A colleague recently asked me for my expert opinion on exciting security start-ups to keep an eye on. He was interested in who the next Palo Alto or MobileIron would be. So I put my future forward looking cap on and came up with the following in no particular order.
These are the ones I’ve been tagging on Google Alerts for the last 6 months or so.
1. Bromium – http://www.bromium.com/
These guys are currently in “stealth mode” so not alot of details of what they’re doing. But you only have to look at who founded Bromium to get an idea. Simon Crosby, Gaurav Banga and Ian Pratt were all founders or close to it at Citrix. Crosby left Citrix June 2011 to found Bromium and by his own words he’s looking to use virtualisation as a security container of sorts to protect endpoints. In a blog post Crosby wrote Bromium is “fusing deep virtualization and security systems DNA to build a powerful set of tools that can offer continuous endpoint protection.”
Another reason you should watch Bromium is that Andreessen Horowitz, Ignition Partners and Lightspeed Venture Partners have just invested $9.2 million in seed money. These guys normally have a very good hit rate when looking at start-ups.
2. Crowdstrike – http://www.crowdstrike.com/
Another currently in stealth mode, founded by a couple of ex-colleagues of mine at McAfee, George Kurtz who was McAfee’s CTO and Dimitri Alperovitch who headed up Threat Research. Kurtz is also co-author of the best selling hacking book of all time “Hacking Exposed” Kurtz and Alperovitch together were a big reason why McAfee was leading edge in security technology and mindshare, think of Project Aurora, Night Dragon and Shady Rat. They’ve also managed to tag $26 million dollars of funding from Warburg Pincus.
Kurtz’s blog states “By identifying the adversary and revealing their unique TTPs (i.e. modus operandi), we can hit them where it counts – at the human-dependent and not easily scalable parts of their operations.” This almost sounds like counter attack against the adversary, hence the name CrowdStrike. My concern for CrowdStrike is what happens if groups like Anonymous or Lulzsec turn their attentions onto them much the same way they went after HBGary.
3. Appthority – http://www.appthority.com/
Appthority was founded by Anthony Bettini, another ex-McAfee employee from it’s Foundstone acquisition and was a technical editor on “Hacking Exposed”. His co-founder is another ex-McAfee employee Kevin Watkins who worked for Dimitri Alperovitch at McAfee. Appthority recently won the Most Innovative Company prize at RSAConference 2012.
What differentiates Appthority from your MobileIron and Good Technology is they provide reputation based security for apps which are then fed to customers to use as part of their Mobile Device Management policies. Appthority will integrate with most leading Mobile Device Management solutions and one can see the day where they’ll be swallowed up by a McAfee, Sybase or even Good Technology.
Unlike CrowdStrike and Bromium who are still in stealth mode, Appthority have solutions in the market at the moment with a growing customer base.
To throw the net wider, any security start-up in the Cloud or Mobility space deserves a look. I find the other main ingredient is star power ie, an ex-CTO or CIO from a Symantec, McAfee etc makes it alot easier to generate funding from the Venture Capital firms.