It's a rule of thumb that security companies find it hard to raise money, especially venture capital money. It's clear why. They're in a mature market led by a handful of companies, such as Check Point (Nasdaq: CHKP) Cisco, McAfee, and Symantec, with IBM, Microsoft, and EMC behind the scenes. Who is going to bet on a start up to squeeze in?
Nevertheless, now and then there are surprises. Hacktics, which provides consulting services for applications security, has raised €2.2 million, earmarked for developing a product for checking program code and preventing hostile infiltration. The capital was raised from French company Quotium, European private investors, and through the European Union's Eureka project, via which Hacktics received money from Chief Scientists in Israel and France.
Hacktics is not a start up in the recognized sense. It was founded in 2004 by CEO Ron Porat, COO Tal Mozes, and CTO Ofer Maor, with the idea of providing a security service consisting of monitoring the possibilities of a break-in to applications code. In practice, Hacktics' people try to hack into the system, recording the attempt, in order to provide a clear answer as to whether and how the program code can be hacked.
Hacktics took this idea one stage further. The company developed a product called Seeker (currently a codename) that performs automatic monitoring of security as software is developed, acting like a QA tool. Porat and his team even tried to implement in the product an idea parallel to the service they provide, that is, pictures of the automatic hacking attempts by the program.
Hacktics aims at one of the hot markets in information security, one that is part of vulnerability assessment (VA), which mainly focuses on information traffic in enterprise communications networks.
Something happened in this mature market in the past year. Gartner Group, for example, last February Gartner Group published, for the first time, a "Magic Quadrant" report on the field, indicating high interest among the big IT players.
According to Gartner, as attacks on the network are more and more motivated by financial interest, so they aim more and more at the application level. To deal with the threat, tolls began to be developed for checking the security level of the application against possible infiltration attempts through hacking of the program code --- Gartner calls the field static application security testing (SAST) and dynamic application security testing (DAST).
While VA is a mature market that, according to Gartner's estimates, grew by 20% last year, the SAST/DAST market grew by 100% a year in the years 2004-2007, and reached $130 million in 2008.
Among the leading providers of code analysis tools today are IBM, after it bought Watchfire in 2006 (which depends on the technology of Israeli company Sanctum, acquired in 2004), HP, Microsoft, Fortify, and Compuware.
The interest in the solution developed by Hacktics also arises from changes in the world of computing. "Every part of the computing infrastructure is already covered by many software tools designed for security," Porat says. "In effect, the only place still not covered is the code, which is the most complicated thing."
Porat believes that code security is critical for the age of cloud computing now starting to take off. "No one has any real idea how to deal with security of an application running within and between computer clouds," he claims. "The only way to solve this is to strengthen the code as much as possible."
Published by Globes [online], Israel business news - www.globes.co.il - on May 13, 2009
© Copyright of Globes Publisher Itonut (1983) Ltd. 2009