|
The security industry is poised for its biggest upheaval ever in 2010. While defense contractors move into the space (redubbed “cyber”), and the big players adjust their product portfolios by making strategic acquisitions and large IT vendors (HP) break into the space, there are many small companies offering innovative products and services. Here is a list of just a few that are on IT-Harvest’s radar.
Engedi. This is a nascent firm with patents and technology for what I believe will be an important addition to secure access control. Multi-party authentication is as old as countersigned checks and sign-off requirements for product designs. But have you ever used multi-party authentication for remote access? Say you had a critical system maintained by an outside contractor. What if they could not access that system until one of your own people had OK’d it? That is what Engedi makes possible. They also have developed a secure remote management solution to secure and log remote management.
Webscreen Technologies. There are many tools and techniques to block DDoS. I believe Webscreen has a winner with a stateful repository of malicious IP addresses that is continuously updated from data gathered from their install base. Connections from over 4 million IP addresses can be blocked with their gateway appliance. Webscreen Technologies is based in the UK.
Syphan Technologies. For high throughput networks, service providers, and data centers there is Syphan Technologies. They provide DDoS and IPS for 10g networks. Also out of the UK. See my interview with Pravin Mirchandani, CEO of Syphan here.
Prolexic Technologies was originally founded by Barrett Lyon. You can read the fascinating history in the just released “cyber thriller” by Joseph Menn: Fatal System Error. Prolexic has come a long way since those early days. They have shed their shady backers and today provides an amazingly sophisticated response service to attacks. Paul Sop, CTO, recently describe to me how their SOC people have to hand tune their filters during attacks because they evolve in response to defensive measures.
RedWolf Security is another company that Paul Sop is associated with. If you are going to invest in ways to defend against DDoS you should have some way to test your defenses. RedWolf provides that ability. RedWolf's Security Threat Generator simulates a wide variety of security breaches and violations that go beyond the typical attack and penetration scanners.
KSplice is poised to take off. Their software allows you to apply patches to Linux systems without rebooting. How in the world is that possible? They explained to me that they take the source code of your current install and compare a compiled version to the compiled Linux patches. Then they cut and paste the changes into memory. When KSplice perfects their Windows solution they are going to have a hard time keeping up with customer demand!
There are many changes coming to the security industry on the authentication, threat mitigation, and even the make up of major players. These are just five of the interesting new companies to watch. After RSA in San Francisco next month I will be posting more.
Full discloser: I consult with many security vendors on their product and go-to—market strategies. I speak at their events, write white papers, and help them make connections within the IT security space. Some or all of the vendors I describe in this blog may have been or may be clients in the future.
|
