Promisec: Securing Networks from Within

Israel has made a name for itself in the field of Internet security, thanks in part to expertise emanating from the country's elite military intelligence units. Among the biggest success stories so far has been Check Point Software Technologies (CHKP), a world leader in "firewall" technology that guards external points of entry into data networks.

While firewalls keep unauthorized users and software out of a network, there's a growing danger from within. According to research firms Frost & Sullivan and IDC, the biggest threats to security these days originate with "endpoint" devices on a network, such as PCs and laptops, from which users can inadvertently—or purposefully—introduce viruses and other rogue programs into the seemingly secure confines of an organization.

That's where Israeli startup Promisec comes in. Based in Rishon LeZion, southeast of Tel Aviv, the privately held company makes a suite of software tools that analyze and manage all the devices attached to a network, automatically enforcing corporate IT policies and preventing violations such as unauthorized file access or uploads of malware.

"Eighty percent of the security threats come from within the organization, and that translates globally into annual costs that run into billions of dollars," says Promisec co-founder and Chief Executive Officer Amir Kotler. Customer enthusiasm for Promisec's solution drove the company's revenues up threefold last year, to $10 million, and sales could top $20 million in 2010, Kotler predicts.

cheaper management and maintenance

What sets Promisec apart from rivals? When Kotler and his co-founders launched the company in 2004, they marshaled their Israeli army know-how to devise a new approach to security. By remotely identifying and tracking every device attached to a network, the software inventories all the installed hardware and software and monitors compliance, network communication, and even energy use. Unlike alternatives from competitors such as Symantec (SYMC) and McAfee (MFE), the Promisec system is "agentless," which means it doesn't require software code to be installed in every device attached to a network.

The benefit of combining agentless network management and security into a single package falls straight to the bottom line. "Promisec's one-stop-shop solution can substantially reduce network management and maintenance costs," says Ariel Avitan, an industry analyst with Frost & Sullivan. Eliminating multiple layers of management tools from different vendors also simplifies the job of a chief information officer.

Promisec launched commercial sales in 2006 and has ambitious growth goals, hoping to turn profitable this year and to reach $100 million in annual revenues by 2013. The company has raised $14 million in four rounds of financing led by Old City Partners, a Boca Raton (Fla.)-based venture capital firm run by investor Tony Gelbart. Another key Promisec backer is Israeli corporate lawyer Issac Molho, who serves as a key advisor to Prime Minister Benjamin Netanyahu.

The company's big breakthrough came in February of this year, when it was awarded a multimillion dollar contract by the State of Texas to supply security management for more than a million endpoints across all state agencies. Promisec beat out such rivals as Microsoft (MSFT), IBM (IBM), and Symantec for the deal. "This is an extremely important victory for such a small company and proves it can compete in a market comprised mostly of giants," says Dan Yachin, IDC's Tel Aviv-based research director for emerging technologies.

aiming to emulate Checkpoint

The Texas contract established Promisec as a new force in security. "A contract of this scale opens doors and puts us on the radar," Kotler says. "It will enable us to compete all over the U.S. for similar contracts in the public and private sectors." Promisec counts among its customers General Electric (GE), France's Credit Agricole (CRARY), German insurance giant Allianz (AZSEY), New York law firm Skadden, Arps, Slate, Meagher & Flom, and billing software company Amdocs (DOX). The company now gets about 60 percent of sales from the U.S.

Kotler hopes eventually to take Promisec public. His role model is Check Point, which logged 2009 sales of $924 million and has retained its headquarters and a large part of its operations in Israel. Remaining independent could be a challenge. Frost & Sullivan's Avitan calls Promisec one of a handful of Israeli security startups that have a chance of making it big. Over the years, however, most successful local security firms have been gobbled up by foreign companies interested in getting their hands on Israeli technology.

"The global security industry is going through a period of consolidation," says IDC analyst Yachin. "It's hard to see how Promisec can survive as a standalone company." In just the past few months, Symantec has shelled out $1.7 billion for three separate acquisitions. With major players in the Internet security field paying close attention to Promisec these days, the Israeli startup looks on a fast path to success—but may find it impossible to follow in Check Point's footsteps.

Before it's here, it's on the Bloomberg Terminal.