In a distant war of mythology, when the Greeks had besieged the city of Troy, there came a point when it appeared that mere force wouldn’t be enough to overrun the enemy defenses—deception was called for.

Accordingly the Greeks designed a large wooden horse with their best warriors cunningly concealed in the hollow torso and left the gift at the gates of Troy. The Greeks pretended to leave for home— warriors packed up and ships raised their sails. Falling for the ruse, and believing that this ‘Trojan Horse’ was a placatory offering, the Trojans dragged it inside and fell to celebrating with high spirits. At night the hidden Greek warriors sneaked out and opened the gates for their comrades. This clever trick and the great loss by Troy has made the Trojan Horse a legend.

A modern day Trojan Horse in the world of computers works on the same principle: a seemingly harmless program like an innocuous-looking game or, attachment - tricks the user into installing it on a computer system. The Trojan can then move across the network, and cause a security breach from the inside.

However, some of these Trojan horses (or worms, or any other fauna for the matter) that tries this trick now might find itself in a rather alarming situation—it might end up staring down the barrel of a digital cannon. A RedCannon.

The Idea
In 2001, Vimal Vaidya, founder of RedCannon, had his own hacker experience. His small home network started to behave weird and Vaidya concluded that he was under attack. Coming from an engineering background, Vaidya found the necessary tools and started monitoring the computer sessions beginning with when the hacker came in and when he left.

But it was not getting hacked itself that was the bad experience, as much as what followed. In order to prevent further security incidents as well as monitor such attempts, he decided to install some protective applications. This—Vaidya found—involved the painful procedure of installing five separate applications, followed by the task of making all the five work together on a single PC. Not to mention that the computers resources that were being taxed.

This set the wheels of thought in motion. “What I saw was that on the computer (end point) there were lots of different solutions but not a one single solution that addressed the full-scale security need,” he reflects. Convergence in this sector, he foresaw correctly, was to be the big mantra, “the Holy Grail from the security perspective.” And there was little reason why he shouldn’t be the one to lead the way.

After all, all his previous start-ups had been in network security. The first was involved in making blackbox firewalls, and the second in network-based intrusion detection systems. The third, iPolicy, was in fact a convergence platform running at multiple gigabyte speeds- mainly designed for ISP’s. After helping raise funding for iPolicy, Vaidya moved on to fulfill the idea of endpoint security convergence and started RedCannon Security in 2003.

Loading the Cannon
Effective, but it also had to be made easy to use. To get Fireball technology into such a user-friendly form Red Cannon recruited the services of a consultant to design the aesthetics and navigation. This firm has experience with, among others, Disney, Paramount Pictures and Apple computer. Good experience and background, to say the least.

Then RedCannon put the program “in the wild” using free download sites, and through the retail channel. “The idea was that since this piece of software sits on every PC, server and laptop, its got to be rock solid. The only way we can get it mature was to put it into the wild,” says Vaidya. Most of the people who would lay their hands on it would be ones with some knowledge of computers with a need for security. (A system administrator at the University of Notre Dame had more than one useful suggestion to make.)

The pilot projects that followed late last year was the first step. They approached large customers with early versions and worked with these for two to three months. This enabled them to mark out any shortcomings and rectify these, besides taking up suggestions regarding other features that could be incorporated. Once this was done the product was deemed mature enough to hit the market, which it did in March of this year.

In The Real World
So how doe these products, developed by 26 people at RedCannon, each producing “more than 100 percent of what he or she can do,” work? The Chief Information Officer and IT department has a lot to worry about when it comes to the security of their networks. Consider the average office, for example, how would a company deal with employees wasting time surfing “adult” web sites where the bad site downloads a Trojan to the computer without the user’s knowledge? Here, an application firewall like Fireball, the one RedCannon ships could do the job.

Fireball can monitor rogue applications that want to connect to the Internet, scan for Spyware, and then it’s content filter would prevent the employee from surfing questionable sites altogether. Another danger facing today’s mobile employees are getting their information spied on while using wireless “hot spots”. A simple solution would be to deny access to the employee, but then productivity would suffer. So employees can be set up with a VPN client, like the one found in Fireball to give the employee remote access to the network.

All of the communications between the employee computer and the corporate network is encrypted and secure and a real-time intrusion detection system looks out for any attempts to attack the remote user. Even thought users face a number of virtual threats, products like Fireball offer real world protection.

David vs Goliath
But wouldn’t the CIO rather look at a big public company that is already in the security field, rather than at a small start-up? Start ups have an uncomfortable way of fading out without as much as a whimper, as we have seen, especially during the bubble? Vaidya agrees this is true for some, going further to point out that being a self-funded company didn’t help with that angle too much. However the upsides of being a start-up are many and compensates for some of the drawbacks. For one, RedCannon is far more agile, being able to adapt themselves to any of the customers’ needs or changes that may spring upfrom time to time.

All the expertise that RedCannon has focused into their one goal is perfect endpoint security. As a result, their technology is far more advanced and integrated, feature by feature. Not only is the product easy to use, but also it scores high with system administrators for being highly scaleable and manageable.

The CIO’s biggest fear—the company goes under. “Corporate customers always need reassurance that solutions they buy will be supported even if the company goes under”, says Vaidya. As for any uneasiness that may come about due to a perceived chance of going bust, that is also addressed. RedCannon’s product line can be licensed out that usually involves bringing another larger company along, one that specializes in servicing technology solutions.” The customer can put aside any worries of being left adrift in any such unfortunate and unforeseen eventuality,” he explains. “Thus the customer is always taken care of.” Result: peace of mind for the CIO.


Things are shaping out to Vaidya’s expectations. As Vaidya says, “Since last year when we started selling our product, we’ve seen a convergence on the endpoint, and that’s a good thing because now we are establishing ourselves as a technology leader in the marketplace.” RedCannon has released their ‘Enterprise’ version recently. They have pilot projects in half a dozen fairly large companies, with another ten projects or so in the pipeline. One of the companies they are talking to is a large financial company, one of the top two banking institutions in the world: he is understandably hesitant about revealing the name. This company has over 450,000 employees worldwide, and is planning to deploy an easy to use, centrally managed endpoint security solution on half a million end points by 2006.

Now the CIO of this or any other company would be acutely conscious of the importance of keeping the end points secure—in light of the fact that in just the second half of last year there were as many as eight epidemics of Trojans and worms wreaking havoc. The estimated loss due to these attacks was over $4 billion—not an insignificant amount—and now there is a greater awareness of the importance of protecting the desktop and laptops from such intrusions of malicious intent. End points need as much security as do the core of the network.

The result is that there are many CIOs who have already got RFPs out, or planning to do so in the near future, for end point security systems. “We have the right solution.” Vaidya points out, “This is what we had anticipated when we started.” And this concern regarding endpoint security doesn’t stop at desktops and laptops. RedCannon has even begun evaluating requests for deploying applications for PDAs. These are as vulnerable as the other end points—maybe more so, considering the sort of sensitive information that is usually saved in these devices: one’s contacts, appointments and, in several cases, even whole business presentations.


So RedCannon has its foot firmly planted in the consumer doorway, and the other one is well on the way into the Enterprise. But RedCannon is not anything for granted. First, “Companies are actively looking for the right endpoint solution and RedCannon’s response to them is fast. RedCannon’s product line is so comprehensive that Enterprise customers go quickly to pilots.” Second, RedCannon’ employees has in-depth knowledge and experience in the security field, from the sales end all the way through engineering. Last, Security is a relatively young industry.

RedCannon is getting a lot of attention from big companies that are already in, or want to get into the space. “That’s great opportunity whichever way we turn. This year we plan to break even, maybe even to cash positive. Then we’ll deal with what happens along the way. If we see a suitor that can leverage the tech better, so be it. If we see other opportunities we’ll jump on those. That’s one good thing about startups,” says Vaidya.

Anyway their future appears to be, well, secure. As secure, you could say, as their clients’ end points.