Featured Company: Mocana
Web Site: www.mocana.com
Headquarters: San Francisco, CA
Year Founded: 2004
Founder: Adrian Turner, CEO
Investors: Southern Cross Venture Partners, Shasta Ventures
Total Capital Raised: $12.1 million
Employees: 30
Company News: www.mocana.com/press.html
By Adrian Turner, Founder and CEO
Mocana is a security software company that delivers comprehensive protection for any embedded device or “thing” connected to the network. This includes smartphones, PDAs, routers, switches, printers or VoIP phones, but also more everyday items like automobiles, home appliances, cash registers, power meters and HVAC equipment. These “attached devices” are quickly outnumbering PCs. Forrester Research predicts that there will be more than 14 billion devices on the net by 2010—and that 95 percent of these devices will be something other than a PC.
Product Line
Mocana offers its Device Security Framework (DSF) to deliver comprehensive protection for any device connected to any network, wired or wireless. The Device Security Framework is made up of over a dozen separate Mocana product offerings that reside at different places on the device, network, or application stack to provide comprehensive device security and management. Some of the DSF offerings are NanoSSL, NanoSSH, NanoUpdate, NanoBoot, NanoRadius and NanoSec. Mocana’s DSF is designed for device manufacturers and service providers and includes design processes and software that are embedded into devices during the manufacturing process. All components of the Device Security Framework feature an asynchronous event driven architecture, very high performance and very small memory footprint specifically designed for the special challenges that embedded device security engineers face.
The newest addition to the Device Security Framework is NanoDefender, an embedded Intrusion Prevention System technology that secures all aspects of a device: communications, identity, access, privilege, control and execution. The new product, now being offered to device manufactures, enables product engineers to create a rules base of acceptable behavior for any applications running on the new device. If an application begins behaving erratically due to malware or some other security threat, NanoDefender terminates the application so that the malware can’t spread across the network or impact the functioning of the device.
It’s clear that the existing “signature-based” model of detecting and eliminating viruses and malware can’t work forever—and it can’t work at all in the device environment. That’s because there’s just too much bad stuff out there. With millions of malware signatures required inside any antivirus product today—and 3,000 new viruses and malware signatures being added every hour of every day—there’s just no way an attached device would be able to keep updated or dedicate the processing power needed to screen all traffic against all virus signatures. By turning the current “virus signature” security model on its head, NanoDefender monitors behavior against a rules base of acceptable actions, and thereby frees up administrators from having to monitor this rapidly-expanding army of viruses, trojans, worms and other malware at all. It also provides a broader net for catching future Internet-based threats, since it does not rely on specific signature-based fixes.
The “Internet of Things”
The rate at which mobile devices are proliferating is staggering. In fact, there are predictions that the number of devices on the Internet could reach far into the billions in the next three years. According to a white paper by Harbor Research, there are approximately 2.8 billion mobile phones in use today, with 1.6 million new ones added daily. Whether you call this phenomenon “the network of devices” or the “Internet of things,” the underlying message is the same: connectivity permeates our society. Nearly everything in our day-to-day lives—from TVs and cell phones to cars, medical devices, networking equipment, thermostats, industrial sensors, aircraft and home appliances, and everything in between, connects (or will soon connect) to the network to operate.
Swift consumer adoption is driving mobile market growth but it is also creating increased complexity and security risks. The Internet is tremendously more complex due to the number and diversity of devices connected to it and the expansion of communication (voice, video and data) that traverse it. Security is a big concern in our newly connected society.
When it comes to device security, engineers and the manufacturers have the most responsibility and control, and also the most at stake. Even if the device is connected via carriers, the consumer only sees that his or her device isn’t working and assumes that it is the fault of the device manufacturer. Devices connected to the network are exposed to viruses that can infiltrate a machine without the user ever knowing it. Support calls increase, device manufacturers get stuck with the blame and devices get shipped back for trouble shooting. So while device security is important to get right, deploying security on a device isn’t easy. Security software and protocols designed for PCs don’t map well down to the constrained memory, low power and mini-processing environment of devices. Many engineers look first to open source packages, like OpenSSH or OpenSSL. But those packages just can’t fit into the super-tight device implementations that we’re talking about. And the performance of these freeware kits is rarely optimized for specific hardware or software environments, either. This is where Mocana, and our specially optimized offerings including NanoSSH and NanoSSL, can help.
To address the device security challenge and maximize the potential of “the network of devices” everyone—device manufacturers, service providers and enterprises—must assume security responsibility and recognize the need to centralize and standardize how device security is dealt with on all devices, wired and wireless. We must take a more holistic security approach and apply an extensible framework that secures all aspects of device data access and communications for any connected device. Securing devices is an industry imperative—and our specialty—and doing it the right way will pay for itself in multiples in our increasingly connected world.
Mocana’s Device Security Framework (www.mocana.com/device-security-framework.html) offers a unified, end-to-end approach to embedded device security management by authenticating devices and device applications to the network; securing communications between devices and resources; and by enabling reliable, secure firmware updates. Elements of Mocana’s Device Security Framework are characterized by their easy implementation, mix-and-match interoperability, small memory footprint and high scalability and performance. Applications in the Device Security Framework, which we now brand with a “Nano” prefix, are extremely portable, working across more than 15 operating systems and 50 CPU’s, making it an ideal choice for securing heterogeneous networks of connected devices.
Adrian Turner has more than 15 years of international business experience. Prior to founding Mocana, Adrian was responsible for west coast business development and Alliances for Kenamea, an enterprise communication firm specializing in reliable, secure communications. He also had P&L responsibility for developing infrastructure to support Philips Electronics' (NYSE:PHG) connected consumer and business devices. Mocana was recently named one of RED HERRING’S “Top 100 Privately Held Technology Companies” in North America, and just closed their B-round of venture funding. They currently have 30 employees and are hiring. Mocana - www.mocana.com
