As Cyber Threats Mature, So Do Boston-Area Security Firms: RSA, Fidelis, Cyber-Ark, and More

that also includes Arbor Networks, Bit9, NitroSecurity, Q1 Labs, Veracode, and Verdasys. I haven’t checked with each firm this month, but at least Fidelis and Cyber-Ark are both growing and profitable—and I get the sense that reports of cyber attacks don’t hurt their business. Fidelis, for one, says it plans to double its revenues and add to its 50-plus employee roster this year.

“We’re entering this market that’s beginning to form around network analysis, visibility, and monitoring,” George says. “It’s a big market in the early stages.”

Further down the road, a number of research efforts are aiming to change the security landscape more fundamentally. One major new initiative is the U.S. Defense Advanced Research Projects Agency’s CRASH program, which is managed by MIT computer scientist Howie Shrobe. (CRASH stands for Clean-state design of Resilient, Adaptive, Survivable Hosts.) The program, which kicked off in the fall, involves research teams at 15 organizations around the country including MIT, Northeastern University, Yale University, BAE Systems, and BBN Technologies (Raytheon). The teams are focusing on a wide swath of areas such as processor architectures, operating systems, programming languages and environments, and hardware and software design analysis.

The basic idea—and it’s an ambitious one—is to redesign computers from the ground up with security in mind. The details get technical pretty fast, but the analogy DARPA uses is that software and hardware can be redesigned from core principles that emulate living organisms: namely, computers could have immune systems that automatically adapt to intruders (and reconfigure), and they could exhibit more diversity across systems, and over time, so that attackers are continually kept off-balance.

These ideas aren’t really new, of course, but the program aims to push the technology envelope and see what kinds of new systems can be demonstrated in the next few years. That could lead to new companies forming around things like advanced architectures, operating systems, and adaptive software. Even if CRASH or other programs are successful, though, they won’t become the be-all, end-all for cyber security. That’s because of at least two reasons: the human element will continue to make computers vulnerable; and more advanced threats will keep popping up to counter any new hardware or software.

“Computer systems are complex,” Kevin Mitnick, a notorious hacker-turned-security guru, once told me. “There will always be ways to break in.”

Pages: Page 1, Page 2

Author: Gregory T. Huang

Greg is a veteran journalist who has covered a wide range of science, technology, and business. As former editor in chief, he overaw daily news, features, and events across Xconomy's national network. Before joining Xconomy, he was a features editor at New Scientist magazine, where he edited and wrote articles on physics, technology, and neuroscience. Previously he was senior writer at Technology Review, where he reported on emerging technologies, R&D, and advances in computing, robotics, and applied physics. His writing has also appeared in Wired, Nature, and The Atlantic Monthly’s website. He was named a New York Times professional fellow in 2003. Greg is the co-author of Guanxi (Simon & Schuster, 2006), about Microsoft in China and the global competition for talent and technology. Before becoming a journalist, he did research at MIT’s Artificial Intelligence Lab. He has published 20 papers in scientific journals and conferences and spoken on innovation at Adobe, Amazon, eBay, Google, HP, Microsoft, Yahoo, and other organizations. He has a Master’s and Ph.D. in electrical engineering and computer science from MIT, and a B.S. in electrical engineering from the University of Illinois, Urbana-Champaign.