Their names sound as long-ago as a roll call of vintage car makers; Kalpana, Wellfleet, Synoptics, Xylogics, Fore Networks. These are only a few of the better known startups that helped create the networking industry explosion of the 1990s.
They are gone now of course, but their ideas live on buried deep in the products that keep today’s networks ticking over.
That was networking of a decade ago, but startups go back a lot further, at least as far as Hewlett and Packard’s famous garage beginnings off Silicon Valley’s Highway 101. By the 1960s, it was semiconductor startups making the running, while the 1970s and 1980s saw PC and software companies come out of nowhere to become household names.
As ever the established companies of their time looked on with baffled trepidation: who in the hell are these guys?
Now, with the Internet and e-commerce hangover fading from collective memory, the startups are emerging once again and this time the accent fits perfectly with the mentality of the times – security or, perhaps more accurately, insecurity.
There is certainly plenty to fix for the new crop of companies, most if which date their founding back to around the end of the last investment boom of 2000 and 2001. It has become blindingly obvious that the industry was (and still is) incredibly naïve about the security implications of taking commerce into the online world. The business opportunity hasn’t needed spelling out for small companies looking to push out the bigger players against huge odds.
The prize fighter
Founded in September 2000 as a Gigabit communications chip outfit, Arizona-based Corrent has had managed to move into security appliances in the nick of time. Network performance demands didn’t increase as expected, CEO Richard Takahashi admits, which put the startup under pressure. Then an agreement to supply Check Point gave the company the commercial impetus to use its ASICS as the core of a firewall design.
“We were fortunate when Check Point approached us to accelerate their VPN-1 firewall. We followed the money,” says Takahashi. Today, Corrent has a range of six security firewalls under its own name, and is set to launch with a UK reseller network by the end of the year. It has set a target of turning over $6-7 million in its European operation in 2005, which puts the modest impact a startup can have in financial perspective.
The amazing thing about Corrent is that it has taken on huge companies such as Juniper/Netscreen in a bitterly-contested firewall market that is increasingly governed by the laws of commodity economics. Still the company sticks to the classic startup strategy of undercutting its established rivals in price-performance.
“There are always companies who will go with brand first. The fact that Check Point chose to resell our product gives us credibility,” says Takahashi. “You get funded because you have great ideas. But to survive you have to satisfy the demands of the masses.”
If trying to do it better and cheaper in the mainstream is Corrent’s tack, French security startup Deny All , hopes that its ability to come up with an innovative niche solution will allow it to out-manoeuvre bigger competitors.
The company began life in the difficult business climate of November 2001 as a spin-off from the banking group Societé Génerale, but has since found itself a healthy niche in software and firewalls to protect web applications in banking environments.
“The security market today is very fragmented,” says Deny All CEO Philippe Fauchay. “We expect the market to consolidate and want to be big enough to be part of that game.”
Now launching outside France in earnest, Deny All has one advantage not allowed to Corrent: protecting applications from web-based attacks is a new market and most of its direct competitors such as Kavado are themselves young. “It is not an obstacle because we are all startups,” comments Fauchay.
Orange still blossoming
The days when startup tech had to come out of Silicon Valley – or even the US – are a thing of the past. But you can still find a healthy flow of new outfits from the world’s biggest technology park. One such enterprise is Bharosa , founded in 2003 and only weeks into the launch of its security system for protecting online banking, v.Crypt.
The V.Crypt software (which Techworld will look at in more detail in a forthcoming article) was designed to solve the inherent insecurity of bank website log-in procedures, which are vulnerable to a range of attacks including man-in-the-middle proxying, key-logging, Trojan hijacks, and simple theft of passwords and user names.
The system is as ingenious as it is simple, and shows the sort of lateral thinking that often makes startups look smarter than their apparently better resourced rivals. Instead of relying only on insecure passwords and user names, v.Crypt additionally presents banking customers with a one-time code that is entered via symbols from a thumbwheel. This code can’t be logged remotely because what is sent over the link is not discernable data but co-ordinates of the displacement of the thumbwheel unique to that session. Stealing the one-time code would also be useless for the same reason, and proxies and Trojan-generated screens would not gain access because the random code has to be generated and authenticated from the banking site itself.
CEO Jon Fisher is confident the intellectual property that underpins v.Crypt can be wrapped up in enough patents to give the company a valuable business. “The current way of sending data doesn’t work,” says Fisher. With the convergence of phishing and Trojans there is no defence unless you change the way you enter data.”
Despite being brand new the company is in trials of advanced discussions with a claimed 23 banks in the US and is looking to track down business in the UK and Europe. The technology can also be used on ATM cash machines, which are vulnerable to some of the same scams that afflict online banking. With online finance in a state of mild crisis in late 2004, and the incidence of fraud forcing banks to withdraw services on a regular basis, Bharosa could turn out to have launched with uncanny timing.
Being a startup brings with it the high likelihood of business failure, and so it always has and always will be. But perhaps among the ranks of today’s security startups, there is another Cisco to offset the ever-swelling graveyard of extinct names that once looked so bright.