Another Security Market That's Getting CrowdedAnother Security Market That's Getting Crowded

Startup Platform Logic Inc. is the latest newcomer to host-based intrusion prevention, today releasing software designed to stop rather than simply identify attacks on applications. Platform joins a growing roster of companies--notably Cisco Systems and Network Associates--that are getting into that particular market.

Homayoon "TJ" Tajalli, CEO of Platform Logic, says his AppFire suite's modular approach to intrusion protection will differentiate it from his competitors' products. It had better. Just last week, Network Associates bought Entercept for $120 million, and Cisco picked up Okena for $154 million in January. Neither are likely to give the startup a break. Then there are Sana Security, with its new Primary Response app, and Harris Corp. with its STAT Neutralizer, which has a broad base among government buyers.

Eric Ogren, a senior analyst with the Yankee Group, says he likes Platform's modularity. "It lends itself well to standardized implementations." But the software operates in a similar fashion as those fielded by Cisco/Okena and Harris, Ogren says. Buyers in markets dominated by similar products often default to the more familiar makers.

AppFire consists of several components, including a server, two user interfaces (one for administrators and another for security specialists), and a "behavior control" agent. Behavior-control agents govern what a given app is allowed to do, or, more directly, what they aren't allowed to do. They're designed to stop software from being used by hackers and viruses.

Each application control, or rule, imposed by an agent is independent of other controls, and administrators can change specific controls without worrying about what impact the change will have on other controlled apps, says Tajalli. This is different from how competing products work.

The difficulty of changing application-behavior rules, especially those controlling custom-developed apps, has been a recurring complaint from buyers. Overall, however, customers have expressed satisfaction with their ability to use intrusion-prevention software to stop attacks.

While Platform is new to host-based intrusion prevention, its management team isn't new to security. Prior to founding Platform, Tajalli was executive VP and general manager of commercial products and a product strategist for Trusted Information Systems, the company that launched the popular Gauntlet firewall. "Engineering expertise with Gauntlet firewalls will be a great asset" in developing kernel-level intrusion-prevention software, Yankee's Ogren says.

That may be, but Gartner analyst John Pescatore sees a problem that can't be solved with engineering alone. Pescatore says there is more supply than demand in the host-based intrusion-prevention market. In fact, he doesn't expect any of the small companies to get big. "You wonder who is going to make the next acquisition, and who is going to get bought. Will Symantec, BMC Software, or Microsoft make the next purchase? None of these smaller companies are going to become the next Check Point. They'll have to win a few reference accounts and get bought," he says.

Platform's Tajalli remains unfazed. "We're not far behind. We're building meaningful channel partnerships. We know we have something better."