Sanctum promises application layer security
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Sanctum claims its software can automate the prevention of known, as well as unknown, security attacks. How does its technology work?
Gil Raanan is following in the footsteps of almost every software company to emerge from Israel. He spent his military service building highly-sophisticated applications for the Israeli army, and realised this expertise could be put to use in a commercial setting. In this case, protecting corporate organisations' web applications.
| ||
Raanan co-founded Perfecto Technologies in 1997 (later renaming it Sanctum) with a focus on implementing security at the application layer, an area that is still highly vulnerable to attack.
Security attacks on the application layer are more sophisticated than the average attempted hack by a 'script kiddie'. Attacks are typically channelled through an organisation's web server and try to abuse the business logic of an application to execute malicious activities, such as siphoning money from a customer account.
Addressing that threat, Santcum's core product is an application level firewall called AppShield. This is installed either on, or in front of, a web server to automate the process of monitoring traffic and blocking anomalies.
It protects against ten known security segment threats including 'cross site scripting' whereby hackers steal vital components of a system to set up a dummy web site, for example, and 'cookie poisoning', which can help hackers access unauthorised services.
A key differentiator is that AppShield also logs all user activity inside a firewall, not just suspicious behaviour. This may help customers detect any unknown security attacks that emerge, such as new computer 'worms', says Sanctum CEO Peggy Weigle.
Several factors suggest Sanctum is heading for robust growth. It already has more than 150 customers and has few competitors, apart from much smaller companies such as KaVaDo, SPI Dynamics and Stratum8 Networks. Sanctum has also had massive endorsement from investors, having received a total of $54 million in funding over its four years.
Sanctum now needs to increase awareness of the security threat to applications if it wants to mirror the success of other Israeli software giants such as Check Point Software.
