an app business in order to make money (23%). A slightly larger percent of developers who target Android primarily are Explorers (26%) and slightly fewer are Hunters (21%). The largest segment of programmers developing primarily for mobile browsers are Guns For Hire (those developing apps on commission, 19%) followed closely by Explorers (18%). iOS developers, on the other hand, are mostly motivated by money, with 31% being Hunters, 20% classified as Guns For Hire and only 17% being Explorers.

Report quote: “The greater numbers of Hunters [among iOS developers] reflect the higher revenues available and more Guns for Hire reflect a contract market where almost every major business wants their app on iOS.

Mobile developers are chasing the wrong revenue models
The vast majority of mobile developers (73%) are building apps with revenue models based on either app sales (37%) or advertising (36%). However, the revenues generated by both of these models ($40.5 billion in 2015 for app sales and $34 billion by advertising) are dwarfed by the revenue generated by e-commerce ($300 billion). Only 9% of mobile developers are building e-commerce apps, suggesting that they’re missing out on significant revenue opportunities.

Report quote: “Despite the enormous revenue opportunity offered by mobile e-Commerce only 9% of developers are using this revenue model. Unless there’s a lot of e-Commerce related development being done through other models … then there’s a big gap in the market here.




Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com