The widely publicised denial-of-service attacks on popular Web sites earlier this year have made companies increasingly willing to invest in sophisticated security-monitoring products - and the personnel needed to analyse the resulting reams of data.
But for small-to-medium size companies, the investment isn't feasible. It's primarily this market that US-based application service provider RIPTech hopes to serve with its low-maintenance eSentry service.
"Ninety-nine per cent of companies are not watching their data," says RIPTech's chief technology officer and co-founder Tim Belcher. "It's a very labourious task. The page-down key in Unix grep is still the most common form of security analysis."RIPTech puts its own experts at one end of a secure Internet link, ready to ply their skills and experience to analyse suspicious data generated by security "services" - typically firewalls, border routers or virtual private networks - at customer sites.
The data goes through four main eSentry modules, each of which represents a major step in the security management process.
Real-time monitoring and management collects the information, while an event-processing engine looks for signs of hackers and viruses.
An event-tracking module wades through the data to flag potential trouble spots, and a secure portal lets RIPTech analysts post alerts or take emergency action. "It's really bringing the IT manager an enterprise understanding of what their security posture looks like," says RIPTech's co-founder and president, Amit Yoran.
But what truly differentiates RIPTech is the analytical skills of its security experts, the company claims. Among other jobs, Yoran was director of the Vulnerability Assessment and Assistance Program at the Department of Defense's Defense Information Systems Agency before co-founding RIPTech in 1998.
"We had designed and deployed what was, at the time, the world's largest intrusion-detection system," Yoran says.
The company's technical advisory board consists of internationally known security professionals, and its data analysts are also experts. "Good information security is a combination of great products and great people," Belcher says.
No news is good news
Although RIPTech includes Global 500 companies among its customers, its primary market is smaller companies like HealthQuick.com, an online drugstore. The US-based company needed to protect against hostile attacks at both its headquarters and at a separate hosting facility but didn't have the time or budget to build an in-house fix. "We felt security was best left to security experts," says Mark DeSimone, HealthQuick.com's CTO.
DeSimone says RIPTech also serves as a security consultant, saving him the trouble of looking through security logs for signs of attack.eSentry appears to be working smoothly, DeSimone says, and he compliments RIPTech on its responsiveness. "They helped me figure out what I need - what's good for HealthQuick," he says. "They helped us plug up the holes. That's what a good security company does."Kurt Ziegler, CEO of eBEsure in Texas, turned to RIPTech after getting the runaround from managed-network providers regarding the details of their firewall offerings. EBEsure relies heavily on its networked systems to provide customers with Web site traffic analysis.
Ziegler says he became concerned by the high-profile denial-of-service attacks but knew he couldn't hire several people to monitor threats. He says he likes RIPTech's emphasis on data analysis and its ability to accommodate his existing setup. "I'm happy with their responsiveness, and I'm expanding their solution internationally," Ziegler says.
RIPTech executives say the company is well positioned to take advantage of the growth in demand for managed security solutions. But managing its own growth could be a challenge, says chief financial officer and Elad Yoran. RIPTech must find qualified staff in order to grow.
RIPTech recently opened an office in Silicon Valley and has hired security experts from Cisco Systems, Lucent Technologies and other firms. "We need to keep running faster and faster all the time," Yoran says.
RIPTech is likely to face competitive threats beyond the remote security management niche it inhabits. If large managed-network and application service providers (ASP) add more robust security to their broader offerings, a company's urge to outsource security might be more conveniently satisfied by a company such as AT&T, GTE Internetworking or Qwest Communi-cations International.
On the other hand, such competitors are also potential RIPTech customers. "The problem is, [RIPTech is] small," says Jasmine Noel, a research analyst at D. H.
Brown Associates in the US. "They haven't got their message together just yet, marketing-wise."To David Tapper, a research analyst at International Data Corp (IDC), the big network vendors and Internet service providers are starting to act more like utilities - and managed security is a likely offering.
The opportunity is large: IDC expects sales of security services bundled with network services to grow from $US703 million last year to $2.2 billion in 2003.
RIPTech must market itself to those providers or lose the business of end-user companies, Tapper says.
Noel adds that the network behemoths aren't inclined to sell customised products, leaving room for RIPTech.closer look RIPTech The technology: eSentry, remote security services Why it's worth watching: RIPTech lets managers avoid expensive security investments by outsourcing to an expert provider Company officers: Amit Yoran, co-founder and president; Tim Belcher, co-founder, executive vice president and chief technology officer; Elad Yoran, executive vice president and chief financial officer Milestones: July 1998: Company founded March 2000: eSentry released Employees: 50; 25 to 35 per cent growth rate Burn money: $5 million initial angel investment; $2 million round of private financing in April. A $10 million round is under way Services/pricing: Typical monthly cost per customer site is $2000 for subscriptions.
Customers: HealthQuick.Com, eBEsure
Red flags for IT: If managed network providers extend their offerings, RIPTech could face stiff competition. Some IT managers may find better alternatives from the big Internet service providers or existing network hardware vendors. Larger companies may prefer to hire security experts in-house www.riptech.com