The R&D Tax Credit Aspects of Network Security
The NSA scandal involving Eric Snowden and
Target's 2013 year end security breach involving 110 million
credit card holders has brought the issue of network security
to the national forefront. One of the immediate aftermaths is
a congressional mandate that all Obamacare website security
breaches must be disclosed immediately. The exciting future
available from wearable, the Internet of Things (IOT)2, Big
Data3, and electronic medical records (EMS) will be
compromised unless we can all enjoy personal network security
and a secure critical network infrastructure.
Many innovative, technology-based security
companies have recently been created to address the important
need for tighter network security. Federal R&D tax credits
are available to support this important national need.
The R&D Tax Credit
Enacted in 1981, the federal Research and
Development (R&D) Tax Credit allows a credit of up to 13%
of eligible spending for new and improved products and
processes. Qualified research must meet the following four
criteria:
- New or improved products, processes,
or software
- Technological in nature
- Elimination of uncertainty
- Process of experimentation
Eligible costs include employee wages, cost
of supplies, cost of testing, contract research expenses, and
costs associated with developing a patent. On January 2, 2013,
President Obama signed the bill extending the R&D Tax
Credit for 2012 and 2013 tax years.
Overview of Newtork
Security
Network security companies often have their
R&D technology roots in Israel or the Washington D.C. area
but they frequently migrate to California where they can
develop a commercial business. The U.S. network security
industry is comprised of both numerous startups and large
industry giants. Previous generations of network security
technology were strictly reactive, meaning that when a virus
was detected the software removed the virus. The next
generation of technology is aimed at preventing and avoiding
attacks.
Often times, startups do not have the tax
capacity necessary to utilize R&D tax credits but
acquisitions by a larger company usually enable the credits to
be monetized. This fast growing industry is already
experiencing substantive mergers and acquisitions activity
with:
- Intel's purchase of McAfee for $7.69
billion
- Cisco's purchase of Sourcefire for
$2.7 billion
- FireEye's purchase of Mandiant for
$1 billion
- Palo Alto Networks' purchase of
startup Morta Security for approx. $1 billion
An Epidemic History of
Security Breaches
Target's data breach ran from November 27,
2013 to December 15, 2013. This incident caused 110 million
people to have their bank accounts, credit cards, e-mail
addresses, phone numbers, and other personal information
leaked. Although Target's security system failed, they were
not the first company to have a data breach. Other companies
such as Zappos, Barnes & Noble, and Neiman Marcus have all
had publicized security breaches. Figure 1 below illustrates
the major recent security breaches
A History of Security Breaches
Some of the new network
security startups and their developing technology initiatives
are as follows:
2013 Startups:
Adallom is headquartered in Menlo Park, California,
but has its R&D roots in Israel. Its three co-founders,
Assaf Rappaport, vice president of R&D, Roy Reznik, and CTO
Ami Luttwak have backgrounds in the Israel cyber-defense forces.
The goal of Adallom is to provide real-time analysis and a clear
audit trail and reporting related to SaaS (software as a
service)-based application usage by the enterprise.
The monitoring can allows options for
automating or manually terminating sessions or blocking
content download. Though not wholly similar, its closest
competitors could be considered to be two other startups,
SkyHigh Networks and Netskope, also are discussed below.
AlephCloud, headquartered
in Sunnyville, CA and founded in 2011 by CEO Jieming Zhu and CTO
Roy D'Souza, has not yet made its software and service
(AlephCloud Content Canopy) generally available. However, its
purpose is to provide controlled encryption and decryption of
documents transmitted business-to-business via cloud-based file
synchronization and sharing services such as Dropbox, SkyDrive,
and Amazon S3.
BitSight Technologies, based
Cambridge, MA was co-founded in 2011 by CTO Stephen Boyer and
COO Nagarjuna Venna. Many companies often want to try and
evaluate the IT security of another business before entering
into an e-commerce arrangement where networks may be
interconnected in some way. BitSight, will provide a security
"rating" service to do this.
Defense.net,
headquartered in Belmont, CA, is focusing on stopping
distributed denial-of-service (DDos) attacks aimed at both
enterprises and cloud service providers. Founded by its CTO
Barrett Lyon, who started another denial-of-service firm
called Prolexic in 2003, Defense.net relies on a cloud service
without the need for an appliance to mitigate against
large-scale DDoS assaults.

Illumio,
headquartered in Santa Clara, CA and founded by CEO Andrew Rubin
earlier in 2013 has brought in former VMware software
technicians and executives. Rubin was formerly CEO at Cymtec
Systems, a security firm providing the means for visibility,
protection, and control by the enterprise of web content and
mobile devices, as well as a means for intrusion-detection
analysis.
Lacoon Mobile Security, with
an R&D arm in Israel and headquarters in San Francisco, CA,
has come up with an approach to detect zero-day malware,
targeting Android and Apple iOS devices by means of a small
lightweight agent that examines mobile applications through
behavior analysis and a process tied to the Lacoon cloud
gateway. The startup was founded by CEO Michael Shaulov, vice
president of research and development Ohad Bobrov, and CFO
Emanuel Avner.
Malcovery Security,
headquartered in Pittsburgh, PA, spun out in 2012 from research
on phishing done at the University of Alabama. Targeted phishing
attacks can have disastrous outcomes when devices are targeted
to infiltrate organizations and steal data. CTO Greg Coticchia
says the Malcovery technologies offered to businesses include
ways to identify phishing websites and a service that can detect
phishing e-mail. The company's founders include Gary Warner,
director of research in cyber forensics at the University of
Alabama, and the startup has received about $3 million in
funding from the university.
Netskope, based
in Los Altos, CA, wants to help businesses monitor how their
employees are using cloud-based applications and apply security
controls to it, such as giving IT managers the ability to block
data transfers or receive alerts. The Netskope service can apply
security controls to about 3,000 different cloud-based
applications, whether they are SaaS, PaaS, or Iaas.
PrivateCore,
headquartered in Palo Alto, CA, is a crypto-based security
startup, focusing on making use of the central processing unit
(CPU) as the trusted component to encrypt data in use.
PrivateCore has come up its vCage software that relies on the
Intel Xeon Sandy Bridge CPU for secure processing through means
of Intel Sandy Bridge-based servers in cloud environments The
challenge in processing encrypted data is "having to decrypt to
do processing" says Oded Horovitz, PrivateCore CEO.
Skycure,
headquartered in Israel, is focused on mobile-device security,
with its initial offering on Apple iOS iPhones and iPads. It
recently introduced what is described as an intrusion-detection
and prevention package for mobile devices, which relies on the
Skycure cloud service for security purposes. Skycure's
co-founder and CTO, Yair Amit says the goal is to prevent and
mitigate any impact from attackers exploiting configuration
profiles on mobile devices. Skycure, obtained venture-capital
funding from Pitango Venture Capital and angel investors.
Synack,
headquartered in Menlo Park, CA, was founded by two former NSA
computer network analysts, CEO Jay Kaplan and CTO Mark Kuhr.
According to them, Synack is bringing together security experts
with expertise in finding zero-day bugs in software,
particularly in websites and applications of Synack customers.
"We pay researchers for vulnerabilities found," explained Kaplan
in August 2013, as Synack officially debuted. He says bug bounty
rates typically run a minimum of $500 to several thousand for
serious vulnerabilities in databases, for example.
Threat Stack,
headquartered in Boston, MA and founded by CEO Dustin Webber
with Jennifer Andre, wants to give enterprises a way to know if
hackers are breaking into Linux-based servers that they may use
in their cloud services. To monitor for hacker activity, the
startup's Cloud Sight agent software for Linux needs to be
installed on the Linux server under administrative control in
the cloud environment. "We look for the behavior of the hacker,
the enterprise will get an alert if a hacker break-in is
underway and a measure of forensics about incidents can be
obtained if needed."
Figure 2 below
illustrates the rise in network security start-up companies
from 2011 to 2013.

2012 Startups:
Click Security, is headquartered in Austin, TX. Co-founded
by CTO Brian Smoth and CEO Mac Willebeek-Lemair, Click
Security released a product called the Automated Security
Analytics Platform (ASAP) whcih is out to provide real-time
information to detect stealthy infiltrators into corporate
networks. ASAP aggregates information widely across the
network but the co-founders reject being bracketed in the
security information and event management (SIEM) category,
claiming ASAP breaks new ground in threat detection. "While
some of the things they do are similar to what SIEM vendors
claim to do, they are much more than a central repository for
log data," says Richard Stiennon, Chief Research Analyst with
consult IT-Harvest.
OneID,
headquartered in Redwood City, CA was founded by Co-founder and
CEO Steve Kirsch. OneID is the "next-generation PayPal for
digital identities" according to the CEO. Kirsch also says the
basic technology, developed with engineers Jim Fenton, Adam
Back, and Bobby Beckman, is integrated into websites to let
users create their own digital identities and hold payment
information securely to use as a form-filling capability. Kirsch
also says the firm intends to tackle hard identity issues such
as proving age, citizenship, and residency.
Pindrop Security,
headquartered in Atlanta, GA works with banks and other
organizations that encounter fraud attempts in telephone calls
from criminals pretending to be customers. Banks are always
looking for new ways to augment the measures they have in place
to detect phone fraud and according to Johnny Baker, Pindrop
Security's Vice President of Sales and Business Development, the
firm's technology is an alternative to caller ID. It can pick up
dozens of separate technical factors related to a voice call and
put them together into an audio fingerprint of the caller and
the call path.
Porticor,
is
headquartered in Tel Aviv and founded by Gilad Parann-Nissany.
Porticor is tackling the timely problem of encrypting data at
rest in cloud-based computing centers where customers rent disk
space or servers. Porticor has developed a unique "split key"
method in which the service to encryp and decrypt doesn't work
unless both pieces of the key are together. According to
Parann-Nissany, the enterprise holds the "master key" and the
idea is to foster trust by putting the customer in complete
control.
Pwnie Express is
headquartered in Barre, VT and lead by Dave Porcello. Pwnie
Express is developing vulnerability-assessment penetrating
tools, which includes their PwnPlug tool. The various tools
range in price from about $570 to $800.
StopTheHacker, is
based in San Francisco and lead by CEO Peter Jensen. Malware
that hackers embed into websites to launch iFrame and JavaScript
code attacks and other assaults on visitors remains a problem.
StopTheHacker aims to stop the attacks by detecting it through
largely behavior-based methods and Web crawling. The company
will be competing against firms such as Armorize and Dasient
(recently acquired by Twitter).
WWPass,
headquartered in Bedford, New Hampshire, debuted in February
2012 with founder Gene Shablygin. WWPass has the ambitious goal
of revolutionizing how users authenticate to websites through
WWPass technology that will give users single sign-on capability
and crypto-based authentication that lets users manage their own
encryption keys. Neither WWPass nor the website knows what they
keys are or who the users are. The user just needs the PassKey,
available as USB fobs, smartphone apps, and card form factors.
It could be used with the near-field communication technology8
coming into use for smartphones, says Eric Scace, Chief Strategy
Officer.
2011 Startups:
Network security
startups in 2011 included:
Armor5,
headquartered in Santa Clara, CA, Amour 5 is a cloud service
that virtualizes applications, data, and content such as Office
documents and PDFs on any mobile device with no configuration
and zero data leakage. This reduces the possibility of the
mobile device being infected by documents embedded with malware
or confidential corporate data being cached on the device where
it can later be compromised.
Bromium vSentry,
headquartered in Cupertino, CA was founded in 2010 with a
mission to restore trust in computing. The company's founders,
Gaurav Banga, Simon Crosby, and Ian Pratt, have history of
innovation in virtualization and security. Inspired by the
isolation principles of traditional virtualization, the Bromium
team has created an innovative new technology called
micro-virtualization to address the enterprise security problem
and provide protection for end users against advanced malware.
The company is backed by top-tier investors including Andreessen
Horowitz, Ignition Capital, Highland Capital Partners, Intel
Capital, and Lightspeed Venture Partners.
CipherCloud,
headquartered in San Jose, CA, is the leader in cloud
information protection. CipherCloud enables organizations to
securely adopt cloud applications by overcoming data privacy,
residency, security, and regulatory compliance risks.
CipherCloud delivers an open platform with comprehensive
security controls including encryption, tokenization, cloud data
loss prevention, cloud malware detection, and activity
monitoring. CipherCloud's ground breaking technology protects
sensitive information in real time, before it is sent to the
cloud, while preserving application usability and functionality.
FireEye, based
in Milpitas, CA, FireEye is a leader in stopping the new
generation of cyber attacks, such as advanced malware, that
easily bypass traditional defenses and compromise over 95% of
enterprise networks. FireEye has invented a purpose-built,
virtual machine-based platform that provides real-time threat
protection to organizations across all major threat vectors and
at each stage of an attack life-cycle. In 2014, FireEye,
acquired Mandiant, a company known for emergency responses to
computer network breaches. Mandiant is best known for sending
emergency teams to root out attackers who have implanted
software into corporate computer systems. After their major
breach, Mandiant was hired by Target.
Invincea, is a security software company headquartered
in Fairfax, VA. The company has been in market with its
award-winning, FreeSpace offering since 2009. In 2011, Invincea
was recognized as "Most Innovative Company of the Year" at the
annual RSA, a cryptography and information security-related
conference. The company's approach to combating advanced cyber
attacks is recognized as game changing.Its technology currently
protects nearly 10,000 companies around the globe with many more
coming online in the near future through its OEM relationship
with Dell. Its application can be deployed on Windows endpoints
to protect against untrusted content by moving browsers, PDF
readers, Office suite, zip files, and other chosen executables
into a secure virtual container.
NetCitadel, headquartered
in Mountain View, CA, is pioneering an innovative new approach
to security incident response. Recognizing the dramatic growth
in cyber attacks, and the increase in targeted attacks using
Advanced Persistent Threats (APTs), NetCitadel realized that
there was a need to operationalize the overwhelming volume of
security data.
Nok Nok Labs, is based in Palo Alto, CA and have developed
two-factor authentication systems for desktops, mobile devices,
and servers. Their solution is aimed at disrupting the
underlying framework on which current authentication solutions
depend. Their Unified Authentication Infrastructure leverages a
new protocol - the online secure transaction protocol (OSTP), a
strong authentication protocol designed for modern computing
requirements and the "Internet of Things".
PrivateCore v Cage, is based in Palo Alto, CA and co- founded by
Oded Horovitz and Steve Weis. In 2012, the company secured
server data in use through memory encryption, helping
enterprises and service providers deploy applications in
entrusted environments while protecting sensitive data. vCage
secures OpenStack servers with software-based attestation,
full-memory encryption, and operating system hardening,
providing a foundation for trusted computing on x86 servers.
Large Cap Public Traded Network Security Company
Figure 3 below table
presents three year financial statements per capita R&D
expenses for some of the large cap companies with a focus on a
major product line engaged in network security.

Conclusion
Almost overnight the network security
industry has exploded onto the U.S. business scene. Necessity
is the mother of invention and there are unprecedented
immediate technology needs in this area. Federal, California,
and other state R&D tax credits are available to support
the innovation following this important need.