Ubizen on E-Business Security

At this year’s RSA Conference 2002 Paris, we met with people from the European security company Ubizen. We talked with Carlo Sch??pp, Executive Vice President Ubizen Technology and Bart Vansevenant, Senior Manager Field Marketing.

Ubizen is a company that is solely active in the market of e-security. The company was established in 1995 in Leuven, Belgium, one of Europe’s leading technology centers as a spin-off from Belgium’s largest university, KULeuven. Ubizen now has offices in Europe and USA, as well in Singapore and Brisbane.

Mr. Vansevenant noted that the company has compound annual growth rate of about 40%, which is even higher then 20-30% predicted by the analysts. A week ago, on December 10, Ubizen announced that it ranked number 136 on the 2002 Deloitte Technology Fast 500, a list of the 500 fastest-growing technology companies in Europe. Rankings are based on a three-year percentage revenue growth from 1999-2001. Ubizen grew 429 percent during this period.

Ubizen targets the high-end industry sector and high-end in the banking sector, mainly global banks and online traders. As regarding the partnerships, Mr. Sch??pp notes that they are carefully selected – “A couple of years ago, many companies including Ubizen, were creating partnerships in the hope to achieve additional sales. In most of the cases, they are halfly generated and are insignificant. Now we are very selective while choosing a partner. When we partner, then its is somebody who targets the same market as we do”.

Today their core business is related to managed security services. They include Management, Monitoring and Support of critical network security devices, backed by rigorous Service Level Agreements (SLAs). Ubizen OnlineGuardian services cover a wide range of security tools, including today’s existing best-of-breed firewalls, Intrusion Detection Systems (IDSs) and Virtual Private Network (VPNs), and are scalable from one to thousands of devices.

As an addition, Mr. Vansevenant said: “We also help companies in couple of things broader than managed security – the three main phases of security cicle: planning, implementation and management. In the planning phase we help companies setting up security policies, doing vulnerability analysis, creating security architecture. In the implementation phase we implemet security technologies from “best breed” vendors like Cisco, Check Point, ISS and Nokia. The third phase is the management phase, and managed security services are our core business”.

I you are familiar with Information Security portals, you must remember SecurityWatch.com. The web site still hosts a screen saying “This site is currently being reconstructed. Please be patient.”, which is there for at least a year now. If you didn’t know, SecurityWatch.com was started and was run by Ubizen folks, so this was a good occasion to ask what happened to this, then well known, security portal.

“The web site was built on the old concept that was created by Yahoo!, where you get the income from advertising. After the dot com fall, advertising also collapsed. As a consequence, SecurityWatch couldn’t be funded any more with the advertisments. It needed to have alternative revenue streams, and that’s in fact what we have recreated within Ubizen. Now, you can get all the security bulletins, but it is now a paid service” – Carlo Sch??pp explains.

The staff, that was backing up SecurityWatch from the content perspective, stayed in the company as a part of security intelligence lab and now are working on beefing security information for Ubizen’s managed security services.

As for the security trends in 2002, Mr. Sch??pp said that one of the biggest problems is http traffic as it can slide right through the firewall. The examples given were Code Red and Nimda infections that happened at the application level, bypassing the firewalls. Ubizen’s response to this, is placing the security layer in front of a Website. Ubizen DMZ/Shield Enterprise examines every request to be sure it is a genuine Web request and is in line with security policies. If a request doesn’t fit, it is rejected before any damage is done.

“There is also a big problem with Internet worms, as the level of knowledge for writing them has fallen to just needing to edit the Visual Basic code” – Mr. Sch??pp noted in regards to ever growing number of Internet viruses and worms. While talking about dangers to the corporate networks, he sees the problems in internal people and ex-employees, as they know internal configurations and have possible access privileges. Ubizen’s plans for 2003 are of course based on their managed security services, mainly attracting the new customers, upgrading the services and shortening the installation time.