It’s the first of May and the first day out of stealth mode for three start-ups. Two security companies and a security e-zine are celebrating their debuts. In some quarters there is talk that the days of security innovation are over; that the established players have it covered, or that Microsoft is finally going to fix everything with Windows Vista. And yet, the number of companies with security products is still exploding. IT-Harvest maintains a Knowledge-Base of over 750 security companies. The current rate of discovery indicates that by the time European and AsiaPac entries are completed there will be 1,500 vendors in the data base.
Today FireEye is coming out of stealth mode with what I want to call VM IPS: Intrusion Prevention Systems running on Virtual Machines. The product resides not at the gateway but in the wiring closet with the LAN switch. It detects PCs with malicious behavior like a worm or Trojan by running their traffic through a set of Windows instances on one appliance. It can then instruct the LAN switch to deny access or quarantine it until it can be fixed up. This is far better than those so-called Network Admission Control solutions that rely on the PC to report its health before being allowed on the network. (The PC is infected and you are going to trust it?)
The other start-up making its debut is from industry veterans Bob Bales and Roger Thompson who are getting the band back together. Their last gig was Pest Patrol, sold to CA in 2004. Exploit Prevention Labs has an end-point solution, SocketShield, that identifies and blocks malware based on its behavior. The purpose of their product is to protect your PC during that vulnerable stage between when the exploit is made public and a patch is available. It relies on Roger’s research to push out defenses tailored to each new attack. With it you would have been safe from the Windows Meta File exploits that were deployed last Christmas.
Today marks the launch of DarkReading an e-zine devoted to IT security. The name begins to make sense when you realize it is a sister publication to LightReading, the networking e-zine. See my new DarkReading column on why Microsoft should stop working towards their master plan of Windows on everything and support specialized operating systems for different platforms.
This is a good beginning for May. I am posting this blog from the conference room of MuSecurity which is in early ramp-up phase with their Security Analyzer, the Mu-4000, an appliance that can run through millions of checks of a device to see if it is interpreting protocols correctly. I expect there to be at least two dozen more security companies in 2006.