nCircle the Security Wagons

Unlike most executives, Abe Kleinfeld doesn’t cringe when reading morning
headlines warning of the latest IT security threat — he smiles, knowing
it’ll be a good day at work.

Kleinfeld is president and CEO of nCircle, a maker of network security
appliances for large corporations that’s been finding a following amid a
plague of viruses, hacks and Denial of Service attacks.

“Most customers start with our product on a portion of their network,” said
Kleinfeld, a 25-year industry vet who took the nCircle job last year. “After
the blaster
worm, they called and said every place we were was fine, and then ordered
for the rest of the network.”

The firm recently released version 6.2 of its IP360 Vulnerability Management
System with new features to assess security risks and meet new regulatory
reporting requirements. IP360 plugs into the network and requires minimal
set-up or management — a selling point for IT managers whose staffing has
remained flat while threats have increased.

The product’s premise is to block the holes in IT systems that might serve as avenues
of attack. In this way, nCircle said its offering is more proactive than
firewalls and antivirus software.

IP360 automatically scans a company’s IT assets — servers, storage
equipment, laptops and operating systems — then maps it against its
comprehensive database of known vulnerabilities.

In addition to its own research, the company pays $500,000 a year for
updates from major security firms, such as Symantec, which are then encoded
into its product. It also handles patch management and policy compliance.
Pricing for the IP360 begins at $36,250.

Companies storing sensitive data have signed on as
customers, with credit card giant Visa International being one of the largest.
Federal agencies are also buying because of new security and
interoperability mandates. nCircle counts the Office of Naval Intelligence and
the Nuclear Regulatory Commission among its government
clients. This week, it announced that it has added nine employees to its
Washington office.

“The government is now operating on some incredibly short sales cycles,”
Kleinfeld said. “What was once two years is now down to 45 to 60 days.”

In response, the new version of IP360 includes reporting components to help
agencies comply with new statutes — the Federal Information Security
Management Act (FISMA) and Information Assurance Vulnerability Alert (IAVA).

It isn’t just customers taking notice. In a partnership that will be
formally announced next month, network equipment maker Cisco Systems will add nCircle intelligence to some of its products.

The move meshes nicely with Cisco’s
self-defending network strategy, Kleinfeld said.

“To have a self-defending network you have to have intelligence, and we’re
collecting it continuously,” he said.

The Cisco pact is non-exclusive, and nCircle will “talk to everybody we can.”
Cisco and its rival Juniper Networks have spent
hundreds of millions to acquire security startups.

Kleinfeld said it’s too early for that talk, but believes that such
companies may find buying into the market cheaper and more expedient than
developing their own catalog of vulnerabilities and appliances.

There are a host of other firms working to get noticed in the field. nCircle
competes with Foundstone and eEye Digital Security, among others.

Since it is privately held, nCircle doesn’t disclose detailed financial
information. However, Kleinfeld said the venture-backed company has $20
million in the bank and saw sales double last year. If it chooses to, it
could be in a position to go public late next year or in early 2006, Kleinfeld
contends.

“This market is still in its infancy. There will be another four to six
years of rapid evolution,” Kleinfeld said. “It will evolve in the same way
that enterprise software has. There will be two or three major players.”

News Around the Web