Monday, May 8, 2006
Interview with Mitchell Ashley, StillSecure
Our interview today is with Mitchell Ashley, CTO of StillSecure, a Colorado-based company which is developing network security software. We caught up with Mitchell to hear about the company and get an update on its products.
Techrockies: Tell us a little bit about what StillSecure does?
Mitchell Ashley: StillSecure is a network security product company, serving medium and large enterprise organizations—we're a software company. We provide products to commercial and the financial services, health insurance, the educational marketplace, and high tech. A good deal of our business is with the federal government, both defense oriented as well as civilian. We've been in business since 2000, and have three products on the market, and all of them follow a layered security strategy. With security, you typically apply a layered approach, because no one point in the network is the vulnerable point. There are many ways you can suffer a security breach. So we offer a network access control solutions, called Safe Access. Safe Access will quarantine any device coming on your network, determine if it meets your security requirements, and allows it onto the network, or brings that device up to date.
Techrockies: Where do you fit into the security market—it's a pretty crowded space, with lots of products—so give us an idea of where your products are used?
MA: There are really three verticals we fit into. One is network access control, vulnerability management, and intrusion prevention. The way to think about it is, we can provide a proactive defense capability: before an attack occurs, how can your make sure your network is secure; we can offer reactive defense; when an incident occurs, someone tries to break into your network, we can prevent that from occurring; and also providing a compliance element to this, because so much of security now is not just about doing security, but reporting and providing information to auditors, regulators, about the security that an organization has applied.
Techrockies: How did you get into this market?
MA: The background is, we actually entered this market as a network service provider and quickly changed over to network security, because we had implemented some tools for ourselves, the customers were asking to buy. Relatively early in our company's life, we discontinued offering services and have been focused ever since on the security problem. That's one of the reason's why our products are unique is we not only offer products that can act stand-alone, but they can work with each other. But also, because we take more of a user centric approach. Security is different today that it was five years ago. Today, you have a variety of skill sets thats performing the security job function. It may be a Windows admin, it may be a network administrator, it may be a security person, it may be someone without any security background. So, you have to design and build a product for a wide range of users, not just the expert users. Plus, when you get into the enterprise organization, you have to build a very scalable product, that can not only handle one organization's needs, but a multi-organization company. That has to roll up into reporting for compliance, etcetera.
Techrockies: Tell us about your venture funding?
MA: Our venture backing and primary investor is Mobius Venture Capital, and they have been an investor from the beginning of the company. They actually a repeat investor, as Mobius has worked with our CEO and several of its companies. We really have a longstanding relationship with our primary investor. We also have an investment from 3i, which is an international investment company based out of London, and we have a local Denver investor, Meritage Venture Capital, which is an investment that came out of an acquisition, an acquisition which we did two and a half, three years ago.
Techrockies: How far along are you in your product lifecycle?
MA: We've had market in market for four years. StrataGuard was our first product. It was one of the first prevention systems in the market. Most of the state of the art products at that time only detected intrusions. StrataGuard would actually block attackers from the network. That's product has done very well, and we actually offer a free version of that product for individuals and organizations that can use an IPS in a network that is under 5 Megabits in speed, supported through online forums. They can upgrade to our commercial version if they choose to. That's part of our helping the corporate environment as well as individual users. Then, we introduced VAM to the market. That's been to market for about three years. VAM helps very large customers, including some local companies like Nuclear Fuels, University of Colorado Hospital, and some partners locally who resell and are references for customers like Systest Labs, and Coalfire systems. Our third product area is Safe Access, which has been on the market for two years. This is another access control solution which can work with any NAC environment, including Microsoft and Cisco's network access solutions. You can use them with those products our outside of those environments. If you have an existing network using DHCP and VLANs, Safe Access can examine any device coming onto those networks and determine if they are up to date on antivirus, if they have firewalls, if they have required or restricted software, such as peer to peer software. All the way down to what browser you are running and security settings.
Techrockies: Does that require an agent to run?
MA: Actually, no, we don't. We offer both an agentless and agent version. Any device connecting into the network we can connect into without an agent, and interrogate the device, and determine if it meets your policy.
Techrockies: It seems like this is very different from other products in the market...
MA: NAC is the hot market, and many people are addressing it with their existing products and relabeling it as NAC, but if you really dig down and understand your requirements are, it's not just situations where you can install an agent, but where you can't, where this is valuable—such as visitors, contractors, etc. That's one of the key differentiators of Safe Access from other solutions in the market.
Techrockies: What's the next step for the company?
MA: We're continuing to enjoy and add new customers to our customer base. We're continuing to advance the state of the art in the market with our products, in each of our product categories. So, really we see the security market is going in two directions. There will always be best-of-breed solutions, which we will offer products that are award-winning products in several categories. But if you talk to organizations implementing security, one of the key requirements they are asking for is leveraging information from each of these individual tools, and not just from a reporting standpoint, but to make the organization more secure. For example, we offer capabilities for our vulnerability management product and network access control products to work together. Now you're not only quarantining and evaluating endpoint devices when they connect to the network, if it's a corporate device you're able to do a fuller vulnerability assessment on the device. The data between those systems is now shared, and you get a more complete picture of the device. The other thing we see as the state of art advances, more security technology is being embedded in the network. Why that is important, security is a dynamic process. Those capabilities rely on core technologies within our products.
Techrockies: Thanks for the interview!