 | |  |
Startup raises $6 million to back security software
By Mary Jane Credeur, Staff Writer, Atlanta Business Chronicle
June 16, 2003 - Although most businesses have devoted lots of time and money in recent years to keeping hackers out of their corporate networks, their more sensitive internal networks have been largely neglected.
That means anyone with a user name and password could, for instance, scan a company's balance sheet or peek at sales prospects.
A group of former Internet Security Systems Inc. employees who recently formed their own company claims their new software product can prevent that from happening.
The founders of Trusted Network Technologies Inc. say their software can ensure that every network user can gain access only to programs and files he or she is authorized to use. The software accomplishes that by attaching an identity component to packets of data that travels across internal networks.
Trusted Network, which is only 9 months old, just raised a $6 million round of venture funding from Flagship Ventures and Charles River Ventures, two national firms that have invested heavily in security upstarts.
"The whole idea behind security comes down to access control, who should have access and what should they have access to?" said Trusted Network CEO Steve Gant, a former intelligence officer in the U.S. Marine Corps. who recently worked in business development at ISS. "No business would let a stranger come in off the street and just wander around the hallways. Why should the network be any different?"
Last fall, Trusted Network founders and engineers David Shay and Derek Gant (Steve's brother), who formerly worked together at startup e-commerce consulting firm NetEffect Corp., began tinkering with packet-level identification tools. They eventually devised a way to attach two forms of user identification to data packets, using technology that is compatible with existing system standards.
They call the system Identity, and it links the identity of the computer and the identity of the user to each network request (such as opening certain files or programs).
Identity then processes every network request through an "enforcement appliance" that verifies whether the employee is authorized to perform that function. If a person is not authorized to access files or programs he is trying to use, the system drops the action and logs that attempt for future audits.
Steve Russ, another co-founder who also came from ISS and once served as a Navy officer on a ballistic missile submarine, likens the technology to the steganography codes used during World War II when American codebreakers hid one encrypted message inside another secret message.
"That makes it exponentially harder to break," Russ said.
Similar previous efforts by large security companies such as Cisco Systems Inc. have not caught on in the commercial markets, mainly because other engineers have tried to develop entirely new infrastructure and standards, which is extremely expensive.
"We took the existing infrastructure and brought access control to it," Steve Gant said of Trusted Network's patent-pending technology. "The ability for packets to carry passports fundamentally changed the game."
Eager investors
Although Trusted Networks is only 9 months old and recently signed its first paying customer, venture capitalists with Flagship and Charles River were eager to put $6 million into the company. The deal closed in a matter of weeks, something practically unheard of during these lean economic times.
"Nobody has tried to solve this problem quite this way," said Austin Westerling, an associate with Charles River who oversaw the Trusted Networks deal and has met with more than 350 security startups looking for funding. "Sometimes the simplest, best innovations are the ones that are so obvious that nobody thought of it before."
Flagship principal Jim Matheson believes Trusted Networks founders will have to educate prospective customers about how different their approach is from other authentication or encryption products on the market.
"This is really the holy grail of what a lot of engineers have been after, and they will have to get people to understand the profundity of what they do," Matheson said. "They are going to have to position Trusted Network as a whole new category."
Analysts say businesses are looking for technology like this, which targets a problem that has been neglected by many large companies.
Contrary to common belief, insiders cause as much as 80 percent of the dollar damages businesses suffer due to security problems, according to Trent Henry, a security analyst with the Burton Group. "We presume that we can trust our employees, but that trust has sometimes shown to have been misplaced," Henry said.
In addition to tangible monetary losses due to security breaches, companies with lax security policies are also losing money on things like employee productivity and wasted bandwidth if employees spend too much time surfing the Web or downloading music and video files.
This may seem Big Brother-ish to some, but Henry says that employees shouldn't be abusing company networks and technology capabilities. "Most companies would say that you never really had access to certain files or Web sites to begin with," he said.
Henry also points out that products like Trusted Network's Identity system may help companies track people's actions if a breach does occur. "This could be a good computer forensic tool if something bad happens," he said.
Who's the competition?
Trusted Networks officials say they don't have any direct competitors that they know of, however authentication companies like Massachusetts-based RSA Security Inc. and California-based Rainbow Technologies Inc. probably will end up competing with Trusted Networks.
Gant believes the systems made by both RSA and Rainbow, which require authentication tokens or cards, are not as foolproof as Trusted Network's system. "Imagine the day trader who leaves his card and tokens at home and he can't do his job," Gant said. "That's the day your security system breaks down."
Trusted Network's Identity system is being beta-tested by several companies right now, and executives plan to use the $6 million investment to beef up their sales and marketing efforts. Trusted Network has about a dozen employees now and plans to hire another half-dozen in the coming months.
The Identity system will cost about $10,000 for smaller companies and multiple millions for large companies.
Some local technology leaders are hopeful that Trusted Network's innovative technology and attraction of out-of-state investors will encourage other technology startups to do the same.
"This is a good indicator for Atlanta that the city can produce new technology like this, and that these people found a new way to solve an old problem," said attorney Martin Tilson, who chairs the technology practice at Kilpatrick Stockton LLP. "ISS is fulfilling an important mission in Atlanta by being a market leader and it's healthy when you see people branch out and start new companies on their own."
Other companies that were founded by former ISS-ers or hired former ISS-ers include SecureWorks Inc., GuardedNet Inc. and SPI Dynamics Inc.
Reach Credeur at mjcredeur@bizjournals.com.
| | |
