One of the highlights at the July 28 Def Con, an annual hackers gathering in Las Vegas, is a game called Capture the Flag. In this contest of digital mastery, rivals break into two groups: One defends its computers against attacks, and another tries furiously to tear down those defenses. Some 20 computer systems were assaulted during the challenge. The only system that completely stonewalled the hackers was a machine protected by software from Argus Systems Group Inc. Argus even handed out passwords and encryption keys to the hackers. "Normally, if I have the passwords, the machine would be mine," says Riley "caezar" Eller, leader of the Ghetto Hackers, which wormed its way into most of the computer systems.
Never heard of Argus? Stay tuned. This tiny company based in Savoy, Ill., has built the armored car of Internet security software. With e-commerce transactions expected to top $7 trillion by 2004, any breach of security by crooks or hackers could be devastating to a company doing business over the Net. So far, the typical security mix of firewalls and intrusion-detection systems--the equivalent of deadbolts and motion detectors--has failed repeatedly, causing lost sales even at Web biggies eBay Inc. and Yahoo! Inc.
Rising tide. Argus is trying to stop the thievery. Its PitBull software is virtually impenetrable, locking down the invaluable intellectual property stored on Web servers, e-mail servers, and corporate databases. "There's a real need for something like Argus," says analyst Frank Prince of Forrester Research Inc. "As companies extend their critical business processes onto the Internet, Argus can expect to rise with that tide."
What's surprising is that PitBull is actually an old dog performing old tricks. The product is a spruced-up remake of arcane government software known as a trusted operating system. It functions just like any other operating system, with one difference: It assigns different levels of clearance depending on the user. Then the software seals vital data riding on database and Web servers in virtual vaults that cannot be accessed from the outside--unless you have the right clearance level. That's why the hackers at Def Con couldn't crack the machine even with passwords.
Argus isn't the only company with a trusted operating system. Sun Microsystems Inc. (SUNW) and Hewlett-Packard Co. (HWP) sell similar software, but consultants and corporate executives say their programs can be complicated to install and administer. What's different about PitBull? Experts say it makes security less complex. With other security programs, tech managers must have deep programming skills to make their applications work with the secure software. Argus CEO Randall J. Sandone has simplified the programming. It's still no snap, but the more user-friendly version has helped Argus win contracts with global banking giants such as Credit Suisse Group, Chase Manhattan (CMB), and ABN Amro Bank (ABN). The privately held company says sales will reach $5.5 million this year.
But analysts wonder if Argus can expand beyond the big banks and win customers among the struggling e-commerce startups. Skeptics say trusted operating systems are too expensive for the dot-coms, require lots of training, and can work almost too well--making it difficult at times for users to access their own systems.
Sandone is on a crusade to persuade analysts and potential customers that PitBull can fit the bill. Although banking customers say PitBull costs about $50,000 per server, or five times a typical firewall application, the Argus CEO argues that his system becomes less costly over time. It does not need the continual upgrade and support that firewall and intrusion detection software require. A price analysis done for Argus by Donaldson, Lufkin & Jenrette Inc. shows that a standard security system would cost $1.7 million in hardware and support over a five-year period, while systems running Argus software would total about $500,000.
Those numbers are beginning to help Argus lure partners that could expand its customer roster. IBM (IBM) recommends Argus software, but not exclusively, on many of the corporate servers it sells. And Web consultant Scient Corp. (SCNT) is installing the software for clients. "A couple of years ago, I would have firewalled everything," says Stefan Jon Silverman, a master technologist at Scient.
Now Argus is branching into new areas. The company has created a trusted Web server for Internet service providers. Most ISPs host one site per server. Though some large computers can support multiple sites, most ISPs prefer to run one customer per server because of security concerns. With Argus' software, an ISP can host multiple sites and protect each one from the outside world and the neighboring sites. "They've done a great job at commercializing it," says International Data Corp. security analyst Chris Christiansen.
Sandone is just getting started. He hopes to duplicate the IBM deal with computer makers such as Dell (DELL), Compaq (CPQ), and Cobalt Networks (COBT), which makes servers for ISPs. The computers would include PitBull software that would allow the ISP to host hundreds of secure Web sites on a single machine. If the rollout is successful, Argus says it will hit $20 million in sales by late 2001, a fourfold increase year over year.
Some clients already are biting. Pilot Network Services Inc. (PILT), an ISP in Alameda, Calif., that acts as a security buffer for businesses connecting to the Net, uses Argus software on nearly 10% of the 70,000 networks it protects. That number could increase to 50% in two years, says Philip Simmonds, a marketing director at Pilot.
As e-business proliferates, companies will depend on security systems to assure customers their financial information is safe. Who better to prove Argus may have what it takes than a humbled hacker?