Cyber start-ups on the hunt in security arena

By Deborah L. Cohen

CHICAGO (Reuters.com) - Botnet: In case you're not up on cyber speak, that's the term used for a malicious piece of software code unleashed by Internet criminals to invade the computer networks of companies, governments and individuals, extract proprietary information and deliver it back to a command control center.

It's just one of the many insidious computer threats that entrepreneurs in the Internet security arena are trying to address as the Obama administration shines a public spotlight on concerns over network security in the United States. That exposure is giving new juice to a host of start-ups that believe they can fill holes in the cyber security market.

"There's a lot of technology being developed to prevent something," says Promod Haque, a managing partner with Norwest Venture Partners, a technology-focused venture capital firm in Palo Alto, California. "The field continues to grow. As complexity increases, there's more of a possibility that something could go wrong."

And so it has. Well-publicized fraud schemes such as the theft a year ago of millions of credit card numbers from major retail chains including Barnes & Noble, BJ's Wholesale Club and TJX Companies, have highlighted weaknesses in the cyber flanks of organizations of all sizes, including private enterprises, universities and government systems at the local, state and federal levels.

Beyond worries over the theft of financial data that could be illegally gleaned from the vast universe of daily financial transactions taking place in the virtual world are concerns spanning everything from sophisticated Internet espionage to the possibility that terrorists could wrest control of a major infrastructure system such as a power or water supply, potentially crippling entire areas of the country.

Start-ups are looking to gain traction as public awareness for these issues grows. According to the National Venture Capital Association, an industry group representing private investment firms, some $125.78 million flowed to Internet security companies last year. IT Services, the category under which these applications fall, remains one of the most robust areas of VC investment, along with biotechnology, software, medical devices and industrial/energy.

Among the many newer entrants is FireEye, a 35-man network security venture based in Milpitas, California that is backed by Haque's firm, Norwest, as well as Sequoia Capital, JAFCO Ventures, SVB Capital and DAG Ventures, among others. FireEye's products detect so-called malware threats and protect critical data, intellectual property and networks.

Founder and CEO Ashar Aziz believes that a growing commitment to stem cyber security breaches, including President Obama's pledge in May to make securing the nation's vital computer networks a top priority, is likely to generate broader interest in companies like his in coming months.

"We are not profitable at this point in time but we are steadily ramping our revenue," says Aziz. Large incumbents in the networking space such as Juniper Networks, another FireEye investor, have failed to address some of these weaknesses, leaving a void for start-ups to fill, he says.

"Beyond the federal government, there is significant and growing interest," he adds.

Among the multitude of increasing threats that tech experts identify are the security issues that go along with the accelerated pace of global information-sharing, perhaps best characterized by the growing popularity of social networking sites such as FaceBook, whose stock and trade is primarily information of a personal nature.

"It's sharing across organizations, within organizations, and increasingly - through modes of sharing that people have not been classically doing," says Ravi Sandhu, executive director for the Institute of Cyber Security at the University of Texas at San Antonio. "What does it even mean to secure a social network? It's not clear."

Besides dedicating resources to understand this issue, the institute is concentrating on several other areas of cyber security development, including ways to provide security protection for cloud computing, the broad umbrella of hosted services over the Internet, and better systems for the military.

"The start-ups remain fertile ground for new ideas," says Sandhu. "I expect there will be a robust start-up environment."

To be sure, some are quick to point out the United States in recent years has been slow to adopt new security technologies that have been widely deployed in the private sector, making for a difficult catch-up period. In addition, the government's bureaucratic purchasing procedures create difficult hurdles for entrepreneurs.

"The United States government has arcane and anachronistic procurement processes," says Pascal Levensohn, founder and managing partner of Levensohn Venture Partners, a San Francisco investment firm that has backed a variety of cyber security start-ups.

"Those processes make it exceedingly difficult for emerging companies to sell leading solutions to government," he says. "There has to be a way to bridge that gap."

Levensohn, who addressed this topic at a conference of cyber security investors and entrepreneurs in Chicago earlier this week, believes the answer lies in increased collaboration among all parties with a stake in boosting Internet security: government, academia, corporations, venture capitalist and entrepreneurs.

"We need to develop a coordinated process to accelerate adoption by the government," he says.