January 30, 2012, 7:08 AM — This group of security companies includes several that want to capitalize on technology ideas that were originally devised to serve communities of special interest but could now take on a wider cybersecurity role. Fixmo, for example, has its roots in the National Security Agency where its mobile security makes it possible to run critical applications in sandboxes that are insulated from the rest of the machine, making them less likely to fall victim to malware that might have infected the device.
MORE ON SECURITY: A quick look: The Megaupload Kim Dotcom hullabaloo | Free download: 68 great ideas for running a security department
Or Emerging Threats Pro, which started off as an open source intrusion detection project that needed better-quality assurance to make the leap to widespread use in businesses and as an element of other security products.
And as is often the case with young companies, they form around individuals whose creative spark and energy bring new products to life. Sticking with Emerging Threats Pro, its founder, Matt Jonkman, is also president of the Open Information Security Foundation (OISF), which is working on the Suricata intrusion detection engine on which the commercial venture is based.
Also in this crop of companies to watch, Kenneth Weiss, the daddy of two-factor SecurID authentication, is hoping to make another winner with Universal Secure Registry's three-plus factor authentication. And Matthew and Prince Lee Holloway, both alumni of open source anti-spam Project Honeypot, are continuing their efforts to block junk Internet traffic with their content delivery network, CloudFlare.
Cisco Fellow Patrick Peterson is behind Agari, an email security company based on work Peterson started at IronPort before Cisco bought it. Still a Cisco fellow, he spends most of his time on the new venture.
Here are brief descriptions of a half-dozen security companies to watch, what they can do for enterprises and why they are worth keeping an eye on.
Agari
Headquarters: Palo Alto, Calif. Founded: 2009, as Authentication Networks Funding: $2.5 million Series A funding from Alloy Ventures with participation from Battery Ventures, First Round Capital and Greylock Partners Leader: Cisco Fellow Patrick Peterson Fun fact: The idea for Agari came out of research being done by IronPort when Cisco bought the company. Also, Agari means "to win" in Japanese.
Why we're following it: This email security service will block fake emails, a valuable means for cutting down on successful phishing attacks, but the company gets a leg up because it has support for its portal from AOL, Google, Microsoft and Yahoo, which will be put in place for their customers. Millions of customers will be using it without knowing it.
Key to the service is its accuracy in nailing malicious email without blocking legitimate messages, which company founder Patrick Peterson estimates at one false positive per million blocked messages.
The service can block emails being spoofed under the domain names of legitimate businesses, but also notifies businesses when their domain names are being hijacked to send phishing messages and emails with malicious attachments.
It's worthy of note because it plans to develop support for enterprise-grade email platforms such as Microsoft Exchange. And the company is working to expand support for its filtering to ISPs and telecom carriers in Europe to block the source of more malicious emails.
Success relies on cooperation of major service providers, and Agari has secured that broadly in the U.S. and is seeking it out in other regions. It is also being offered to the financial services industry via the financial services information sharing and analysis center (FS-ISAC), and the Financial Services Roundtable. Information about URLs that are sending illegitimate emails can be sent to takedown services, making a contribution to cleaning up the Internet in general.
