that also includes Arbor Networks, Bit9, NitroSecurity, Q1 Labs, Veracode, and Verdasys. I haven’t checked with each firm this month, but at least Fidelis and Cyber-Ark are both growing and profitable—and I get the sense that reports of cyber attacks don’t hurt their business. Fidelis, for one, says it plans to double its revenues and add to its 50-plus employee roster this year.
“We’re entering this market that’s beginning to form around network analysis, visibility, and monitoring,” George says. “It’s a big market in the early stages.”
Further down the road, a number of research efforts are aiming to change the security landscape more fundamentally. One major new initiative is the U.S. Defense Advanced Research Projects Agency’s CRASH program, which is managed by MIT computer scientist Howie Shrobe. (CRASH stands for Clean-state design of Resilient, Adaptive, Survivable Hosts.) The program, which kicked off in the fall, involves research teams at 15 organizations around the country including MIT, Northeastern University, Yale University, BAE Systems, and BBN Technologies (Raytheon). The teams are focusing on a wide swath of areas such as processor architectures, operating systems, programming languages and environments, and hardware and software design analysis.
The basic idea—and it’s an ambitious one—is to redesign computers from the ground up with security in mind. The details get technical pretty fast, but the analogy DARPA uses is that software and hardware can be redesigned from core principles that emulate living organisms: namely, computers could have immune systems that automatically adapt to intruders (and reconfigure), and they could exhibit more diversity across systems, and over time, so that attackers are continually kept off-balance.
These ideas aren’t really new, of course, but the program aims to push the technology envelope and see what kinds of new systems can be demonstrated in the next few years. That could lead to new companies forming around things like advanced architectures, operating systems, and adaptive software. Even if CRASH or other programs are successful, though, they won’t become the be-all, end-all for cyber security. That’s because of at least two reasons: the human element will continue to make computers vulnerable; and more advanced threats will keep popping up to counter any new hardware or software.
“Computer systems are complex,” Kevin Mitnick, a notorious hacker-turned-security guru, once told me. “There will always be ways to break in.”