Exit Opportunities for Security Startups Look Bright

VC Money is Sign of Healthy Exits
We blogged last week about the availability of VC money for security startups. The selected entrepreneurs who made it to the final rounds of the Global Security Challenge collectively raised over $19 million following their participation. In a recent article in Red Herring, Cassimir Medford confirms the vitality of fundraising for security technology citing the example of Proofpoint -- an email security startup. This is a good sign for healthy exit opportunities in this market, because VCs typically only invest in startups they believe will earn them exit with a return of at least 10-x-cash,.

IPO as a Viable Exit Opportunity?
While current market conditions for an initial public offering are difficult for any startup, security startups have had a mixed scorecard. The fingerprint and hand-scanning company Cross-Match withdrew its filing for an IPO in January 2008, citing an unfavorable market environment. Broadview Networks, whose solutions ensure protection of critical data and networks, is still on track for its IPO in 2008. It filed for an IPO on Nasdaq in November, aiming to raise $288m. Sourcefire experienced a fast path to a successful IPO. The network intrusion detection startup was founded in 2001 and just 6 years later completed its IPO, generating $86.3 million.

M&A the More Attractive Alternative?
It is every entrepreneur’s dream to take his idea to IPO, but realistically the recent corporate acquisitions of security startups show a very active market that may prove the better route for security entrepreneurs.

Lately a bunch of acquisition deals for IT-security startups have happened with high valuations and hence nice payouts for the founders and investors. Cisco Systems spent almost a billion dollars last year for acquiring IronPort ($830m) and Securent ($100m). Not surprisingly, Google also went on a shopping tour and bought the on-demand web security firm Postini for $625 million last July.

However, IT-security startups are not the only hot acquisition targets as physical security technologies, such as biometrics and video surveillance, appear on the buying lists of industry leaders. In January 2008, L-1 Identity Solutions bought the finger-scanning company Bioscrypt for $44million. Neither are these deals contained only to the US, as the Israeli video surveillance company NICE bought Actimize for $280 million in July 2007 – a nice pay day for an 8-year old startup, no?

UMD is named American Partner University of the Global Security Challenge 2008

We are happy to announce that the University of Maryland is the 2008 host of the American leg of the Global Security Challenge. The University of Maryland is a world class institution widely recognized for its work in the areas of national security. It is ranked among the nation's top 20 public research universities, and its close proximity to DC makes it a convenient starting point when you want to reach some of the most influential decision-makers in security technology.

Last week we blogged about IARPA moving to UMD. Senator Barbara Mikulski commented on that by saying, "I can think of no better place than the University of Maryland for IARPA's headquarters. Its innovative academic research, world-class facilities and proximity to federal intelligence agencies make it an excellent choice."

To name a few reasons for its well deserved reputation, the university performs research within its campus against different aspect of national security:

• Center for Advanced Study of Languages - the nation's largest foreign language laboratory


• Center for Information Policy and Electronic Government (CIPEG) – projects will include those devoted to emergency response technologies


• M-Square, UMD’s research park, is also home to the National Foreign Language Center; NOAA National Weather and Environmental Prediction Centers; the FDA Center for Food Safety; the Maryland Center for Food, Nutrition, and Agricultural Policy; and the USDA Animal and Plant Health Inspection Service.

We echo the words of Congressman Ruppersberger, who as chair of the House Technical and Tactical Intelligence Subcommittee, stated "…the University of Maryland will continue to be a center for technology and innovation that will keep our country safe."

This is exactly the type of forward thinking we support and we applaud the University of Maryland’s focus on national security-related research. Stay tuned for an announcement of the date of the GSC’s American Regional and for details about how you can attend.

Global Security Challenge's finalists raise over $19 million in new capital

The Global Security Challenge (GSC) is proud to announce that our finalists and winners from the last two annual competitions have subsequently raised $19.6 million in new venture capital, grants and angel investments. This is in addition to the important grant that TSWG of the US Government awarded last year’s winning entrepreneurs.

Our top-selected startups also have secured large contracts with government clients, such as the US Department of Energy, the US Navy and the US Department of Defense, and with industry behemoths, such as Siemens and Bayer AG from Germany.

There is clearly the potential for a company to accelerate it’s growth timeline via involvement in the GSC. The success of our entrants validates our global competition. Two recent examples illustrate this intricate relationship between the Global Security Challenge and “our” startups.

Vumii – a video surveillance software and finalist of 2006 raised $3.9m in funding last year and contributed a lot of its success to the GSC. The CEO of Vumii, Randal Foster confirms this by saying: “As a direct result from our participation in the GSC, Vumii acquired increased global credibility and benefited from greater global brand recognition from the investment community, security solution community, and potential employee population."

As reported in the press, the GSC winner of 2007, NoblePeak Vision, announced last week that they raised $12 million in a funding round, led by Chart Venture Partners of New York. With Matt McCooe from Chart Venture Partners being an active supporter of the GSC for years, we are extremely pleased about this startup-investor match. (Picture below shows Matt McCooe on the left as a panelist at last year’s GSC conference in London)

Cliff King, NoblePeak’s Founder and COO, told us "Customer interest in our night vision technology soared from the publicity we received after winning the 2007 GSC. As a direct result we are now developing new camera systems with major OEM's and systems integrators for market launch at the end of 2008".

IARPA... Open for Business

It has been called the spy-version of DARPA, but the Intelligence Advanced Research Activity Project or IARPA has opened on the campus of the University of Maryland, a partner university of the Global Security Challenge. IARPA (pronounced EYE-ar-pah) is charged with developing groundbreaking technologies for the U.S. intelligence community. Right now it’s housed within UMD’s Center for Advanced Study of Languages but is planning on moving into its own building (being built on campus) by 2009.

This research agency consolidates the National Security Agency's Disruptive Technology Office (previously called the Advanced Research and Development Activity), the National Geospatial-Intelligence Agency's National Technology Alliance, and the Central Intelligence Agency's Intelligence Technology Innovation Center.

Surprisingly (or perhaps unsurprisingly because it’s DC) there are mixed opinions about IARPA. It does appear as one more way in which the CIA’s power is being subsumed, but on the other hand if IARPA can be more effective why not give it a try?

Back when Steve Nixon who is the current Deputy Associate Director of Science and Technology in the DNI’s office, was the acting director of IARPA he said in reference to the technologies coming out of IARPA, “The world has changed in dramatic ways with globalization of technology. These are the things that might not get done otherwise."

The good news for the new director of IARPA, Lisa Porter, is that she will report to Steve Nixon in the DNI’s Office. So straight off the bat she knows she’ll be reporting to someone who understands and supports her agency. Your columnist has been searching the web for a sense of the competence of Ms. Porter and found mostly positive comments left on blogs by those who have come into contact with her. (to read some the comments, click here)

One thing that is sure is that centre is located in on the campus of a university that is very much linked into this area. More about UMD soon…

German spy software gets a limited ”Go“

The Constitutional Supreme Court of Germany (Bundesverfassungsgericht) decided last week that the online investigation of a suspect’s computer is permissible under the German constitution. Technology-wise, this would mean that the police can purposefully infect a suspect’s computer with spy software (a so-called Trojan) that would relay information on that person’s hard-drive back to the police.

The Ministry of the Interior will soon implement this decision into the criminal code of law and the police’s investigative practices. The court’s decision does not give the police ”carte blanche“ to spy on people. Instead they deemed that this type of cyber spying is a violation of privacy rights and is only acceptable in exceptional cases and only under the supervision of a judge. As reported by Spiegel, Wolfgang Schäuble, the German Minister of the Interior, already tried to calm the public’s fears by saying this new instrument will be applied in only a “few, but critical cases”.

Yesterday, he again reminded the public in an interview about the imminent danger Germans face, underscored by intelligence agencies who concluded that Germany is a target for Islamic terror and that Al-Qaeda’s leadership has made the decision to prepare for attacks against Germany.

The BBC pointed out the irony of this advanced but intrusive technology to be applied in a country that has “a historic fear of state intrusion, dating back to the Stasi secret police in the East and the Nazi-era Gestapo.” According to the BBC, this new law makes Germans “the most spied upon people in Europe”.

Rail Security – the Slow Metamorphosis of Trains into Airliners

Many aviation experts continue to complain that security controls at airports are inefficient and ineffective. Their arguments are only strengthened by the fact that testing the system usually reveals breathtaking gaps. Nevertheless, terrorists are known to be adaptive by nature and have responded to increased vigilance and technological improvements at airports by switching their ’loci operandi’ to trains, as the attacks in Madrid ('04) and London ('05) and the averted plots in Germany ('06) painfully illustrated.

The need to beef up train security is apparent and two interesting examples below show different approaches and success rates:

German police authorities (BKA) put facial recognition to a test at the central train-station in Mainz in 2007 – with mixed results at its best. They tried to recognize 200 registered commuters (so people purposefully took a designated picture at the beginning of the test). However even in these artificial conditions they reached a recognition success rate of only about 60% during the day and less than 20% at night. These results were so disappointing that the BKA chief said he could not recommend facial recognition, at least at its current level of maturity, for wider use by the federal authorities.

Last week Amtrak – the US train behemoth – announced the implementation of airport-like security checks. Now some travelers will be exposed to checks before they board trains by technologies like Smiths Detection’s portable explosive detection devices. Amtrak did however, stop short of installing fixed metal-detectors, which would trigger lengthy cues and erase the last benefit that trains have over airlines – that of convenience. This columnist believes though that as long as rail security remains significantly lower than airlines, it will remain a target of convenience for terrorists.

A Look at Defence Investing: Funding from Asia

As it becomes more and more important to find and fund cutting edge technologies, we see countries turning to the venture capitalist route. Singapore is one of those countries and today we’ll look at the fund established there and how it helps defence and security innovators.

Defence Science and Technology Agency (DSTA), is very involved in defence and security research and development at universities in the region through Temasek Laboratories at both the National University of Singapore (NUS) and the Nanyang Technological University (NTU).

They have now gone one step further to help bring to market innovative ideas that can be used in Singapore’s defence initiatives and have therefore set up a technology innovation fund. This fund is administered by Cap Vista, a strategic partner of the Global Security Challenge competition.

DSTA committed S$20 million to invest in early-stage technology startups around the globe (capped at around $2 million per investment). The current portfolio companies from the website of CapVista are:

• Ascendent Technologies Pte Ltd, a Singapore registered company, was formed in March 2007. It specializes in the research and development of CERMET (metal infused ceramics) processing technology, and the subsequent performance and packaging customisation for armour system integrators. It aims to be a key global supplier and consultants for advanced protection materials


• DenseLight owns and operates an indium phosphite-based manufacturing facility, with the ability to design, manufacture, package and test photonics devices. These devices are used in a wide range of sensors such as fibre-optic gyroscopes, chemical sensors and remote sensing devices.


• Rosum Corporation is based in Mountain View, Silicon Valley. It is a location technology company in the business of augmenting traditional GPS solutions through the integration of TV-based positioning systems. Rosum TV-GPS, provides reliable and accurate position fixes indoors, outdoors, and in dense urban locations where GPS signals are completely denied.

As you can tell via the investments above, you don’t need to be in Singapore or even in Asia to get an investment from CapVista. In fact they have built a robust network centered on partnerships around the world and have established Defence Technology Offices (DTO) in the US and Europe. So if you are in Europe, fear not! the DTO (Europe) office is located in Paris. This office helps to organize and build links in places such as France, Sweden, and the UK. Perhaps not surprisingly, in the last few years DSTA was the third largest defence R&D partner after Germany and the UK.

Web 2.0 – New Terrorist Threats or Security Opportunities?

The (ab)use of emails by terrorists has been a well known issue in the intelligence industry. In the averted train-plot in Germany last year, terrorists tried to (unsuccessfully) outsmart authorities’ surveillance of email traffic by not actually sending out emails but placing them as draft messages in their account with all parties commenting on the drafted messages.
This tactic illustrates how different online tools are used now and tactics anticipating standard surveillance. The US Government acknowledges the potential dangers of social networks by saying that: "Unfortunately, what started out as a benign environment where people would congregate to share information or explore fantasy worlds is now offering the opportunity for religious/political extremists to recruit, rehearse, transfer money, and ultimately engage in information warfare or worse with impunity."

Therefore the US Intelligence Community has started analyzing “Second Life“ type communities and NSA reportedly “is funding research into the mass harvesting of the information that people post about themselves on social networks.” (New Scientist)

What is the Role of Web 2.0 Tools in Government?
Lewis Sheperd, a former senior technology officer at the US Defense Intelligence Agency and now CTO at Microsoft’s Institute for Advanced Technology in Governments, described in a podcast the deployment of social networks in government. The US Intelligence Community already started using wikis; in particular an IC-wide tool called “Intellipedia” has been massively used and deemed a success, as measured mainly by satisfaction of intelligence end-consumers, such as policymakers. Also the creation of internal blogs and RSS feeds has helped to improve quality of information as well as speedy delivery. Through an impressively fast integration of an open source tool (gallery.menalto.com), they even created an intelligent Flickr-like photo sharing platform in-house. Mr. Shepherd’s main tip for integrating web 2.0 tools by other governments was to develop these applications side by side with technologists and end-users.


Cutting Edge Technologies to Police the Web
What have we seen in this space? Three specific technologies come to my mind immediately that can be helpful in securing internet platforms from malicious behavior:

• Carified Networks from Finland is developing a collaborative intelligence tool: at the heart of the system is a wiki portal that visually represents the technical and social actors and their linkage in the scope of terrorist and criminal investigations.


• As criminals and terrorists continue to take advantage of the anonymity of virtual platforms, such as 2nd Life and online social networks (Facebook), a potential solution could be to identify users by their unique typing rhythms. The German startup, Psylock , has developed a log-in software using a typing algorithm - but perhaps a future version of this kind of technology could run in the background of chat-rooms and forums to identify suspicious users.


• Another problem of the immense data flood that is contained in forums, chat-rooms and virtual lives is instant analysis and prioritization of data – especially when written in a different language. Intuview, a cool Israeli startup tries to tackle this problem with its artificial intelligence Arab translation software. Their Arabic language NLP engine is tailored to the idiosyncratic neo-classical Arabic used by Islamic terrorists.

More Statistics about Funding Security and Defence Startups

We thought we’d share some remaining statistics about the innovators that entered the GSC last year. Approximately 51% of the startups that entered were self-funded while nearly 30% had been funded by VCs. The remaining 19% had a mix of grant or angel funding.

Of those that were funded the majority (approximately 65%) received less than $1 million, with 23% receiving $1-5 million. At the top end – those receiving more than $5 million in VC funding – comprised about 12% of our entrants. Hopefully this number increased after their involvement in the competition.

Now if we take one cross-section of entrants, for example just those who entered from the US, we see a similar pattern to the world-wide statistics. The majority of entrants (44%) are boot-strapping their companies. The next largest group, coming in at 31% of the total, is being funded with VC money. With nearly 25% startups receiving grants there is a bit of a bump over the global average. Is this because the US Government is forward leaning in supporting research and development?

Opportunity For Investors
The good news for investors is that there are a lot of unfunded security startups around the world. The Global Security Challenge 2008 will be a great place to interact with startups and to learn more about the security innovation landscape.

Cyber Defence – warfare of the future?

With the heavy reliance of military, banks and even civilians on the Internet today, it’s no surprise that criminal and terrorist activities are focusing their efforts on reeking havoc on the web these days. While it used to be individual hackers who stole credit cards and brought down webpages such as the New York Times’ site in 1998 and the White House’s page in 2001 (allegedly by Chinese hackers), now the latest attacks are much more coordinated and can be directed to attack the critical infrastructure of an entire country, as the recent cyber-attack on Estonia in 2007 showed. The sophisticated attackers used a distributed denial-of-service technique, in which “hackers infiltrated computers around the world with software known as bots, and banded them together in networks to perform these incursions. The computers become unwitting foot soldiers, or “zombies,” in a cyber attack” (New York Times)

As a result of the attack in Estonia, nearly all government ministry networks and two Estonian banks were knocked offline. Many say this was the first example of a cyber-war we have seen. The fact that the Internet often forms the critical backbone of a country’s infrastructure is also illustrated by the rumors currently circulating Cairo’s streets. After the recent destruction of an underwater telecommunication cable by a ship in the Mediterranean Sea that disrupted Cairo’s Internet access, the initial rumors interpreted this to be the first step of the USA for an attack of Iran, according to our Egypt Correspondent (M.S.).

So where is our Cyber Defence?

In 2003, the US government created the National Infrastructure Advisory Council that operates within DHS to produce the National Strategy to Secure Cyberspace, which among many other points stresses the importance of: “performing and funding research and development along with other agencies that will lead to new scientific understanding and technologies in support of homeland security.“

Following this report’s point about looking at the private sector for solutions, we can confirm the validity of working with scientists and entrepreneurs to tackle problems like this. One prime example is Iviz, an Indian startup company that has developed an artificial intelligence technology to simulate intelligent human hackers. They were selected amongst the top-6 security startups in the world by the Global Security Challenge 2007.