One common thread is helping to make detection and remediation easier
A wealth of young security companies is trying to capitalize on businesses moving toward security platforms that help them respond more quickly when they suffer successful cyberattacks in hopes of limiting the damage they do.
These firms take varying approaches to cybersecurity, including analyzing suspected attacks, automating responses, encrypting to make data theft more difficult, and sorting through alerts triggered by other security platforms to help prioritize responses.
These startups are plowing fertile ground, with corporate customers eager to avoid destructive attacks that can hurt their brand names. At the same time customers are fighting ever more inventive adversaries whose exploits require new defensive approaches.
So they are willing to open their wallets, with 46% of respondents to a Computerworld survey of IT leaders saying their spending on security this year will show double-digit increases while at the same time overall IT spending increases only 4.3% - so security is definitely a priority. In fact it has been for the past 10 years, Computerworld says, getting double-digit boosts in each year.
Here are 10 startups worth watching this year because they bring fresh eyes, talent and investment to problems that continue to plague security executives
Fun fact: John Thompson, Microsoft’s chairman, sits on Illumio’s board.
Why we’re following it: Illumio’s Adaptive Security Platform enforces policies about what specific ports on what machines are allowed to talk to what other ports on what other machines in order to limit that damage a compromised machine can do by limiting what it is capable of doing. This is a valuable asset at a time when breaches are accepted as inevitable. The platform also sends alerts when machines try to violate policies so staff can remediate the problem.
Fun fact: Founders Engel and Mumcuoglu served in the Israeli Defense Force
Why we’re following it: LightCyber’s Magna Breach Detection Platform provides agentless monitoring and analysis of endpoint machines as it looks for signs of possible intrusions. It winnows out incidents that are most likely intrusions and sends alerts, prioritizing and greatly reducing the number of incidents that have to be checked out by human analysts. The company is methodically going about adding integration with other security platforms so Magna Breach has a mechanism for automatically blocking detected threats. Integration partners so far include Palo Alto, Check Point, RSA Arcsight, FortKnox and Microsoft (Active Directory).
Fun fact: The company name comes from its algorithms that look for events that are statistical outliers.
Why we’re following it: Outlier’s detection and forensic tools are designed to help analysts respond to compromises more quickly, making the analysts more efficient. The system passively analyzes endpoints through data gathered by Windows Network Services and Windows Management Instrumentation and triggers alerts when it detects suspicious behavior. The alerts are accompanied by a compilation of the data that led the platform to conclude there was an intrusion, giving analysts a jump on where to check for compromised machines and figure out what action to take.
White House making it easier to get an L-1 visa
Uber's Amsterdam office raided by Dutch authorities
Cisco patches autonomic networking flaws in IOS routers and switches
Leaders: Executive Chairman Steven Chen, President Jeffrey H. Reed, CTO Carlos R. Aguayo
Fun fact: The technology comes from research at Virginia Tech funded by the Department of Defense, the Defense Advanced Research Projects Agency, and the Department of Homeland Security that sought a way to identify whether software-defined radios have unauthorized software running on them
Why we’re following it: PFP’s system monitors CPUs to establish baseline radio-frequency activity when devices are known to be performing legitimate tasks. Its analysis engine can detect anomalies from that baseline that indicate the device is running unauthorized processes that could indicate a breach. Its reliance on hardware cues and its physical separation from the devices it monitors make it difficult for attackers to circumvent. It can be used to detect infections on devices delivered from the factory as well as those in the field.
Fun fact: Chief Security Office Justin Harvey has worked for successful security vendors - FireEye/Mandiant and Hewlett-Packard/ArcSight
Why we’re following it: Resolution1’s endpoint agent can identify and verify malicious behavior then automate the resolution workflow. It integrates with third-party security systems to validate alerts they send in order to reduce the number of false-positives security teams have to chase down.
Fun fact: The company says a supercomputer making 19 quadrillion calculations per second would have to work for about 30 times the age of the universe to crack its encryption.
Why we’re following it: Secure Channels offers a platform that enables flexibly encryption parameters that give customers great leeway in determining the strength and complexity of the encryption. Secure Channels’ encryption for data at rest or data in motion quickly breaks it in to varying sized chunks and encrypts each chunk with its own key. The technology gives users the option to first encrypt an entire document, then further encrypt that in chunks so that even when a chunk is decrypted, it doesn’t appear as plain text. Its encryption schemes work with whatever encryption algorithms a business has on hand. The software runs entirely in RAM and randomizes its use of processor clock cycles to disguise patterns in the underlying data.
Fun fact: The company started life under the name Foresight.
Why we’re following it: Sentrix mirrors customers’ Web sites in Amazon Web Services and Azure clouds where it dynamically expands site resources during distributed denial-of-service attacks to keep the sites running until attackers exhaust their resources, give up or move on to easier targets. Data requests that get delivered to customers’ actual Web server back-ends are limited to those seeking the business-logic of the sites, not static content. This is a unique service that supplements other defenses and can keep sites up and running during a range of attack types including distributed denial-of-service, cross-site scripting, cross-site request forgery, SQL injection and website defacement.
Fun fact: The name Swimlane comes from a term used in security operations centers meaning a person’s area of responsibility.
Why we’re following it: Swimlane makes it simpler to gather data from its customers’ various security platforms, evaluate alerts and automate responses and puts all this in the context of faster response time and saving money. It gives each customer flexibility in what security platforms it deploys and reduces the time analysts have to spend figuring out what the current threat is. While other startups may have more money and bigger names, Swimlane is trying to address a real problem expressed by specific customers, which could be a recipe for success.
Fun fact: Tempered’s technology stems from a project at Boeing to secure its manufacturing systems.
Why we’re following it: Tempered’s appliances can create multiple overlay networks within existing network infrastructure, securing traffic in each from all the others, giving businesses the capability to isolate sensitive devices from the Internet, for example, without having to re-architect the entire network. Its founders, Hussey and Mattes, have impressive credentials and have attracted investments of credible venture capital firms.
Fun fact: Evers and Flowers have worked together three times before at nCircle, kozoru and Inquisit.
Why we’re following it: The company uses patented technology to create lightweight malware markers called behavior expressions that can detect all known attacks using a relatively small library of these markers as opposed to traditional signature libraries. For example, it says it can identify all known viruses using just 14 sets of behavior expressions. The company claims that in two years of testing attackers have never been able to compromise its platform protects. It can protect systems against attacks trying to exploit newly found vulnerabilities, so the company has issued its first version for Windows XP machines, which Microsoft no longer patches. It plans to support other Windows operating systems, Linux and Macs by the end of 2015.
A wealth of young security companies is trying to capitalize on businesses moving toward security platforms that help them respond more quickly when they suffer successful cyberattacks in hopes of limiting the damage they do.
These firms take varying approaches to cybersecurity, including analyzing suspected attacks, automating responses, encrypting to make data theft more difficult, and sorting through alerts triggered by other security platforms to help prioritize responses.
These startups are plowing fertile ground, with corporate customers eager to avoid destructive attacks that can hurt their brand names. At the same time customers are fighting ever more inventive adversaries whose exploits require new defensive approaches.
So they are willing to open their wallets, with 46% of respondents to a Computerworld survey of IT leaders saying their spending on security this year will show double-digit increases while at the same time overall IT spending increases only 4.3% - so security is definitely a priority. In fact it has been for the past 10 years, Computerworld says, getting double-digit boosts in each year.
Here are 10 startups worth watching this year because they bring fresh eyes, talent and investment to problems that continue to plague security executives
Fun fact: John Thompson, Microsoft’s chairman, sits on Illumio’s board.
Why we’re following it: Illumio’s Adaptive Security Platform enforces policies about what specific ports on what machines are allowed to talk to what other ports on what other machines in order to limit that damage a compromised machine can do by limiting what it is capable of doing. This is a valuable asset at a time when breaches are accepted as inevitable. The platform also sends alerts when machines try to violate policies so staff can remediate the problem.
Fun fact: Founders Engel and Mumcuoglu served in the Israeli Defense Force
Why we’re following it: LightCyber’s Magna Breach Detection Platform provides agentless monitoring and analysis of endpoint machines as it looks for signs of possible intrusions. It winnows out incidents that are most likely intrusions and sends alerts, prioritizing and greatly reducing the number of incidents that have to be checked out by human analysts. The company is methodically going about adding integration with other security platforms so Magna Breach has a mechanism for automatically blocking detected threats. Integration partners so far include Palo Alto, Check Point, RSA Arcsight, FortKnox and Microsoft (Active Directory).
Fun fact: The company name comes from its algorithms that look for events that are statistical outliers.
Why we’re following it: Outlier’s detection and forensic tools are designed to help analysts respond to compromises more quickly, making the analysts more efficient. The system passively analyzes endpoints through data gathered by Windows Network Services and Windows Management Instrumentation and triggers alerts when it detects suspicious behavior. The alerts are accompanied by a compilation of the data that led the platform to conclude there was an intrusion, giving analysts a jump on where to check for compromised machines and figure out what action to take.
White House making it easier to get an L-1 visa
Uber's Amsterdam office raided by Dutch authorities
Cisco patches autonomic networking flaws in IOS routers and switches
Leaders: Executive Chairman Steven Chen, President Jeffrey H. Reed, CTO Carlos R. Aguayo
Fun fact: The technology comes from research at Virginia Tech funded by the Department of Defense, the Defense Advanced Research Projects Agency, and the Department of Homeland Security that sought a way to identify whether software-defined radios have unauthorized software running on them
Why we’re following it: PFP’s system monitors CPUs to establish baseline radio-frequency activity when devices are known to be performing legitimate tasks. Its analysis engine can detect anomalies from that baseline that indicate the device is running unauthorized processes that could indicate a breach. Its reliance on hardware cues and its physical separation from the devices it monitors make it difficult for attackers to circumvent. It can be used to detect infections on devices delivered from the factory as well as those in the field.
Fun fact: Chief Security Office Justin Harvey has worked for successful security vendors - FireEye/Mandiant and Hewlett-Packard/ArcSight
Why we’re following it: Resolution1’s endpoint agent can identify and verify malicious behavior then automate the resolution workflow. It integrates with third-party security systems to validate alerts they send in order to reduce the number of false-positives security teams have to chase down.
Fun fact: The company says a supercomputer making 19 quadrillion calculations per second would have to work for about 30 times the age of the universe to crack its encryption.
Why we’re following it: Secure Channels offers a platform that enables flexibly encryption parameters that give customers great leeway in determining the strength and complexity of the encryption. Secure Channels’ encryption for data at rest or data in motion quickly breaks it in to varying sized chunks and encrypts each chunk with its own key. The technology gives users the option to first encrypt an entire document, then further encrypt that in chunks so that even when a chunk is decrypted, it doesn’t appear as plain text. Its encryption schemes work with whatever encryption algorithms a business has on hand. The software runs entirely in RAM and randomizes its use of processor clock cycles to disguise patterns in the underlying data.
Fun fact: The company started life under the name Foresight.
Why we’re following it: Sentrix mirrors customers’ Web sites in Amazon Web Services and Azure clouds where it dynamically expands site resources during distributed denial-of-service attacks to keep the sites running until attackers exhaust their resources, give up or move on to easier targets. Data requests that get delivered to customers’ actual Web server back-ends are limited to those seeking the business-logic of the sites, not static content. This is a unique service that supplements other defenses and can keep sites up and running during a range of attack types including distributed denial-of-service, cross-site scripting, cross-site request forgery, SQL injection and website defacement.
Fun fact: The name Swimlane comes from a term used in security operations centers meaning a person’s area of responsibility.
Why we’re following it: Swimlane makes it simpler to gather data from its customers’ various security platforms, evaluate alerts and automate responses and puts all this in the context of faster response time and saving money. It gives each customer flexibility in what security platforms it deploys and reduces the time analysts have to spend figuring out what the current threat is. While other startups may have more money and bigger names, Swimlane is trying to address a real problem expressed by specific customers, which could be a recipe for success.
Fun fact: Tempered’s technology stems from a project at Boeing to secure its manufacturing systems.
Why we’re following it: Tempered’s appliances can create multiple overlay networks within existing network infrastructure, securing traffic in each from all the others, giving businesses the capability to isolate sensitive devices from the Internet, for example, without having to re-architect the entire network. Its founders, Hussey and Mattes, have impressive credentials and have attracted investments of credible venture capital firms.
Fun fact: Evers and Flowers have worked together three times before at nCircle, kozoru and Inquisit.
Why we’re following it: The company uses patented technology to create lightweight malware markers called behavior expressions that can detect all known attacks using a relatively small library of these markers as opposed to traditional signature libraries. For example, it says it can identify all known viruses using just 14 sets of behavior expressions. The company claims that in two years of testing attackers have never been able to compromise its platform protects. It can protect systems against attacks trying to exploit newly found vulnerabilities, so the company has issued its first version for Windows XP machines, which Microsoft no longer patches. It plans to support other Windows operating systems, Linux and Macs by the end of 2015.
