Thus, taking a proactive approach to managing patches and plugging known vulnerabilities must be a priority for IT.
To adapt to new threats, many organizations have turned to deep-packet-level inspection. But small- to medium-sized businesses have different needs and smaller budgets than larger enterprises. SMBs have limited funds and few (or no) personnel to devote to endpoint management. Many also lack the necessary security expertise to repel evolving threats, even if they do have the bodies to throw at the problem. These businesses need a lower-cost, turnkey solution for their patch, asset and security remediation needs.
What they Do: Shavliks Cloud Patch is a web-based scanner that detects missing security patches for both the OS and third-party products that are installed locally. Using Shavliks technologies, any IT administrator can launch the Shavlik scanner through a browser. The scanner will then agentlessly detect all of the missing security patches. Scanning is executed without forcing IT to change firewall ports or otherwise lower the security perimeter. Cloud Patch also delivers tools for asset management and remediation.
Why theyre an up-and-comer? While a majority of competitors are taking a perimeter management approach to securing SMB networks, Shavlik is one of the few security vendors offering a scanning and patch-management solution from the cloud. This approach delivers a more flexible, scalable solution with significantly lower TCO.
Shavlik has been around for almost 20 years, so why are they an up-and-comer? Simple: cloud security is a land grab right now, and Shavlik is busy grabbing land in the much neglected SMB space. Shavlik claims 200,000 customers worldwide, and says it has delivered over 600,000 patches to tens of thousands of endpoints worldwide.
Several security partners have embedded Shavliks technology into their own solutions, including BMC, Dell KACE, Symantec and Scriptlogic.
Unlike brick and mortar retailers, online merchants only have credit card numbers and a few key personal identifiers to rely on when processing online transactions. Inherent limitations to the market (e.g., you cant check the persons ID over the web) make it tough to sort out the frauds from valued consumers. And with more retailers moving to a multichannel sales model to increase online presence and revenue, there is also the potential threat of vulnerabilities in making this transition online.
What they Do: Verifis solution to this problem starts with analyzing a companys transaction history and comparing it to historical data. This data is used to develop specific rules for the merchant that prevent fraud but dont over-reject transactions. Merchants then tailor and scale a solution to their specific needs and experience. Verifis software works with partner solutions, like ThreatMetrix (included in last weeks article. Verifi works with partner solutions to leverage multiple data points before accepting a transaction. A few examples include geo-location, device finger-printing, internal databases and fraud filters.
Why theyre an up-and-comer? Online fraud is an enormous problem, and anything to help e-merchants cope will have a decent chance of success. The US Department of Commerce stated that in Q3 2010 ecommerce sales increased 14.1% compare to the year prior, versus 5.8% over the same period for physical retail. Ecommerce currently represents only about 5% of the total sales in the US, so theres huge room for growth. Verifi intends to capitalize on that growth by mitigating the risks that will plague those moving their sales online.
What they Do: Voltage enables the protection of confidential enterprise data when its in use in, being processed in, or stored in the cloud in a way that allows it to still be used for a variety of business processes. This is accomplished by cryptographic technologies and simplified key management. Identity-Based Encryption (IBE), Format-Preserving Encryption (FPE) and tokenization, data masking and other technologies allow data to be protected inside and outside the cloud. Even if external attackers or malicious insiders gain access to the data, they wont be able to decipher it.
Why theyre an up-and-comer? According to Ponemon Institute, enterprises now spend, on average, more than $6.65 million to recover from a single data breach. Entire security spaces, such as DLP, have emerged to target the breach-prevention market.
Voltage is backed by more than $42 million in VC funding and has an impressive client and partner roster, including Heartland Payment Systems, Microsoft, AT&T, CUNA Mutual, Kodak, Wells Fargo, WatchGuard, and Websense.