Amid a security technology landscape that experts say is seriously lagging behind sophisticated malware and hacker techniques, some security startups are taking on the challenge of catching up with attackers.
So many startups are focused on their part of the problem that they don’t realize there are tons of security problems.
Michael Dortch, principal analyst, managing editor, DortchOnIT.com
RSA has identified 10 new security firms for uniquely addressing emerging threats and security weaknesses inherent in emerging technologies. The vendors are vying for the title of “Most Innovative Company at RSA Conference 2012” and industry analysts say the new technologies they are bringing to market are addressing security issues that longstanding security vendors have been struggling with.
The founders of these new security startups have noticed some specific problems, such as weak endpoint control capabilities for mobile devices and a lack of preventative measures to block malicious activity on social networks before they infect users. Mobile device management (MDM) products and over-arching antivirus software, they say, are simply not doing enough to mitigate threats or are failing altogether to keep pace with cybercriminals. The firms say they are creating technologies that address the concerns of both IT professionals and end users in an enterprise setting where data is valuable and increasingly targeted by attackers.
“The history of IT in the enterprise is peppered with cancers that were caused or exacerbated by the fact that technology changes faster than humans can respond to that change. This is in no place more evident than in security,” said Michael Dortch, principal analyst and managing editor of DortchOnIT.com.
As a result of the specific nature of problems like securing mobile devices and identifying malicious behavior before an attack, companies like ionGrid and Impermium have come up with custom technologies they hope will address the needs of the industry.
“There is no magic bullet,” said Eric Ogren, highlighting the fact that the security industry is too complex for a cure-all solution to be possible. Plus with startups, he added, it can be hard to get going even if the security technology works as advertised.
“It’s hard to convince IT pros that something new is good,” said Ogren, who is the principal analyst at the Ogren Group. “Everybody looks for holes in your product, because nobody wants a 90% good security product.”
Ogren described the security industry as “miles behind,” but also argued that’s the nature of the business.
“The attack has to be in the wild before you can develop an antidote to it,” he said. “The present path is almost guaranteed to be behind.”
According to Ogren, as a result of that path, it is important that the security industry tries to improve avenues like virtualization, endpoint security, communicating outside of IT professionals with business professionals and introducing cloud-based approaches. He also advocated for examining user and application traffic on social sites.
Mark Risher, co-founder and CEO of Impermium, is attempting to address that issue with threat detection, noting that more and more businesses rely on social networks for promoting products and services in addition to email.
Risher compared the current state of the social Web to a nascent form of email. As Yahoo Mail’s former spam czar, Risher spent his time adapting security measures to combat and block new spam and phishing emails. Since the late 90’s, the features of email have remained relatively static, he said.
His company intends to stop that from occurring with the social Web. Until now, many social networks haven’t begun to protect their users until after they become victims, Risher said. Users are more trusting of links, messages and other threats, he said.
Social media sites are vulnerable to fraud anytime an untrusted user can create an account. Cybercriminals have taken notice of the new medium and are already exploiting it extensively, sometimes using automated tools to post malicious JavaScript code and set up drive-by attacks.
“What’s scary about the threat matrix is that the bad guys are taking advantage of that really quickly,” said Risher.
A more stable platform will allow owners to “focus on creating a beautiful experience for users” without worrying about what attackers can do with new features, he said.
Impermium says it can stop social networking threats before they have a chance to attack a user’s system. The company receives real-time Web transactions from user-facing websites and analyses them using Imperium’s algorithms (their “secret sauce”), Risher said. Then, based on information retained from all the transactions that are received, Impermium sends a report to the site’s IT staff to let them know what malicious activity they could be facing.
Everybody looks for holes in your product, because nobody wants a 90% good security product.
Eric Ogren, principal analyst, the Ogren Group
Risher acknowledges that there is some grey area in determining what could be malicious traffic in a system, but said that “by providing a real-time service, we help take [a threat] down instantly and prevent it from ever showing up there.”
The overall goal for Impermium is to protect the social Web and the valuable services it offers users in order to enable the kind of communication that is “the reality of our new online connected world,” Risher said. At the RSA conference, Risher said he plans to draw more attention to this growing problem, and impress upon vendors that their protection systems can now be proactive.
Nick Triantos, founder and CEO of ionGrid, is promoting a similar message. Companies need their employees to have access to corporate data outside the office, and ionGrid has designed a way to try to secure the information before it ever leaves a corporate server, preventing data loss or theft.
“What we see is that the landscape for how companies need to collaborate on content is fundamentally changing,” said Triantos. Attackers have also noticed that employees need more mobile access. To keep pace with that change, ionGrid has launched an Apple iPad application called Nexus.
Nexus allows corporate data to be accessed directly from an enterprise’s protected server without ever saving on the tablet’s hard drive. That way, employees always have access to the information and documents they need, and don’t have to worry about the possibility of losing all their personal content if the tablet is lost or stolen.
IT professionals can feel secure knowing the information is safe and sound on the server, and they don’t have to restructure their whole system to integrate the technology. According to Triantos, it takes only 10-20 minutes to install the software, and nothing else needs to be changed.
Programs like Dropbox allow users to access any information they upload, but the security weaknesses introduced by remote storage and file sharing scares IT professionals, Triantos said. MDM products, loved by IT pros because of their ability to remotely wipe and set security controls on a device, make users who want to keep personal information on their smartphones and tablets unhappy; and remote desktop services, which allow employees to access a virtual copy of their desktop at the office from their home computers, perform well—except on the mobile platform, Triantos said.
Triantos thinks Nexus will be appealing to businesses at the conference that are security conscious, and hopes any scrutiny of the application will result in improvement.
“Security experts can look with a critical eye at how you solve things, and so they can help build the most secure product,” he said.
Other top 10 finalists at the conference include Sumo Logic, which provides a cloud-based service that searches log files for threat intelligence; Content Raven, a digital content delivery system; CloudPassage, which attempts to secure servers in dynamic public, private and hybrid cloud environments. Each company is attempting, in their own way, to secure corporate data or optimize existing security measures.
“The single biggest challenge for vendors trying to enter this space is to be able to demonstrate that they understand the scope of the problem,” Dortch said. “So many startups are focused on their part of the problem that they don’t realize there are tons of security problems. They’ve got to position their solutions to make users see how it can work and how it can integrate what I’ve already got and what I’m already doing.”
https://twitter.com/searchsecurity
View all of our RSA 2012 Conference coverage.