Last year, David Lowenstein, chief executive officer of Toronto-based Federated Networks, told attendees at the Demo technology conference in Santa Clara, Calif., that Federated's soon-to-be released Connect Secure software will offer "cybersecurity that actually secures - imagine that."
Considering the security software field is dominated by established brands like Symantec and McAfee, Mr. Lowenstein was making a bold claim. But come this spring, Federated hopes to try to back it up when it releases Connect Secure.
Mr. Lowenstein, who co-founded Federated in 2005 along with Risu Na, says he believes the company can compete with bigger hitters based purely on its innovation, including its proprietary security protocol that, he claims, is more robust than the industry-standard secure sockets layer (SSL).
In 1994, Mr. Lowenstein co-founded business-process outsourcing firm FYI Corp., which became Sourcecorp Inc., and was sold in 2006. Afterward, he says, he wasn't looking to launch another technology venture. But shortly before the dot-com bust, when he was in the midst of selling an online e-learning company he had invested in, the buyer wanted Mr. Na - then chief architect at Learning Library - to help with the transition.
Mr. Na agreed - if Mr. Lowenstein would take time to discuss some ideas.
The two talked about the prerequisites for a successful technology venture. One, they decided, was "deep intellectual property," Mr. Lowenstein recalls. They needed, he adds, something nobody else had, something they could patent (Federated now has several patent applications in the works).
That, coupled with Mr. Na's background in authentication systems and the fact that "the cyber-security space seemed to be one where there's a lot of pain," Mr. Lowenstein says, led them to security software.
"The existing ideas just aren't working," Mr. Lowenstein says.
Secure sockets layer (SSL), the established security protocol on which virtually all security software suppliers rely, isn't cutting the mustard, Mr. Lowenstein says. Federated's innovation is building its own SSL replacement, called ASL.
"One of the things that we did was we actually, with our protocol, replace SSL, or operate beside it, to actually strengthen that network," Mr. Lowenstein says.
James Quin, a lead research analyst who specializes in security at Info-Tech Research Group in London, Ont., says it isn't sure where Federated's break with SSL will lead.
"I don't know if I can go so far as to say that there are significant problems with SSL," he says. "I do think, however, that it's fair to say that it's a protocol that has been around for a while. The longer something sits in the field, the greater the likelihood that hackers are going to find a way around it."
If nothing else, Mr. Quin says, the fact that Federated's ASL isn't the prevalent protocol will mean it will be attacked less often. On the other hand, he adds, if someone finds a hole in ASL, Federated will bear sole responsibility for fixing it.
The second thing setting Connect apart, Mr. Lowenstein says, is that it does more to secure the "human-computer interface" - the communication between human and computer using keyboard, mouse and screen. By taking control of data passing from input devices like the keyboard to software running on the computer, and from that software to the screen, for instance, Connect Secure can defeat key logging software designed to steal data as it is typed, and screen capture tools that steal what is displayed.
Mr. Quin says this may be Connect Secure's most important feature. "Any sort of key logger or sniffer isn't going to capture what I'm typing in - it's just going to capture the encrypted jargon."
Finally, Mr. Lowenstein says, Federated has adopted secure programming practices developed by the military with the goal of making its software as reliable as possible - and hard to crack, because as the company points out, successful security software becomes a target.
Thanks to Mr. Lowenstein's earlier success with Sourcecorp, Federated Networks has been able to take its time with product development without having to go in search of funding. The plan is to launch a consumer product in the first quarter of 2011, he says, following that with PC software for corporate clients and server software for businesses such as banks, retailers and governments to secure online transactions for their customers.
If the software proves itself, Mr. Quin says, Federated's future could be bright. "The vast majority of innovation in the security space is coming from the small players," he says.
The established security vendors tend to rely on acquiring new technology. Does that mean a buyout in Federated's future? Quite possibly, Mr. Quin says - "I wouldn't be surprised if that's the business plan going into this."
Until Federated gets its software into the real world, the truth of the claim Mr. Lowenstein made in California is impossible to measure.
Still, at Federated's request, testers with the BT Managed Security Solutions Group tried to exploit 10 top Web-based vulnerabilities, identified the Open Web Application Security Project (OWASP), an open-source group that publishes security reports and documents. A beta version of Connect Secure stopped them all.