PredatorWatch Prowls for Network Integrators

What PredatorWatch Inc. has is a security monitoring device slightly bigger than the palm of your hand, providing realtime security and reporting tools to document regulatory compliance with the Gramm-Leach-Bliley Act, Federal Deposit Insurance Corp. , Health Insurance Portability and Accountability Act (HIPPA) , and others. What it doesn’t have is enough solutions integrators. That’s about to change.

The $4,995 PredatorWatch Auditor product is affordable for the thousands of small and medium-size companies that can’t afford a high-end security product, according to PredatorWatch Chief Executive Gary Miliefsky. And it installs in hours, not days, he said.

The main thrust of PredatorWatch Auditor is to assure regulatory compliance by testing a network — all the way to the desktop or laptop — for a wide range of known vulnerabilities. For example, financial services companies, or any institution that has financial relationships with consumers, including retail stores that issue credit cards, must comply with the regulations set forth in Gramm-Leach-Bliley. Others that must comply include law firms that handle estate planning, tax planning, residential real estate and bankruptcy with respect to individual clients.

But how does a business prove to regulatory agencies that it is in full compliance with a trainload federal regulations?

Proving Full Compliance

That’s the idea behind PredatorWatch. Updated daily with a government-sponsored standardized dictionary of vulnerabilities, PredatorWatch generates reports documenting compliance, or areas that need to be looked at.

Rather than staffing up to compile its own list of vulnerabilities, PredatorWatch leverages Common Vulnerabilities and Exposures (CVE), a standardized dictionary of known threats. Maintained by Mitre Corp. under a government contract, the CVE dictionary is sold as a subscription, allowing the PredatorWatch Auditor device to automatically update itself daily. The raw CVE dictionary is in the public domain .

Already in use at several financial institutions, a major university, and even a missile defense contractor, PredatorWatch contains an internal 40-Gbyte hard drive to store the CVE dictionary and user-created monitoring criteria and schedules. The system runs on Linux, completely transparent to the operator. More than 100,000 IP addresses are under management at nearly two dozen locations.

“We are offering the highest possible margins to our channel partners, up to 30 percent, by offering a sliding scale of 50 percent of all CVE updates subscription revenues in year one, 25 percent in year two, and 10 percent thereafter for all customers that maintain a relationship with PredatorWatch, through a channel partner,” said Miliefsky. The idea, he said, is for the solution provider to realize an annuity revenue stream long after the sale and installation of the product is completed. “No one else is doing this,” said Miliefsky.

In addition, PredatorWatch, based in North Chelmsford, Mass., offers co-marketing, training, and executive-level support. As an additional incentive, for every five PedatorWatch Auditor devices a solution provider sells through March 2004, the company will furnish one free unit that can be used as a sales tool or as salable inventory.

“Most solutions I’ve seen start at $50,000, but this one starts at $5,000,” said Charles Georg, Director of Marketing at solution provider ISO Security Solutions Inc., Bloomfield Hills, Mich. “These products leverage the brainpower of a Chief Security Officer (CSO) in a box and allow us to sell into a smaller organizations that can’t afford to have trained security specialists on staff.”

Acknowledging the reticence that providers and customers have in doing business with a young, unknown company, Miliefsky said PredatorWatch has going to great lengths to allay those fears.

Reducing Risk to Channel Partners

“We have taken precautions to ensure reduced risk to our channel partners. This includes source code escrow availability and two publicly traded ISP hosts for our CVE subscription update service.” That service is automated, SSL secure, and has already been paid for, in advance, for the next three years. The company is also moving ahead with an “A” round of venture capital financing, in the vicinity of $5 million, according to Miliefsky.

With its PredatorWatch Auditor line, PredatorWatch is taking on several big names in the security space, Cisco, Internet Security Systems, and Symantec among them. So why go with a start-up? “Our sales cycle is much shorter, installation is quick and requires no fireweall reconfiguration, and we are based on CVE standards,” said Miliefsky. “Those other products are based on proprietary technology, not standardized CVE, which is available to anyone.”

Three versions are PredatorWatch Auditor are currently available. A handheld version, priced at $4,995, supports up to 32 IP addresses; a small-office/home-office unit carries the same price and capacity. For larger installations, rack-mount models are available with pricing varying depending on the number of IP addresses. Each includes the first year of CVE subscription updates at no charge.