10 IT security companies to watch

Veracode

Founded: 2007
Headquarters: Burlington, Massachusetts
Funding: US$19.5 million from venture capital firms 406 Ventures, Atlas Venture and Polaris Venture Partners
CEO: Former Symantec executive Matt Moynahan
What the company offers: SecurityReview is an automated service that does security testing and remediation of in-house and commercial applications. Enterprises submit the applications they would like reviewed to Veracode, which uses patented binary and Web-scanning technology to find flaws and suggest fixes.
Why it's worth watching: According to Gartner, 70% of all enterprise vulnerabilities reside in the software that organizations buy and run. Veracode's team of application-security experts are trained to spot such weaknesses, and can do so because the company's service examines binary code instead of source code to avoid trade-secret concerns. By reviewing an application's binary code the service can analyze not just the program but also third-party libraries it may call, as well as its interactions with other software.
How the company got its start: Its founders' ambition was to reduce the number of software vulnerabilities in the world. They call their approach the "democratization of security" because usually only companies with very deep pockets have the time and money to spend on checking and remediating software security flaws. The technology behind Veracode's service was first developed by @stake (since acquired by Symantec) in 2002.
Where the company got its name: "Ver," from the Latin "truth," was added to "code" to describe how the company looks for the "truth" in software.
Customers: Cisco, Digivera, Telus.

WebLOQ

Founded: January 2004 (in stealth mode until the service launched in September)
Headquarters: Monterey, California
Funding: More than US$3 million from high-net-worth individuals, no venture capital
CEO: Neal Smith
What the company offers: Virtual Private Community (VPC), a private communications service that forms virtual business communities whose members can send and receive encrypted e-mail, documents and other exchanges safely. The service sets up a private domain name for each user and gives them a related e-mail address reserved for private communications with other WebLOQ users. VPC is available as a hosted service, with a version that companies can run internally slated for release early next year.
Why it's worth watching: Instead of trying to protect communications at the edges of corporate networks, WebLOQ secures the transit channel itself. By having encrypted communications only with other members of a community, users are freed from spam, viruses, phishing, and other e-mail Internet threats. However, such secure communications requires that both parties use the service. The company hopes to bring the concept of online community to the business world while ridding e-mail of the many threats plaguing it today.
How the company got its start: Chairman, CTO, and former ISP head George Sidman became intrigued with the idea of securing Internet communications. He formed a team at his ISP to begin working on the problem in 2003 and launched the service in 2007.
Where the company got its name: Sidman was amazed that no one had trademarked "LOQ" (pronounced "lock") as a brand. The company now has trademarked the terms WebLOQ and LOQ, intending to launch a brand around the latter.
Customers: Database vendor Objectivity. Company says some major banks, law firms and police agencies are testing the service.