10 IT security companies to watch

New companies have to be brash to enter the network security market, given that the industry has witnessed an explosion in creativity over the past five years and considering that big players such as Microsoft and IBM increasingly are throwing their weight around in security. Nonetheless, anyone who takes the time to listen to what IT managers say they would like to see from the security industry can't walk away without the impression that there is plenty of room for the new.

For example, Ryan Bagnulo, vice president and head of software architecture and innovation at Wachovia, says he'd like to see more industry action on automating security-policy administration based on the Organization for the Advancement of Structured Information Standards' eXtensible Access Control Markup Language.

Sometimes entire groups of users stand up and declare they need something new. The Jericho Forum wants to see a new generation of products and services designed for the world of e-commerce, where traditional firewall-edge boundaries are vanishing. 

User demand will have the final say about whether security startups pan out as the successes their founders envision -- or end up as brief footnotes in the epic of networking. Here are our selections for 10 security newcomers worth watching:

Whatever happened to last year's 10 security companies to watch?  

2Factor
Founded: 2006
Headquarters: Maumee, Ohio
Funding: $1.6 million in first-round financing
CEO: David Burns

What the company offers: Real Privacy Management (RPM) software that provides continuous, two-factor user authentication and data encryption based on a patented, real-time algorithm that limits the opportunity for intrasession hack attacks and threats.

Why it's worth watching: Authenticating users has become a security best practice, but once is not enough. Methods such as public-key infrastructure (PKI) authenticate the user at first logon but leave the session open to hacker attacks thereafter. By performing continuous mutual authentication and encryption during every transmission between client and server, 2Factor reduces the potential for data theft and fraud by closing the window of opportunity for hackers.

How the company got its start: After working in cryptography for many years, founder and chief scientist Paul McGough saw the need for a simpler, nimbler, and more effective alternative to PKI and other security technologies. The company claims RPM is based on provable mathematics, is as much as 100 times faster than PKI, and can be deployed quickly and easily in any type of software, chip, or device.

Where the company got its name: A reference to two-factor security, where the first factor is "what you know" (typically a user name and password) and the second factor is "what you have" (typically some type of card or token).

Customers: The company says it's in discussions with several major financial institutions, plus mobile phone operators, digital media companies, government agencies, and large health care institutions -- but won't name names.

NetWitness
Founded: 2006
Headquarters: Herndon, Va.
Funding: $7.5 million from undisclosed angel investors
CEO: Amit Yoran

What the company offers: NextGen, a security product that monitors and analyzes inbound and outbound traffic and stores and analyzes it based on users, applications, and content.