A wealth of young security companies is trying to capitalize on businesses moving toward security platforms that help them respond more quickly when they suffer successful cyberattacks in hopes of limiting the damage they do.
These firms take varying approaches to cybersecurity, including analyzing suspected attacks, automating responses, encrypting to make data theft more difficult, and sorting through alerts triggered by other security platforms to help prioritize responses.
These startups are plowing fertile ground, with corporate customers eager to avoid destructive attacks that can hurt their brand names. At the same time customers are fighting ever more inventive adversaries whose exploits require new defensive approaches.
So they are willing to open their wallets, with 46% of respondents to a Computerworld survey of IT leaders saying their spending on security this year will show double-digit increases while at the same time overall IT spending increases only 4.3% - so security is definitely a priority. In fact it has been for the past 10 years, Computerworld says, getting double-digit boosts in each year.
Here are 10 startups worth watching this year because they bring fresh eyes, talent and investment to problems that continue to plague security executives
Headquarters: Sunnyvale, Calif.
Funding: $42.5 million from Andreessen Horowitz, General Catalyst, Formation 8, Data Collective, Salesforce CEO Marc Benioff and Yahoo co-founder Jerry Yang.
Leaders: CEO Andrew Rubin, CTO PJ Kirner
Fun fact: John Thompson, Microsoft’s chairman, sits on Illumio’s board.
Why we’re following it: Illumio’s Adaptive Security Platform enforces policies about what specific ports on what machines are allowed to talk to what other ports on what other machines in order to limit that damage a compromised machine can do by limiting what it is capable of doing. This is a valuable asset at a time when breaches are accepted as inevitable. The platform also sends alerts when machines try to violate policies so staff can remediate the problem.
Headquarters: Ramat Gan, Israel, and Los Altos, Calif.
Funding: $11.5 million from Battery Ventures and Glilot Capital Partners
Leaders: CEO Gonen Fink, Chief Product Officer Giora Engel, CTO Michael Mumcuoglu
Fun fact: Founders Engel and Mumcuoglu served in the Israeli Defense Force
Why we’re following it: LightCyber’s Magna Breach Detection Platform provides agentless monitoring and analysis of endpoint machines as it looks for signs of possible intrusions. It winnows out incidents that are most likely intrusions and sends alerts, prioritizing and greatly reducing the number of incidents that have to be checked out by human analysts. The company is methodically going about adding integration with other security platforms so Magna Breach has a mechanism for automatically blocking detected threats. Integration partners so far include Palo Alto, Check Point, RSA Arcsight, FortKnox and Microsoft (Active Directory).
Headquarters: Zephyr Cove, Nev.
Leaders: CEO Greg Hoglund
Fun fact: The company name comes from its algorithms that look for events that are statistical outliers.
Why we’re following it: Outlier’s detection and forensic tools are designed to help analysts respond to compromises more quickly, making the analysts more efficient. The system passively analyzes endpoints through data gathered by Windows Network Services and Windows Management Instrumentation and triggers alerts when it detects suspicious behavior. The alerts are accompanied by a compilation of the data that led the platform to conclude there was an intrusion, giving analysts a jump on where to check for compromised machines and figure out what action to take.
Headquarters: Vienna, Va.
Funding: $1 million from Blu Venture Investors and CIT GAP Fund.
Leaders: Executive Chairman Steven Chen, President Jeffrey H. Reed, CTO Carlos R. Aguayo
Fun fact: The technology comes from research at Virginia Tech funded by the Department of Defense, the Defense Advanced Research Projects Agency, and the Department of Homeland Security that sought a way to identify whether software-defined radios have unauthorized software running on them
Why we’re following it: PFP’s system monitors CPUs to establish baseline radio-frequency activity when devices are known to be performing legitimate tasks. Its analysis engine can detect anomalies from that baseline that indicate the device is running unauthorized processes that could indicate a breach. Its reliance on hardware cues and its physical separation from the devices it monitors make it difficult for attackers to circumvent. It can be used to detect infections on devices delivered from the factory as well as those in the field.