June 5, 2012
by Paul Judge
Op-Ed Contributor
Information security (InfoSec) is a unique market because it is driven by not only customer requirements, but also by trends set by the attackers. Therefore, predicting the next wave of InfoSec companies requires the ability to foresee general technology advances and predict attackers? next moves in response.
A majority of the InfoSec market deals with protecting against attacks including vulnerability assessment, network security, endpoint security and content security. Other areas of InfoSec focus on safeguarding data and users such as encryption, identity management, and parts of content security like data leak prevention.
The popularity of new applications, platforms and devices among users make them attractive attack points from which hackers can reach users and gain access to valuable data. We have seen this cycle many times in InfoSec: attackers followed users onto the Internet, onto email, onto the Web, and onto social networks. Atlanta?s succession of InfoSec innovation over the last two decades has followed this path.
Internet Security Systems, acquired by IBM in 2006, (ISS) helped provide security originally as companies were moving to the Internet; CipherTrust, acquired by Secure Computing in 2006, provided email security as email became the de facto ?business communication medium; SPI Dynamics, acquired by HP in 2007, protected websites from attack; and Purewire, acquired by Barracuda Networks in 2009, protected users from malicious websites.
More recently, the rise of the virtual team in which corporate networks are accessed by workers through laptops and mobile devices from remote locations has spawned a whole new category of attacks. Other shifts in general technology usage have also triggered changes in the types of attacks including the rapid growth of wireless LAN. In fact, Atlanta-based AirDefense, acquired by Motorola in 2008, came about as a result of the growth of wireless access points as a new platform and a need to protect them.
Other ways to build valuable InfoSec companies include improving security intelligence, updating enforcement platforms or easing the management of security systems. Damballa was built around algorithms for better security intelligence about botnets. SecureWorks, acquired by Dell in 2011, is an excellent example of combining better management, monitoring and security intelligence. Other companies in the industry are working on more proactive security approaches or even offensive technologies. Endgame Systems provides vulnerability research and intelligence.
Emerging Problems
One sure way to identify opportunities ripe for innovation in InfoSec is to find the pain points and limitations in existing approaches. What areas are customers complaining most about? What areas are going unprotected because no practical solution exists? What aspects of the security ecosystem are lagging behind technology shifts? ?What new types of attacks require a new type of detection or protection system?
For example, there is broad industry agreement that the deployment of signature-based anti-virus is a less than efficacious approach but yet this is still a $6 billion market annually. The lack of viable alternatives makes this an opportunity for massive disruption.
The use of personal mobile devices at the workplace offers another opportunityity. These devices go largely unprotected today because of a lack of an elegant solution. The proliferation of these devices and its impact on corporate networks make this problem a sizable market opportunity.? Atlanta-based AirWatch is focusing on just this problem with its mobile device management solution.
The increasing amount of time spent on social networks by consumers make them attractive targets for new attacks by hackers looking to gain access to personal data and more. As tools to defend against these new threats are limited in this area, it is yet another area that technologists and InfoSec experts can create value.
Encryption and authentication are also areas of opportunity. Both are age-old problems in security; however, it is widely known that there is still an absence of easy-to-use encryption and authentication for the masses. The identity and access management market is a $3 billion market that is in need of innovative solutions. In Atlanta, one company tackling the encryption problem is Social Fortress.
But attacks aren?t only targeted at computer networks. Sometimes attackers take on traditional forms that have been forgotten by the InfoSec community. The humble telephone is one such channel. Caller ID fraud, in which attackers seek to 
obtain sensitive information such as bank account access information from consumers, is on the rise. This was the motivation behind Atlanta-based Pindrop Security. The company focuses on solving phone fraud.
With its pool of experienced security developers and threat researchers, Atlanta provides the ideal environment to continue to build meaningful InfoSec companies. ?With two decades of successful security companies, Atlanta has a unique concentration of security technologists, marketing professionals and sales expertise. The Georgia Tech Information Security Center (GTISC) has over 50 faculty and staff, 30 doctoral students and 70 masters students focused on InfoSec. This base of groundbreaking research and experts is a tremendous resource for sparking the next generation of InfoSec startups.
Enormous shifts in the technology landscape today generate great opportunities for users and developers. However, many of these also disrupt the traditional forms of providing security. These disruptions offer new opportunities to solve security problems and build meaningful companies. Information security is the enabler that allows trustworthy commerce and safe social interactions. Current advances in big data, mobile payments, virtualization, cloud computing, social networking, mobile devices, and networked devices form gaps that are excellent for growing valuable InfoSec companies. Look for the next InfoSec giant to emerge here.
____________________________________________________________
Paul Judge is a serial entrepreneur and angel investor. He was CTO of CipherTrust (acquired by Secure Computing), CTO of Secure Computing (acquired by McAfee), and co-founder and CTO of Purewire (acquired by Barracuda Networks). He recently co-founded Pindrop Security. He currently is Chief Research Officer at Barracuda Networks and Chairman of Pindrop Security. Follow him on Twitter at @pauljudge.
June 2012 Newsletter
summerfest usher fidel castro rick santorum ozzie guillen castro comments phish gluten free diet
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন