RealTime IT News

nCircle the Security Wagons

Unlike most executives, Abe Kleinfeld doesn't cringe when reading morning headlines warning of the latest IT security threat -- he smiles, knowing it'll be a good day at work.

Kleinfeld is president and CEO of nCircle, a maker of network security appliances for large corporations that's been finding a following amid a plague of viruses, hacks and Denial of Service attacks.

"Most customers start with our product on a portion of their network," said Kleinfeld, a 25-year industry vet who took the nCircle job last year. "After the blaster worm, they called and said every place we were was fine, and then ordered for the rest of the network."

The firm recently released version 6.2 of its IP360 Vulnerability Management System with new features to assess security risks and meet new regulatory reporting requirements. IP360 plugs into the network and requires minimal set-up or management -- a selling point for IT managers whose staffing has remained flat while threats have increased.

The product's premise is to block the holes in IT systems that might serve as avenues of attack. In this way, nCircle said its offering is more proactive than firewalls and antivirus software.

IP360 automatically scans a company's IT assets -- servers, storage equipment, laptops and operating systems -- then maps it against its comprehensive database of known vulnerabilities.

In addition to its own research, the company pays $500,000 a year for updates from major security firms, such as Symantec, which are then encoded into its product. It also handles patch management and policy compliance. Pricing for the IP360 begins at $36,250.

Companies storing sensitive data have signed on as customers, with credit card giant Visa International being one of the largest. Federal agencies are also buying because of new security and interoperability mandates. nCircle counts the Office of Naval Intelligence and the Nuclear Regulatory Commission among its government clients. This week, it announced that it has added nine employees to its Washington office.

"The government is now operating on some incredibly short sales cycles," Kleinfeld said. "What was once two years is now down to 45 to 60 days."

In response, the new version of IP360 includes reporting components to help agencies comply with new statutes -- the Federal Information Security Management Act (FISMA) and Information Assurance Vulnerability Alert (IAVA).

It isn't just customers taking notice. In a partnership that will be formally announced next month, network equipment maker Cisco Systems will add nCircle intelligence to some of its products.

The move meshes nicely with Cisco's self-defending network strategy, Kleinfeld said.

"To have a self-defending network you have to have intelligence, and we're collecting it continuously," he said.

The Cisco pact is non-exclusive, and nCircle will "talk to everybody we can." Cisco and its rival Juniper Networks have spent hundreds of millions to acquire security startups.

Kleinfeld said it's too early for that talk, but believes that such companies may find buying into the market cheaper and more expedient than developing their own catalog of vulnerabilities and appliances.

There are a host of other firms working to get noticed in the field. nCircle competes with Foundstone and eEye Digital Security, among others.

Since it is privately held, nCircle doesn't disclose detailed financial information. However, Kleinfeld said the venture-backed company has $20 million in the bank and saw sales double last year. If it chooses to, it could be in a position to go public late next year or in early 2006, Kleinfeld contends.

"This market is still in its infancy. There will be another four to six years of rapid evolution," Kleinfeld said. "It will evolve in the same way that enterprise software has. There will be two or three major players."