10 security start-ups to watch

Security start-ups arise because they have fresh approaches to fighting malware and cyber-espionage or combatting the insider threat through network monitoring. In this round-up of some of the newer security firms, Distil Networks, Observable Networks and Vectra Networks fit into that category. But two others just out of the gate, Exabeam and Fortscale, are part of another trend--squeezing more out of existing log management and security information and event management products.

And then there's Denver-based ProtectWise, founded by former McAfee veterans, which is still in stealth mode and only vaguely alluding to cloud-based security as a future offering. But investors are pouring money into it. ProtectWise has snagged over $17 million in venture-capital funding.

+ ALSO ON NETWORK WORLD 12 Hot Security start-ups to watch +

Here are 10 hot security start-ups to watch:

Distil Networks is all about bot detection and protecting websites that get bombarded with comment spam, click fraud and content stealing. Based in Arlington, Va., Distil was cofounded by CEO Rami Essaid, CTO Engin Akyol, and chief scientist Andrew Stein, whose bot-fighting method is to inspect a flow-through of the customer's website traffic to detect and block botnet activity.

Distil's botnet-fighting force became available last year as a cloud-based software as a service (SaaS) or as an on-premises hardware and virtual appliance. Cost typically runs from $100 per month to $30,000 depending on the website traffic, says Essaid. He sees one of Distil's main competitors as start-up, Shape Security, whose product also seeks to protect websites. Last month Distil picked up an additional $10 million in funding led by Foundry Group and Techstars' Bullet Time Ventures.

Exabeam, based in San Mateo, Calif., came out of stealth mode just this month. According to co-founder and CEO Nir Polak, Exabeam's product due by year-end will be a big data security analytics platform to get more detail in threat prioritization in the enterprise by making use of what already exists.

Polak said Exabeam's software will have machine-learning capabilities so security queries can pull up information related to possible insider threats and external threats. Exabeam's co-founders include vice president of products Syvain Gil, and chief technology officer Domingo Mihovilovic. The start-up has received $13 million in funding from Norwest Ventures Partners, Aspect Ventures and angel investor Shlomo Kramer.

Fortscale is another security start-up that believes there's a lot to learn from existing information by adding tools to do queries. For Israel-based Fortscale, which has an office in New York, the focus is on gaining visibility into what users, including employees and contractors allowed into the network, are typically doing in order to develop profiles. This can help determine if an attacker has hijacked user credentials or indicates an insider threat.

Idan Tendler, CEO and founder Fortscale

"The major black hole is the endpoint, and there's not enough visibility about the users," says CEO Idan Tendler, who co-founded Fortscale with Yona Hollander in 2012. The Fortscale Hadoop-based approach is software that works with existing log management and SIEM products. Now being tested with products such as HP ArcSight, RSA enVision, Splunk and IBM's QRadar SIEM, the Fortscale product is expected to be available around September.

HackerOne was co-founded by CTO Alex Rice, formerly a security expert at Facebook, and Merijn Terhaggen, formerly with the Online24 consultancy providing penetration testing and other services in the U.S and The Netherlands. The company has a somewhat unusual mission: offer bounties for serious software bugs found in widely used software that impacts the Internet as a whole. HackerOne, which also brought former Microsoft senior security strategist lead Katie Moussouris on as chief policy officer, works to bring together the bounty hunter who's found something with the companies that use HackerOne as a kind of broker for their bug-bounty programs. HackerOne this May said it's gotten $9 million in venture funding from Benchmark.

Observable Networks started hitting its stride last year with a cloud-based security service that relies on network sensors in the customer's network to discern device and user behavior even when encrypted traffic presents an obstacle. With Bryan Doerr as its CEO, the start-up was founded in 2011 in Clayton, Mo., by Patrick Crowley, chief technology officer and chair, who is a computer science professor at Washington University. Crowley's technical method is called "continuous device profiling," according to Vince DiMemmo, chief sales and marketing officer. "It's a behavior-modelling technology," and its purpose is to monitor and alert for activity that indicates attacks, compromises or insider threats.

The Observable Networks software-based sensors are deployed in cloud platforms such as Amazon, and the company is in talks with mobile carriers on how its CDP technology might be applied in carrier networks. The start-up has received about $4 million in funding.

ProtectWise, still in stealth mode, isn't talking yet about the details of what the Denver-based start-up is working on in terms of cloud-based security but claims it will be "disruptive." ProtectWise's CEO Scott Chasin was formerly CTO, McAfee Content and Cloud Security, while Gene Stevens, ProtectWise CTO, was in engineering roles at both McAfee and Mx Logic--the firm that Chasin founded and sold to McAfee for $140 million in 2009. Recent financial disclosures show that ProtectWise is receiving $14.1 million from Arsenal Ventures Partners, Trinity Ventures, Crosslink Capital and Paladin Capital Group. That follows the $3.1 million round from last year

Sookasa, based in San Mateo, Calif., was co-founded in 2012 by CEO Asaf Cidon and his father, CTO Israel Cidon, former Cisco engineer Madan Gopal and Lior Gavish. Making its debut last April, Sookasa offers a file-encryption and security service that works with Dropbox, among other cloud services. Through the lightweight Sookasa agent software for Google Android, Apple iOS, Microsoft Windows or the Apple Mac, the user's file is intercepted and encrypted before it's sent and only authorized user can decrypt it. The typical cost would be $10 per month or $100 per year per person.

One medical practice says it helps ensure compliance with healthcare regulations about protecting patient data. The San Francisco-based office of Pacific Heights Plastic Surgery, whose nurses and assistants have been using it to encrypt sensitive files that need to be shared, has found it works easily and helps maintain needed security on medical data. "We need to make sure it wasn't sitting in the clear in the cloud," said Dr. Jonathan Kaplan. Sookasa has received about $6.6 million in funding, primarily from Accel Partners, with seed funding from Andreessen Horowitz and others.

ThetaRay and CyberX Labs, based in Israel, have similar goals: finding ways to protect industrial networks.

CyberX, founded by Omer Schneider, is in stealth mode, developing threat-detection technology for industrial networks used by the likes of energy and gas and oil companies. The company, which received initial seed money of $20,000 from CyWest Labs, also recently received $2 million in funding from Glen Rock Israel, Glilot Capital partners and Swarth Group.

ThetaRay, co-founded last year by CEO Mark Gazit with Tel Aviv University professor Amir Averbuch and Ronald Coifman of Yale, has begun to find its server-based technology that's used in monitoring of power-production facilities become deployed as Thetaray plans for general availability in the September timeframe. Gazit says the ThetaRay security appliance, deployed on premises, works by looking at both operational data from industrial systems such as SCADA controls while simultaneously combining and comparing it against the monitored network traffic and security gear. The result is a "hyper-dimensional picture of normal behavior, in order to detect variances that might indicate an attack, says Gazit. The goal is to prevent the targeted, stealthy attacks. ThetaRay has received undisclosed amounts of funding from Paolim Capital Market, Jerusalem Venture Partners and a General Electric investment arm.

Vectra Networks, based in San Jose, was co-founded by Mark Abene, chief scientist and James Harlacher, senior engineer, in 2011, with the mission of providing detection of cyberattacks in an enterprise network. Its X-series platform, in the form of an appliance or virtual-machine, became available last February. "This is augmenting the security in place, such as firewall, IPS and sandboxes," says Mike Banic, vice president of marketing. "Things do get through." The Vectra appliance, residing inside the network, listens to traffic and looks for patterns that would indicate targeted attacks. Customers today include Riverbed Networks and Aruba Networks, Banic, says. One competitor might be viewed as Damballa. Vectra has received $17.8 million from IA Ventures, Khosla Ventures and AME Cloud Ventures.