An American IT security company is developing a research and development arm in Canada to create products that help enterprises address network vulnerabilities in a more proactive manner.
San Francisco-based nCircle has set up
offices in the Toronto Carpet Factory on the city’s Mowat Ave., where it hopes to build a team of 15 people by the end of the year. Privately held and funded through venture capital, nCircle’s flagship product is the IP360, a system that consists of two key components. VnE Manager is a hardened appliance that serves as the central data repository and management platform called. Device Profiler, meanwile, is a hardened, disk-less appliance that profiles devices and securely reports its findings.
Mike Murray, nCircle’s director of engineering, said the Canadian operation would primarily consist of a vulnerability research group with sales support for its existing product line.
“”One of our main goals in coming up here is to expand into Canada and get access to that experienced talent,”” he said. “”We also realized that our opportunity is to come up here and provide vulnerability management to the Canadian IT organizations.””
Murray said the ongoing assault of high-profile viruses (like this week’s Sasser) has created a shift within the enterprise that has chief information security officers trying to thwart problems before they start.
“”People have really started to see the value of being prepared for these attacks, rather than have to react,”” he said. “”It lends itself to more of a strategic application of IT resources — to places that are more strategic than having to fight fires all the time.””
Although Symantec, Network Associates, White Hat and many other security firms have already established a considerable Canadian presence, there’s still room for more, said IDC Canada security analyst Steve Poelking.
“”The security space seems to have no bounds in terms of new companies entering the market,”” he said. “”It seems like it’s inelastic in that regard.””
While many firms are focused on the intrusion detection system (IDS) space, companies like nCircle create tools to search for “”windows of exposure,”” including the way an IP-enabled device responds to network connection requests, for example, or how the applications respond to ports that have been left open. This helps enterprises cut back on the number of “”false positive”” alerts from an IDS.
“”It’s so expensive to try and respond to attacks and recover from them once they’ve happened,”” said Murray. “”With Blaster and Slammer, there’s kind of a global awareness at this point.””
Poelking said nCircle is wise to invest in its R&D capabilities.
“”Right now we’re at the stage where companies are developing. Will they all last? The answer is no,”” he said. “”A lot of these features and functions are being built into other software suites by the big guys — Symantec, Network Associates, as well as Tivoli and OpenView and BMC.””
In some cases, nCircle has already started working more closely with big-name firms. Last year, for example, its vulnerability management appliance was integrated with Tivoli’s Risk Manager product.
So far nCircle customers include the Patelco Credit Union of San Francisco, and Murray said the company has high hopes for the financial sector in Canada as well.