Friday, May 18, 2007

Security the future

A little-known group of Irish IT security companies has attracted US venture capital, bucking a trend that has seen minimal US equity investment in the local market

In a drive to chase technology’s next big thing, countries often identify key areas to focus on. But in Ireland’s case, information security was not one of them.

There has been no equivalent project to compare with the Digital Hub cluster, which is intended to generate a sustainable crop of digital media companies.

Despite this, attention is starting to focus on a handful of indigenous companies in the IT security space.

“Almost by accident, Ireland has ended up with a cluster or core of these companies without setting out to do so,” says Owen O’Connor, chairman of the Irish branch of the Information Systems Security Association.

Many have recently taken on investment, have launched or are about to release new products or are actively expanding into international markets.

Added to this, industry observers believe many of the emerging companies have strong potential.

Howard Schmidt, an international expert on cyber security who consults with venture capital (VC) firms in the US, was impressed with what he saw at a showcase event organised by Enterprise Ireland (EI) in Dublin last month.

“They are developing things that solve real-world problems. They’re relatively small but they’ve got good technology,” he said. More importantly, they already have customers, which Schmidt said was essential.

“When you look at the smaller companies, the ones I’ve talked to, they’ve got revenue coming in and that makes it very attractive to dealing with venture capitalists or partnering with third parties in other parts of the world.”

In fact, VC firms in the US such as Trident are known to have held discussions with indigenous firms about possible funding.

“Those conversations are happening, which I think validates the Irish security vendor community quite well,” confirms Ben Mosse, vice-president with EI’s New York office.

EI has earmarked security as a key growth area and has already invested in some of the companies. “Our interest really spawned when we had a look at the number of companies coming out of Ireland with security solutions. A lot were world class and achieving traction in the US already.”

Typical of the new generation, Asavie develops systems that allow mobile customers to access the internet securely. Just this week it announced its first deal in the US with the mobile operator Alltel.

The Dublin-based company is privately held and last month received a €1.2m investment from EI and private investors. Over the course of this year it plans to expand in the US, Europe and the Far East.

In January MXSweep secured a second tranche of private VC. “That will see us well into 2009,” reports CEO Declan O’Connor. The company provides email filtering and was founded in 2005 by the email security guru Danny Jenkins.

This month MXSweep invested €150,000 in data centre infrastructure for serving international customers. In two weeks it will launch its latest managed security service.

Earlier this year Validsoft closed a €4m funding round through the UK investment house Pentland Group plc, NCB Ventures and EI. It provides ‘out of band’ authentication technology for online banking systems.

It expects to go back to the market in 2008 to fund an international expansion drive. The 20-man company plans to increase staff headcount significantly over the course of next year.

Also in expansion mode are iQuate and Vigitrust. The former is currently revising its product set and growing headcount; the latter is close to finalising an outside investment deal. “It will more than likely see us double in size over the next year,” says managing director Mathieu Gorge.

Vigitrust’s revenues have been growing between 30 and 35pc year on year since the company started in 2003. In year two it branched out into giving security awareness training, which led to work throughout Europe.

Lately the company has focused on the emerging PCI (data security) standard for payment cards. A speaking engagement at a security conference in February has led to a contract with a leading US bank — a considerable coup for a 14-man company.

“Small organisations that have a lot of subject matter expertise can penetrate international markets like the US and the UK,” says Gorge.

FraudHalt, which recently closed a funding round from private investors, is addressing a market that is potentially worth millions.

Its DiscMatch forensic hardware system checks the ‘fingerprint’ of a CD-Rom, allowing large media copyright holders like record labels or software companies to control their supply chains for unauthorised products — potentially saving millions in lost revenue.

In addition, FraudHalt has developed technology to tell whether the hologram on a credit or debit card is real or whether the card is a clever forgery.

Closer to home, FraudHalt is finalising a deal with one of Ireland’s largest banks to roll out an ATM surveillance system that can detect if the machine has been compromised by criminals.

“Banks don’t like to say how big this issue is, but it’s huge,” says Patrick Smith, a director of the company.

NetFort will seek further investment later this year to scale and grow in the US, confirms CEO John Brosnan. “We don’t just want a venture capitalist for the funding, but one that can help us in lots of ways,” he says.

The Galway company already provides network security monitoring to most of the Irish third-level sector and recently turned to Europe and the US for growth.

Dublin-based Shenick is a good example of a business that started in a different technology area before spotting opportunities in security. It builds load-testing systems for networks that are designed to simulate large numbers of people visiting a website all at once.

It adjusted the product to simulate a denial of service attack or a deluge of spam email, letting internet service providers check if their security systems can cope with the load and whether the quality of service is affected. Now, around 15pc of Shenick’s business is security related.

As new security areas are emerging all the time, there’s even more potential to be exploited, O’Connor believes.

“There are lots of unsolved problems that Irish companies could help with, be it fraud solutions or network monitoring,” he adds. “It would be very difficult in 2007 to launch an e-learning company. That’s not the case with security.”

In a recent report, EI polled US security professionals and identified three key areas — authentication, regulatory compliance and security awareness — on which Irish firms could successfully focus.

Behind the scenes, Ireland is positioning itself as a centre for excellence in information security, O’Connor adds. Several universities and institutes of technology are engaging in security research; UCD, for example, runs Europe’s first master’s degree course in cyber crime investigation.

Beyond the coincidental emergence of these companies there are encouraging signs of a developing infrastructure that should support those at the front line in years to come.

Alert to privacy

Dublin-based PixAlert could be a template for the kind of indigenous company attracting attention in the security sector.

The 14-strong firm owes its origins to technology developed at NovaUCD as well as research from Trinity College Dublin.

It’s best known for a product that scans computer networks for illicit or inappropriate content.

A recent coup was having developed the parental control settings within Microsoft’s new Windows Vista operating system. “That was a real feather in our cap,” says CEO John Nolan.

The company also has the kudos of an international partnership with Deloitte.

PixAlert has since launched a product that conducts privacy audits within companies, which Nolan says will allow it to address the significant market opportunity around regulatory compliance.

Damage caused by exposure of an incident involving illegal or illicit images held on corporate computers can be much more extensive than the potential financial exposure of a civil law suit. It can also significantly affect a company’s ability to trade.

“We’ve built out the product to look for data that should be encrypted but isn’t,” he explains.

In addition, PixAlert is branching out from its background in software to produce a hardware-based security appliance.

The company doesn’t intend taking on further investment in the immediate future. “There’s no need to go to the market,” says Nolan, adding that the company is profitable and growing sales through partners.

He confirms the company is hiring more employees and plans to double revenues this year.

© Silicon Republic Ltd 2007
All content copyright 2007, Silicon Republic Ltd — all rights reserved
Email: editorial@siliconrepublic.com

- By Gordon Smith