Security Fears Draw VC Bucks

What keeps security managers awake at night? That their systems will get hacked over the Web. That their databases will be compromised, exposing sensitive information to the world. That they will be audited and found in violation of federal regulations.

It should come as no surprise, then, that a vendor whose products address all three of those problems, Imperva, today won a record round of financing, generating $17 million in funding from four different venture companies.

Imperva, whose XML firewall product line is designed to stop insider abuse and criminal activity targeted at databases and sensitive e-commerce apps, is one of the few beneficiaries of recent trends toward Web-based database theft, as well as Sarbanes-Oxley and other regulations designed to protect investor and customer information, observers say.

The SANS Institute recently listed online database attacks as one of its Top 20 most critical Internet security vulnerabilities, which reflects the recent trend towards data-targeted exploits, in which criminals steal user information, rather than funds. "Criminals are seeing that there's a lot more money to be made in stealing information than in stealing money," said Alan Paller, director of research at the SANS Institute. (See SANS Exposes 'Safe' Technologies.)

Imperva, which was founded by Check Point founder Shlomo Kramer, is sitting at the nexus of the online database security problem, according to Asheem Chandna, a partner at Greylock Partners, the VC company that led the latest round of funding along with Accel Partners, US Ventures, and Venrock Associates.

"Imperva is doing something that's very difficult to do," Chandna said. "It uniquely looks across both the Web and the database stacks at the application and user levels, builds detailed behavioral models, and then reports on or blocks suspicious user actions."

Chandna's comments were echoed by Grant Bourzikas, senior manager of information security at Scottrade, a major online brokerage firm, which purchased the Imperva XML firewall last month. "SecureSphere enables us to protect our core business systems from attack, fraud, and data theft by blocking attacks that are not detected by traditional perimeter security products," he said.

In addition to the firewall, Imperva's product line includes a database security gateway that uses profiling techniques and policy networking; a management server for overseeing multi-gateway installations; and compliance-oriented software bundles to address SOX, PCI, and HIPAA requirements, for example.

Imperva said it will use the new financing to expand its distribution and channel sales infrastructure.

— Tim Wilson, Site Editor, Dark Reading

Organizations mentioned in this story