The evolution of computer security is not merely some dark mirror, passively reflecting advances in technology. While technology provides new opportunities for threats, these become true dangers only when there is a motivation to exploit them and a means to do so.

Stefan Savage, writing in The New York Times, Dec. 5, 2011.

By his own admission, Stefan Savage’s interests are all over the map.

Savage is a professor of computer science at the University of California, San Diego, who works on computer and network security issues with researchers at the University of Washington, where he got his PhD, as well as UC Berkeley, the University of Illinois at Urbana-Champaign, and elsewhere.

Last year, a team led by Savage and UW’s Tadayoshi Kohno showed that a hacker with physical access to an automotive electronic control unit could alter software to stop the engine, disable the brakes, and carry out other nefarious tasks. In follow-up research published earlier this year, Savage and company said they had succeeded in performing similar tasks remotely—using the cellular phone in a car to insert malicious software that enabled them to override various vehicle controls. (Their findings can be found at the website of the Center for Automotive Embedded Systems Security, a UW-UCSD collaboration.)

Savage also has helped lead wide-ranging studies of Internet spam, outlining the global “ecosystem” that supports compromised accounts, spam mailers, credit cards, e-mail lists, and other tools of the trade. This work led to a comprehensive study of just how much revenue spam advertising can generate, even when most of the spam is blocked. In a recently published paper, the scientists from Berkeley and San Diego counted more than 100,000 orders a month in just one spam network. The group also offered a “rough but well-founded” estimate that revenue generated from spam-advertised pharmaceutical drugs amounts to tens of millions of dollars a year.

He recently fielded some questions from Xconomy:

Xconomy: You’ve been involved in so many different aspects of cyber-security. What do you see as the single biggest danger in … Next Page »

Comments | Reprints | Share:          

Lots of action in computer security, especially around New England.

On the same day IBM said it’s acquiring Q1 Labs of Waltham, MA, the security firm McAfee, a recent subsidiary of Santa Clara, CA-based Intel (NASDAQ: INTC), said it has agreed to buy NitroSecurity of Portsmouth, NH. Terms of the deal weren’t disclosed.

NitroSecurity specializes in what’s called security information and event management. Basically, its software helps organizations protect their network infrastructure and IT environments against increasing levels of cyber threats and intrusions—and Nitro claims to do it fast, in minutes rather than hours.

The company started in 1999 and is led by CEO Ken Levine. A year ago, NitroSecurity announced a $6 million Series B financing round from Brookline Venture Partners, First Analysis, and NewSpring Ventures. The firm also said then that it had acquired the security business of LogMatrix, a Marlborough, MA-based company focused on IT and network management. No word yet on whether NitroSecurity’s staff, which totals about 100, will be moving west or staying put.

Nitro’s software encompasses “network security devices, firewalls, operating system and application logs, vulnerability assessment scans, identity and access management systems and privacy systems,” says Levine in a statement. “It will complement the extensive McAfee security portfolio and help to meet the demanding compliance and protection needs of our joint customers.”

Comments (2) | Reprints | Share:          

N-n-n-n-n, n-, n-, n-, n-n-n-n-n-nineteen. Anyone remember that song from the golden age of music and movies?

In any case, IBM has made its 19th acquisition of a Massachusetts software company since 2003. Today Big Blue (NYSE: IBM) announced it is acquiring Waltham, MA-based Q1 Labs, a 10-year-old security software firm that helps businesses see what’s going on in their networks, data centers, and applications. Terms of the deal weren’t given, but it is expected to close this quarter.

Q1 Labs is led by CEO Brendan Hannigan, who will head up IBM’s newly-formed Security Systems Division. The new division will include Q1 and 10 or so other security-related acquisitions IBM has made in the past decade (such as Watchfire, Big Fix, Ounce Labs, Internet Security Systems, and Guardium), as well as IBM’s own research and development in computer security. It’s all part of a broader effort by technology companies to combat sophisticated cyber attacks that increasingly threaten big companies and crucial infrastructure.

Q1 Labs has roughly 150-200 employees, from what I can tell. IBM isn’t saying yet whether those employees will stay in Waltham or move to the IBM Mass Lab in Littleton and Westford. Q1 says it has more than 1,700 customers, including healthcare providers, retail firms, energy and utility companies, financial institutions, government agencies, and wireless service providers.

IBM’s last Massachusetts acquisition was Netezza, a “big data” analytics firm that was snapped up for $1.7 billion a little over a year ago. Former Netezza CEO Jim Baum stayed on at IBM for a year to work on the company transition before leaving the firm last month.

Comments (2) | Reprints | Share:          

Curtis Staker and Roman Yudkin have been busy in the 16 months since they officially launched Confident Technologies of Solana Beach, CA—using salvaged computer security software originally developed by Portland, OR-based Vidoop. As I explained last year, the suburban San Diego company has developed an alternative to the security protocol that requires an online user to provide a username and password to log onto an Internet account. Confident instead uses an image-based verification system, so a registered user selects an easy-to-remember combination of images, such as car, airplane, and fruit.

After raising $1.8 million last year to acquire Vidoop’s assets, CEO Staker says the company raised an additional $2 million in February to help build out the business. Last month, Confident said it was extending its “multi-factor,” image-based verification system to smartphones and other mobile devices.

Today the company is unveiling “Confident KillSwitch,” an add-on image-based authentication technology that is intended to defend user accounts and websites from automated, “brute force” log-in attempts and broadly based, denial-of-service attacks.

Confident says more than half of the major data breaches in 2010 were due to malicious hackers using brute force software (which uses a dictionary database to repeatedly try different passwords) and by exploiting easily guessable passwords, according to a 2011 Data Breach Investigations report. The company also says more than 84 percent of 150 popular websites, including Amazon, eBay, and WordPress, set no limit on the number of failed login attempts.

Confident’s CEO says the reason many companies don’t limit login attempts is that many people can’t readily remember their own user names and passwords. So they keep trying until they get it right—and the companies operating such websites are reluctant to … Next Page »

Comments | Reprints | Share:          

Much of the action this week was taking place downtown, at the 6th annual Convergence Summit hosted by the nonprofit Wireless-Life Sciences Alliance. The three-day conference included CEOs, entrepreneurs, investors, executives, and innovators—and we’ve got the highlights of that and other area life sciences news wrapped up here.

—San Diego’s Qualcomm (NASDAQ: QCOM), the largest wireless chipmaker in the world, said during the summit that it’s helping the X Prize Foundation set the ground rules for a proposed $10 million Tricorder X Prize. X Prize organizers want a real-life medical tricorder—like the one Dr. McCoy used on Star Trek—that is portable, uses wireless sensors, and has the capability to rapidly diagnose patients better than or equal to a panel of board-certified physicians.

—Eric Topol, the Scripps Health cardiologist and director of the Scripps Translational Science Institute, said during his talk at the convergence summit that he wants to start a new medical school for tech-minded students in San Diego. Topol says medical students should be learning how to handle new wireless technologies and genomics in their practice. Topol was instrumental in founding the Cleveland Clinic Lerner College of Medicine in 2002.

—Exton, PA-based ViroPharma (NASDAQ: VPHM) agreed to pay San Diego’s Halozyme Therapeutics (NASDAQ: HALO) as much as $83 million to license Halozyme’s recombinant human hyaluronidase. ViroPharma wants to develop the Halozyme compound as an experimental injection medication for a rare genetic disorder that causes potentially life-threatening swelling.

—San Diego’s Meritage Pharma said its experimental drug for a little-known condition called eosinophilic esophagitis (EoE) passed a mid-stage clinical trial of 71 children. The study found … Next Page »

Comments | Reprints | Share:          

San Diego-based Nukona, a startup developing security management software for mobile devices, has formed a partnership with Integer Wireless, a Newport Beach, CA, engineering firm that provides HIPAA-compliant wireless networks for hospitals, physician groups, and other healthcare providers. Under a partnership announced this week at the Wireless-Life Sciences Alliance’s annual Convergence Summit in San Diego, Integer Wireless will include Nukona’s mobile device applications management platform in its healthcare-related offerings for voice, data, and video communications.

Comments | Reprints | Share:          

[Updated 5/2/11 5:35 pm. See below.] A hacker attack that eviscerated the San Diego data center for the Sony PlayStation Network last month apparently led Sony to also shut down its Station.com online gaming website today. The episode involving the PlayStation Network prompted Sony executives to bow in apology in Tokyo yesterday, according to The Associated Press.

Today, a notice on the websites for both Sony Online Entertainment and Station.com says: “We have had to take the SOE service down temporarily. In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today (Monday). We apologize for any inconvenience and greatly appreciate your patience.”

[Updates with late statement from Sony] A press release from Sony headquarters in Tokyo later clarified that personal information from approximately 24.6 million Sony Online Entertainment accounts “may have been stolen,” as well as certain information from an outdated 2007 database. Sony says today that the compromised information from the 24.6 million accounts consisted of customers’ names, addresses, e-mail addresses, birthdates, gender, phone number, login names and password.

The security breach also affected another 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain—compromising more sensitive personal information, including each customer’s bank account number, customer name, account name, and customer address.

In its statement today, Sony says: “the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.”

According to a wire service report from Japan, the network that supports Sony’s PlayStation video game machines and the company’s Qriocity movie and music services has been shut down since April 20.

The chief of Sony’s PlayStation video game unit was among three executives who bowed for several seconds at the company’s Tokyo headquarters yesterday.

The network, which serves both the PlayStation video game machines and Sony’s Qriocity movie and music services, has been shut down since April 20. It is a system that links gamers worldwide in live play, and also allows users to upgrade and download games and other content.

Comments (2) | Reprints | Share:          

As this week’s massive failure of Amazon Web Services cloud-computing infrastructure continued to roil the Web today, a few things were sadly clear. Perhaps most striking of all: Major service providers and websites—companies with enough money and talent to avoid the problem—didn’t spend nearly enough energy planning for the inevitability of a breakdown.

Yes, it’s probably asking too much for many small startups to double up their cloud-computing spending to prepare for what has been, up to now, a very rare outage from one of the biggest players in IT infrastructure. But what about the service providers that harvest money from that long tail of little companies?

Exhibit A is San Francisco-based Heroku, the hugely popular development and hosting platform that relies on Amazon’s service. When Amazon went down, Heroku went with it—taking along more startups than it had to, if the middleman had hedged its bets more effectively. It’s possible that Heroku had plans to move in that direction eventually, but that obviously that hasn’t happened fast enough to avoid a devastating outage.

That’s not to excuse Amazon’s meltdown or spotty communication with affected parties, which has magnified the problem. But remember that Heroku is no scrappy little startup—the company was purchased just a few months ago by Salesforce.com (NYSE: CRM) for more than $200 million.

“For someone like Heroku, which literally hundreds of startups use—Heroku should start thinking about, ‘OK, what can we do to spread the risk?’” says entrepreneur Shyam Subramanyan, whose San Francisco Bay Area startup list.ly was shut down by the outage. “A lot of people are paying them money.”

Scott Sanchez from CloudNod.com pointed to Los Gatos, CA-based Netflix as a good example of a large company making sure it had redundant protection. “They’re charging half the world $9.95 a month. It’s important for them to stay available, and they invested in the proper architecture. And they didn’t have to point any fingers,” Sanchez says.

On the other side of the coin were companies like popular content-aggregation website Reddit, which was still in a bare-bones mode Friday afternoon because of Amazon’s cloud problems. Reddit, … Next Page »

Comments (2) | Reprints | Share:          

This week we continued to see big financings for mobile technology firms, and acquisitions in the software, cleantech, and life science spaces.

—Movik Networks, a Littleton, MA-based maker of products for helping mobile devices more speedily load Internet content, raised $25 million in a Series C financing. The round was led by new investor Oak Investment Partners, and included return backers Highland Capital Partners and North Bridge Venture Partners. I caught up with Movik CEO John St. Amand to find out how Movik will use the money to reach mobile carriers.

—Worcester, MA-based RXi Pharmaceuticals, a developer of RNA interference therapies, bought Apthera, a developer of peptide immunotherapies for cancer. Apthera shareholders will get 4.8 million shares of RXi, valued at $1.5o apiece before the announcement.

—OfficeDrop, a Cambridge, MA-based startup developing digital filing and scanning software to connect with cloud storage applications, raised $1 million in an angel financing led by New York-based White Owl Capital.

—North Andover, MA-based Nexamp, a firm that helps clients design and develop clean energy projects, said it acquired renewable energy services firm SolVera Energy of Hingham, MA, for an undisclosed sum.

—Jumptap, a Cambridge-based maker of mobile advertising software, raised $20 million of an equity round that could hit almost $28 million, an SEC filing showed. The investors of the funding round weren’t disclosed. Last year Jumptap, founded in 2004, landed a partnership deal with the Japanese firm Cyber Communications (CCI) that included … Next Page »

Comments | Reprints | Share:          

Consider this the latest round in the Boston-area data security war. Hopkinton, MA-based EMC (NYSE: EMC), the data storage giant, said today it has acquired NetWitness, a Virginia-based network security company. Financial terms weren’t given, but EMC says the deal is not expected to have a material impact on the firm’s revenue or earnings per share for the 2011 fiscal year. NetWitness, which has about 130 employees, will operate as part of RSA, the security division of EMC. An EMC spokesperson says the NetWitness team will stay in its new office in Reston, VA, and there are currently no plans for layoffs.

Last month, RSA suffered a much-publicized cyber attack and data breach, related at least in part to RSA’s authentication products, which are widely used by government and big companies to secure sensitive data and documents. RSA recently posted more details about the attack, saying it all started with “phishing” e-mails (with spreadsheet attachments containing malware) sent to RSA employees.

NetWitness, which was founded in 2006, makes software for network monitoring and analysis, as well as identifying advanced types of malware. So its technology, combined with the rest of RSA, should help organizations guard against the “advanced persistent threats” that are targeting critical infrastructure and intellectual property worldwide. That is an area of major tech activity in the Boston area, where numerous companies and research groups are working on software methods to combat these evolving cyber threats.

Today’s EMC acquisition is also part of a broader growth strategy for the firm. We previously documented EMC’s approach to acquisitions last fall (right before its $2.25 billion purchase of Isilon Systems) and, before that, in 2008.

Comments (1) | Reprints | Share:          

Sometimes what’s bad for companies is good for business. That’s the case for a number of Massachusetts security software firms. These days, the Boston area seems to have renewed its claim as an epicenter of cyber security activity.

In the wake of the recent, much-publicized cyber attack on RSA Security, a division of Hopkinton, MA-based EMC (NYSE: EMC), I thought it would be a good time to check on efforts to meet new cyber threats by some local security companies. RSA classified the attack on its system last week as an “advanced persistent threat”—a phrase used to describe a sophisticated effort to target software applications, sensitive data, or end users—but the firm was vague about exactly how it was hacked, what kinds of data were stolen, and what risks its customers face. (RSA said it is working closely with customers, but security expert Bruce Schneier wrote in a blog post that “the company has lost its customers’ trust.”)

This kind of advanced threat is a far cry from the corporate hacking of the past couple of decades. Companies used to be able to defend themselves from rogue hackers by deploying technologies around the perimeter of their network—such as firewalls and “deep packet inspection,” which detects things like viruses and worms as they enter the network. But advanced persistent threats are what defense and intelligence agencies are used to seeing from nation-states (from China to the Middle East to Eastern Europe) trying to hack into government databases—except now their targets include banks, insurance companies, tech firms (Google, Adobe, and others), and critical infrastructure like energy and chemical firms.

All is not lost yet. In addition to big companies like EMC/RSA (which also includes security technology from Network Intelligence), a number of smaller but established software companies are working on ways to combat the latest security threats. One of these companies is Fidelis Security Systems, a nine-year-old firm in Waltham, MA, that is giving corporations and government agencies the ability to continuously identify and analyze threats from within their networks, down to the level of applications, files, and individual sessions.

That’s apparently crucial for fighting advanced persistent threats, which can take the form of anything from malware embedded in a PDF file to tricking an employee into accessing a website and then exploiting a software bug. “When somebody decides to make you a target, they will persistently and, in a very targeted way, try to infiltrate your network,” says Fidelis CEO Peter George.

One big emerging trend is government agencies working together with corporations to try to thwart such attacks. This increased cooperation was evident at the RSA Conference in San Francisco last month, George says, where a number of forums and panels featured “three-star generals sitting side by side with business leaders.” The U.S. government, he says, is “working in collaboration with the biggest enterprises in the world to show them best practices, to show them how to fight advanced threats.”

All of this points to a major mindset shift when it comes to corporate data security. “Organizations should continue to act under the assumption that the attackers are already inside, rather than dedicate excessive time and resources to securing their perimeter,” says Adam Bosnian, executive vice president at Cyber-Ark Software, a Newton, MA-based security company that specializes in managing privileged users and protecting against insider threats, among other things.

Fidelis and Cyber-Ark are part of a thriving cluster of Boston-area security companies … Next Page »

Comments (2) | Reprints | Share:          

“The fantastic advances in the field of electronic communication constitute a greater danger to the privacy of the individual.” 1963 quote from Supreme Court Chief Justice Earl Warren.

I moderated a panel last week for Xconomy that was focused on consumer-oriented healthcare information technology. The panel included 2 hospital chief information officers (one current, one former) and two healthcare IT company executives. The panel itself was preceded by a presentation from Dr. Kevin Patrick, a preventive medicine specialist at UC San Diego and director of the Center for Wireless and Population Health Systems at the California Institute for Telecommunications and Information Technology. Dr. Patrick talked about many things, but among them was a program he is leading that relies on Facebook to support individuals’ weight loss goals. By engaging ones friends and friends-of-friends, goes the theory, one can more effectively stay on track with a weight loss program and work to prevent the scourge of Type II diabetes, among other problems. Dr. Patrick hypothesized that this approach could work with other health-related areas beyond weight management.

In fact, there are already companies trying to cash in on this approach, including PatientsLikeMe, the Cambridge, MA-based company that supports different online communities of patients who share the same life-changing diagnoses. Such specialized communities of electronic show-and-tell may become increasingly prevalent as the era of personal genomics makes it easier and less expensive to diagnose every person’s inherent disposition to disease.

It’s an interesting time for consumers who are theoretically trying to (or being forced to) become more engaged in their own health and to take a greater role in managing their own healthcare. One of the issues oft discussed in this context is privacy and its companion, data security. There is a generally accepted view that patients worry a great deal about the privacy of their healthcare information and much effort is made to protect healthcare data security as a result. Or is it?

One of the questions I asked my panel to respond to was this: does anyone really care about privacy and security when it comes to healthcare or is that just one of those things people are supposed to say? The response from everyone on the panel was the appropriately emphatic “yes, it’s important”, but I am not sure I’m convinced. If Dr. Patrick’s patients are going to use Facebook to share healthcare information with each other, can they really care about privacy and data security? Let’s be real; Facebook is about as secure as Tiger Woods’ hotel room: pretty much anyone can get in.

Some people feel very comfortable freely discussing their … Next Page »

Comments | Reprints | Share:          

If Arbor Networks were a tree, its roots would be in Michigan. Its branches and leaves (and some of its caretakers) would be in Massachusetts. And its proud new owners would be in Texas and Washington, DC—with a lot to live up to.

Earlier this week, Chelmsford, MA-based Arbor Networks, a maker of software for network security and management, said it is being acquired by Texas-based Tektronix Communications, which is owned by Danaher (NYSE: DHR), the technology conglomerate based in the nation’s capital. Financial terms of the deal weren’t disclosed, and at least at first the principals at Arbor and Danaher weren’t saying much beyond the platitudes that typically follow such a merger.

So I spoke with Arbor’s co-founder and chairman, Farnam Jahanian, and the company’s CEO, Colin Doherty, to hear about what the deal really means for Arbor, and to learn more about the company’s 10-year history. As I found out, its story is a pretty compelling case study of a university spinoff that got venture funding, got profitable fast, survived two recessions and a brutally competitive landscape, and emerged on the other side in a stronger position.

First, a few practicalities about the merger. Arbor will stay “whole and intact as an operating unit under the Danaher brand,” says Doherty. The company has 275 employees worldwide—about 90 in the Boston area, 90 in Ann Arbor, MI, and the rest in other locales like London and Singapore. Jahanian is exiting the company, while Doherty will stay on as president of Arbor, which will become part of Danaher’s communications and enterprise group (which comprises a half-dozen companies, including Tektronix Communications, Fluke Networks, and AirMagnet).

Arbor will provide its new parent company with deep Internet security knowledge—what Doherty calls a “security beachhead.” Now “they can detect, secure, and mitigate network security. It was a really good fit for them,” he says. And now, with Danaher’s size and influence, he says, “it’s a unique opportunity for us to change our model…and be part of a larger public vehicle.”

Arbor Networks was founded in 2000 by Jahanian, who is chair of computer science and engineering at the University of Michigan, and Rob Malan, who was Jahanian’s Ph.D. student at U-M and is now Arbor’s chief technology officer (he will stay on as CTO). The company’s core technology, based on Malan’s and Jahanian’s research, involves software that monitors entire computer networks—from data centers and Internet service providers to broadband customers and mobile interfaces—and protects them against all manner of security threats, most notably, denial-of-service attacks that can shut down big networks and popular websites. (Basically, this means there’s a good chance your Internet service … Next Page »

Comments (3) | Reprints | Share:          

When San Diego’s St. Bernard Software announced last week that it was acquiring the assets of Rohnert Park, CA-based Red Condor, CEO Lou Ryan was not available to explain the deal, which was a somewhat-involved transaction.

When I finally caught up with Ryan by telephone, he explained that in addition to buying Red Condor’s e-mail spam-filtering technology, two of Red Condor’s longtime venture investors also made an investment in St. Bernard Software (OTCBB: SBSW) and have joined the board. As part of the deal, Menlo Park, CA-based RWI Ventures and Redwood City, CA-based ATA Ventures, along with certain individual investors, put $3 million into St. Bernard for notes that convert to St. Bernard shares, with a $1.10 conversion price. That might seem optimistic, considering that St. Bernard closed at $0.55 a share yesterday, but the stock has basically doubled since the deal was announced a week ago.

Both of the VC partners involved also have experience with networking technology companies, including both optical and wireless networks. ATA Ventures managing director Mike Hodges, who is joining St. Bernard’s board as a non-voting observer, was the interim CEO at Tellium, an optical networking company spun out of Bellcore in 1997 as a joint venture with SAIC and Ortel. RWI co-founder William Baumel, who joins St. Bernard’s board as a regular director, was a founding shareholder and chairman of Optical Solutions, which was … Next Page »

Comments | Reprints | Share:          

San Diego’s St. Bernard Software, which provides the iPrism network security appliance, said today it has acquired the e-mail security technology and substantially all other assets of Red Condor, a six-year-old startup near Sonoma State University.

St. Bernard (OTCBB: SBSW) says the acquisition of Red Condor’s spam-and-bot filtering technology enhances and expands its security offering, which combines its network security appliances with software and hosted security solutions. The San Diego company says Red Condor’s 34 employees will continue to work in Rohnert Park, CA, giving St. Bernard a presence in Northern California for the first time.

Red Condor CEO Thomas Steding, however, will not continue under St. Bernard’s banner. He has nearly two decades of experience in Internet security, including a stint as founding CEO of Pretty Good Privacy, the company formed around the controversial e-mail encryption software that Philip Zimmerman created in 1991.

St. Bernard did not disclose financial terms of the deal, although a recent filing with securities regulators indicates that Red Condor and some of its lenders got more than 2.4 million restricted common shares of St. Bernard stock, which trades on the over-the-counter bulletin board. Based on today’s close of 35 cents a share, St. Bernard’s offer would be valued at nearly $800,000. However, the transaction was complicated by a related investment in St. Bernard, and a spokeswoman for the company said CEO Lou Ryan was unavailable today to discuss terms of the deal.

St. Bernard says that combining the two companies’ technologies will allow it to offer customers, which range from small Internet Service Providers (ISPs) to large business enterprises, a suite of easy-to-use, cost-effective, and scalable Internet and e-mail security solutions.

As part of the asset acquisition, St. Bernard says it also will get 1,900 new customers as well as Red Condor’s ISP and MSP partner network.

Comments | Reprints | Share:          

Curtis Staker tells me that Portland, OR-based Vidoop had a Web security idea that was just too good to let die. So Staker, a veteran software security executive, helped to acquire Vidoop’s assets in January, moved the software development operation to Solana Beach, CA, near San Diego, and today is launching the reincarnated business as Confident Technologies.

What’s the idea?

Instead of requiring online users to gain access to a secure website by providing a username and password, Confident Technologies has developed an alternative authentication process based on recognizing images. The company says its technology generates a unique, one-time access code each time a user seeks access to a secure website, yet Confident’s approach also is intuitive and easier for customers to remember.

Staker says the human brain has an easier time remembering images and broad categories, such as dogs, airplanes, and flowers, than remembering lengthy strings of letters and numbers—especially when many users must keep multiple user-password combinations for all the different sites they log onto. In terms of intuitive simplicity, Staker says, if you’re searching for your car in a big parking lot, is it easier for you to remember your license plate number, or what your car looks like?

image grid

In announcing its business debut today, Confident Technologies says its approach makes life easier for online users by providing a randomly generated image to protect online transactions and sensitive information. With “image-based verification,” a user selects categories of images that are easy to remember, such as cars, airplanes, and insects, the first time he or she registers with a website, such as an e-commerce or online banking site. Then, every time the user logs into that website, he or she is presented with a grid of randomly generated images—each with a randomly generated number or letter overlaid on the photo. A user simply identifies the images that fit the previously selected categories.

Confident Technologies says its authentication software can work … Next Page »

Comments | Reprints | Share:          

New England’s life sciences and software companies kept us busy with news of early venture rounds, IPOs, and partnerships.

—Battery Ventures, with offices locally in Waltham, MA, announced the close of its ninth fund, at $750 million. Existing limited partners account for about 85 percent of the fund’s investors, said the firm, which also has locations in Israel and California. The new fund will invest in a gamut of industries, including digital media, clean tech, enterprise IT, and semiconductors.

—Sensata Technologies (NYSE:ST), an Attleboro, MA-headquartered maker of sensors and switches, started trading on the New York Stock Exchange last week in an initial public offering priced at $18 a share, the low end of its proposed range of $18 to $20 per share. The 31.6 million-share IPO raised $568.8 million.

—Rapid7, a Boston maker of network security software, pulled in half of a planned $4 million equity offering, according to a regulatory filing. Members of Bain Capital Ventures, an existing Rapid7 investor, were listed as directors on the filing for the $2 million financing, which included a total of eight investors.

—In more IPO news, Cambridge, MA-based Aveo Pharmaceuticals (NASDAQ: AVEO) made its public debut, selling 9 million shares at $9 apiece, well below the initially proposed range of $13 to $15 a share. The cancer drug developer’s stock started trading on the Nasdaq on Friday, and dropped a penny to close at $8.99. Luke wrote that the conservative maiden offering for Aveo attests to public investors’ reluctance toward biotech companies.

—Venture investors, on the other had, showed a bit of enthusiasm. Genetix Pharmaceuticals, a Cambridge developer of gene therapies, pulled in a $35 million Series B round that … Next Page »

Comments | Reprints | Share:          

Boston-based Rapid7, a network security software provider, has sold $2 million of a planned $4 million equity offering, a regulatory filing shows. Members from Bain Capital Ventures, an existing Rapid7 investor, are listed as directors on the filing for the round, which included eight investors. Bain pumped $7 million into the company in 2008.

Comments | Reprints | Share:          

Startups almost never end up doing what they started out doing. The key is, can they adjust to the market and find enough paying customers before they run out of money? Here’s an interesting case study in the making: Napera Networks.

The computer-network security startup, based in Mercer Island, WA—are there any other startups there?—is announcing a new product direction and strategy today. Napera is rolling out network management software that is based entirely in the Internet “cloud,” and will be sold to small-to-medium-sized businesses through a software-as-a-service model. The software, called PC Security Informer, helps IT administrators efficiently manage the security of employees’ computers—dealing proactively with things like anti-virus updates, spyware removal, and firewall breaches.

It sounds pretty straightforward, but the key opportunity is that most smaller companies (with a couple hundred employees or fewer) don’t want to spend a lot of money on complex security systems from Microsoft, Cisco, or Computer Associates (CA), for example. Napera says it offers an easier and cheaper solution to the basic problem of businesses’ machines being insecure.

“We’ve wrapped it in a very Web 2.0-like wrapper,” says Todd Hooper, the CEO and co-founder of Napera. “If you can use Facebook, you can use our apps.”

Hooper, an expert in network security, co-founded Napera in late 2006. Before that, he had co-founded Momentum Pty, an Internet security consultancy in Australia, and audio software firm Trillium Lane Labs, and had been vice president of business development at Seattle-based WatchGuard Technologies.

What’s interesting is not necessarily whether Napera’s technology is really better than that of its competitors, but that the company has found a way to evolve from a … Next Page »

Comments | Reprints | Share:          

In financial results issued late yesterday, San Diego defense contractor SAIC attributed its increased second-quarter revenue and earnings to “recent wins in defense logistics, information technology, and cyber-security,” among other things.

That last part about cyber security may be an understatement, based on a conversation I had last night with Alan Paller.

As a founder and director of research at the SANS (SysAdmin, Audit, Network, Security) Institute, a cooperative computer security organization in the Washington, D.C. area, Paller has a front-row view of the relentless electronic attacks besieging the nation’s computer infrastructure. He gains much of his insights through his work with SANS, which conducts research and training for system administrators, and oversees the Internet Storm Center, a volunteer Internet security monitoring organization. In the 20 years since the institute was founded, Paller also has developed an extensive network of professional connections in network security both in and out of government.

Alan Paller

As Paller told me last night, Internet attacks on government computer networks have become a constant threat, an intense storm that’s not just rattling windows and doors, but also breaking into sensitive government computer systems that store data about U.S. technology. It is a warning he often makes. Yet one reason why SAIC is becoming so crucial stems from testimony he delivered just five months ago to the U.S. Senate Committee on Homeland Security and Government Affairs. In his presentation, Paller emphasizes two new realities about the nation’s cyber-infrastructure:

—Computer attacks by hackers, nation states (e.g. China), organized crime in Eastern Europe, and even terrorist groups have more deeply penetrated U.S. civilian government agencies and the critical national infrastructure computer networks (e.g. computers that control power grids) than has been publicly disclosed.

—The attackers are improving their techniques far faster than the U.S. government has been improving its defenses. In other words, the threat is increasing at an accelerating rate.

Paller contends that SAIC, with its institutional expertise in IT systems integration for U.S. intelligence and defense agencies, is way ahead of other defense contractors because “a lot of the guys with security clearances don’t have the necessary skills.” His insights helped give … Next Page »

Comments | Reprints | Share: