Security Startups Jostle for Demo Spotlight

At Demo, security startups show off privacy, virus and malware protection and detection products.

HUNTINGTON BEACH, Calif.—Looking to take advantage of the buzz around Internet security, a cast of small companies helped kick off the Demo emerging technology show by showing off a range of new enterprise and consumer-facing products.

Among the startups making news here was Sana Security Inc., a company based in San Mateo, Calif., which is hawking an anti-virus software product that promises to thwart malicious attack without the use of signature updates.

Sana lifted the wraps off a new iteration of its Active MDT (Malware Defense Technology), an update that is capable of detecting removing malware without the use of signatures or scanning.

Instead of rules and signatures, the technology allows Sanas Primary Response Client Agent to learn file path behaviors to respond to anomaly-based threats.

"By exploring different forms of malware, weve developed technology capable of protecting against threat behavior rather than relying on signatures or single-bit rules," said Timothy Eades, vice president of sales and marketing at Sana.

Eades said the product can help businesses protect against the latest threats from spyware, adware and other malicious programs.

Security experts have long warned that the industry must shift away from signature-based virus protection because new strains of malware are capable of disabling anti-virus and other protection to render computers defenseless.

Earlier this year, in a sophisticated Trojan attack, malicious hackers successfully launched three malware programs that communicated with each other to infect the machine, disable anti-virus software and leave a back door open for future malicious use.

/zimages/1/28571.gifRead more here about a recent triple-barrelled Trojan attack that created botnets.

Another security play attracting attention at Demo was Barracuda Networks Inc., a company that is elbowing its way into the crowded instant messaging security space.

The company showed off its new Barracuda IM Firewall, an all-in-one appliance that combines an instant messaging server with consumer IM traffic filtering, IM archiving and policy management technologies.

With the threat of chat network worms on the rise, Barracuda, based in Mountain View, Calif., is looking to find business in a market currently dominated by companies like IMLogic Inc. and Akonix Systems Inc.

/zimages/1/28571.gifClick here to read about an initiative to use vulnerable machines, or "honey pots," to track malicious activity.

Chris Penner, director of product management at Barracuda, said he believes the company can gain traction in the health care, financial and legal sectors, where compliance laws require the archiving of all traffic within a network.

"Were pretty focused on compliance," Penner said in an interview. "We provide keyword notification so a company can get an alert when a violation occurs. Thats an important requirement for some companies that want to block or shut off an employees IM access if theres a violation."

Barracudas appliance allows a business to secure, monitor and manage all instant messaging communication. In addition to logging, Penner said Barracudas appliance also handles identity management, a feature that maps an unidentifiable screen name to the employee on the network using that name.

It can also be used in an enterprise to archive all public IM traffic as well as provide an internal IM server for security corporate chat sessions.

Kenai Systems Inc., of Rocklin, Calif., was also present at Demo to showcase eXamine Enterprise, a point-and-click testing tool for Web Services environments. Kenais software automates the execution of quality assurance and certification tests to improve the security of SOA (service-oriented architecture) implementations.

San Francisco-based UniPrivacy Inc. took to the stage to demo DeleteNow, a subscription-based privacy service that trawls the Web to find and delete personal and confidential data from search engines and databases.

/zimages/1/28571.gifSpyware researchers discover an ID theft ring. Click here to read more.

Using a proprietary Digital Purge Engine, company officials said, DeleteNow can be used to erase names, addresses, phone numbers and social security numbers from publicly available directories, databases and search engines.

"Until now, credit monitoring services were about the only tool available to help consumers looking to monitor their privacy," UniPrivacy founder Chaz Berman said. "[That] only informs the consumer once they are already a victim. [We] go one step further by giving individuals a proactive method to help avoid identity theft before it happens," he said.

Nand Mulchandani, vice president of business development at Determina Inc. in Redwood City, Calif., took to the stage to announce the rollout of new intrusion prevention software that beefs up server security during the vulnerable period while a company struggles with the complications of patch deployment.

"We focus on securing against the vulnerabilities instead of actual attacks," Mulchandani said, stressing that Determinas Vulnerability Protection Suite can protect security businesses from malware that exploits the most common security holes.

The suite includes Determinas Memory Firewall and LiveShield, two products that provide protection for vulnerable code before vendor patches are applied. More importantly, Mulchandani said, businesses can secure applications "on the fly" without requiring restarts and expensive downtime.

Another startup competing for limelight at Demo is Workshare Inc., a company that markets document security technology. Workshares new technology, code-named Hygiene, delivers an automated way to remove content security risks from Microsoft Office documents.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.