Enterprises use firewall systems like guards on the entrances to shopping malls - they decide who gets in and who stays outside. But while guards at shopping malls may have a clear set of rules governing who they let in, a firewall system installed at large enterprise can contain hundreds of rules. "Every company has contacts with all kinds of outside parties - branches, customers, partners - with new rules being constantly set according to the company's status at the time. So rules are created on top of other rules, and where there are too many unmanaged rules, it creates holes in security," explains Yuval Baron, president, CEO, and co-founder of security software start-up AlgoSec Inc.. These are the holes that malicious codes exploit.
A wall full of holes
What exactly is it that causes the holes? They can be created by the most idiotic of mistakes such as, for instance, a typo in an address definition, allowing entry. Or, for example, the retaining of an authorization giving a project partner access to enterprise data, even though the project has already been completed. "Ultimately, our protective wall is so full of holes, it no longer gives any protection at all. It's as if we tried to shield ourselves with a net," says Baron.
Globes: Who writes these rules and why can't they keep track of them?
Baron: "There are people in the security department whose sole job is to write and manage these rules, and they do go over the rules, picking out those that look suspect, but it is virtually impossible to visually detect which of the trustworthy rules serve the enterprise, and which do not. A computer screen can only display 30 rules out of hundreds, and there is no way of knowing the nature of the connection between them."
According to Baron, AlgoSec has developed a solution to this problem. "Our system analyzes the rules and assesses how rules function when integrated with one another. It takes into account the network structure and routing tables, detects when parties belonging to the external network have access to systems considered internal, and identifies addresses which are not part of the company's regular IP address protocols. These are then drafted as queries and forwarded to the security team."
"The number of links between rules that need checking is 10 to the power of 30. If a regular computing system had to check them all, it would take years. We have managed to create a series of algorithms that can cut the computing time to minutes. There are programs which are designed to automatically repair some of these problems comprehensively, but it amounts to a kind of plaster on a far bigger hole."
As for competition, there are other companies whose technology focuses on the detection of holes in firewalls, but according to Baron, each one operates in a slightly different niche. "Our product is convenient and easy to use and integrate. Even security consulting firms, which are commissioned by companies to check that their systems are safe, use our technology. Aside from KPMG, our customers include Cisco and Intel, and in all we have more than 100 customers, most of them overseas."
Simply nice people
AlgoSec was founded by Baron, one of the first employees at Comverse Technology (Nasdaq: CMVT) ("when it had just a few dozen employees and zero sales. I saw it grow all the way to an international company, doing some things right, and getting others wrong"). He then went on to co-found and become CEO of carrier Ethernet-over-copper networks company Actelis Networks Inc., which recently raised $75 million. "I took the company from zero to this fund raising and 140 employees. I managed it out of California, but my family was in Israel, so I decided to return," says Baron. AlgoSec's product was developed on the basis of technology conceived by a team at Bell Labs, headed by Dr. Avishai Wool.
Baron is also the principal investor in AlgoSec, which has already had its first sales. He refuses to disclose how large these are, but says they represent threefold growth year-on-year, and that the company is profitable. For this reason, Baron is in no rush to raise any more funds, but mentions the option of an IPO at the end of 2009.
As a point of interest, AlgoSec states in the fact sheet about itself that "we only employ nice people." , just about the last description one would expect to find in a help wanted ad. Baron hints that the funds he raised money from in the US feared that being "nice" could be perceived as not being competitive enough, which he thinks is a big mistake. "The company's success is based on both quality and team work. Nice people are those who leave their ego outside when they come through the door and look at ideas objectively. This is also the way to retain good employees, since it's more fun when everyone is nice."
And how can one tell who's nice? By asking them, and sometimes, by changing them during the course of the process. "Instead of being political and underhanded, people adapt themselves. Instead of being nice, they too want to play by the rules," says Baron.
Published by Globes [online], Israel business news - www.globes.co.il - on February 3, 2008
© Copyright of Globes Publisher Itonut (1983) Ltd. 2008