Invest In A Small Cap Set To Ride The Next Big Wave In Cyber Security
Multiple industries, including the banking and financial services industry, entertainment industry and retail industry, among others, today leverage digital information to not only get information across their networks faster, but to utilize advanced tools that traditional means of communication lack. For instance, trading shares no longer involves traders clad in brightly colored jackets bellowing at the top of their voices on stock exchange floors. It now is done through electronic tools that leverage devices such as personal computers, smartphones and tablets. Similarly, people today can shop and pay online without having to make physical visits to retailers' brick and mortar stores.
While the benefits of using digital information are compelling, mass adoption in many industries has been slowed and in some cases hamstrung entirely by security concerns. At any given moment, hackers, thieves, governments and competitors want to gain unauthorized access to targeted digital information. It could be the government's aggressive security program that wants access to your personal or medical records, a competitor who wants to sabotage your system and rope in your disgruntled customers, or even a crypto-buff who merely gains pleasure at wreaking havoc. Either way, the need for stronger cyber security technologies is becoming increasingly important, especially considering that hackers are becoming more sophisticated and persistent in their attacks.
Existing cyber security technologies, as far as inference from recent historical events is concerned, only present half measures. As we will see, current Intrusion Prevention Systems (IPS), firewalls, anti-viruses, malware solutions, as well as code scanning solutions, leave digital information and the overall system exposed to various vulnerabilities that, if exploited by attackers, could result in billions of dollars in losses and exposure.
The big problem with existing security solutions
Before looking at the vulnerabilities that existing security solutions fail to address, it is important to first understand how digital information is stored, accessed and transferred.
All digital information is stored, accessed and transferred by applications-application endpoint to application endpoint. Essentially all digital communication originates inside a sending application and terminates inside a receiving application.
However, existing cyber security technologies and products protect the networks but do not prevent attacks directly at the applications or the digital information. On the face of it, this assertion doesn't entirely bring out the risks that failing to prevent attacks at the application or digital information present to concerned users. However, by using a simple analogy to put things into clearer perspective, it becomes candidly apparent that there is a huge problem with existing cyber security solutions.
Consider a hypothetical municipal water service system. It has a storage tank at the water treatment facility, transportation pipes to transport the actual water, and a storage tank at the resident's home. Now, an application in the digital communication context is like the storage tank on either end of the water system. The digital information in the digital communication context is like the actual water in the municipal water services system, while the digital network is like the transportation pipe in the municipal water system.
How effective would the municipal council be in its bid to prevent external elements from contaminating the water system if it exclusively focused on preventing external elements from entering the pipes (networks), and ignored the suspect elements in the actual water (digital information) or storage tanks (applications)?
At the risk of stating the obvious, no amount of attention and care given to the pipes (networks) while ignoring other components in the system (digital information and applications) can guarantee the security of the overall water system. Unfortunately, this is what happens with current cyber security technologies.
Firewalls limit access to networks.
All current Intrusion Prevention Systems, with the exception of Validian (OTCMKTS: VLDI), actually detect cyber attacks and intrusions into the network (not the application) and then take steps to mitigate damage.
Anti-virus and malware solutions detect attacks or intrusions by viruses or malware by running suspect programs through their virus and malware databases and if detected then trying to quarantine and/or remove the threats from the network.
None of these cyber security technologies prevent unauthorized access of the application or the actual digital information. They merely focus on the network.
Code scanning solutions on the other hand identify weaknesses in the coding of applications that can be exploited. While code scanning solutions give attention to the application, they only identify weaknesses, but do not prevent attackers from accessing these applications to target these loopholes. It is like going to the doctor and getting a positive test result for an ailment, but not taking any action to prevent the problem in the first place.
Virtually no technologies exist to prevent attacks on the application or the digital information itself. Accordingly, more than 90% of successful cyber attacks start by hacking the applications that store, access and/or transfer digital information, as iterated in statements issued to the press by Bruce Benn, Chief Executive of Validian.
This explains why over the past year there have been a slew of high profile hackings, even against organizations deemed to have the budget to acquire premium cyber security packages. A case in point is the recent attack on eBay (NASDAQ: EBAY), which in May 2014 said that its database was hit by hackers possibly as far back as February 2014, leading to the compromise of sensitive information such as customers' names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. Target (NYSE: TGT), too, has been a victim of high profile hacks. In December 2013, Target made headlines after 40 million credit card numbers and 70 million addresses, phone numbers, and other pieces of personal information were stolen from its mainframes during the weeks from Thanksgiving to Christmas. Reports indicated that the hackers gained access to a distributed application used by a company to monitor services it provided to Target, highlighting the exposure of applications to attacks.
Validian remedies existing shortfalls and extends possibilities
Validian Corporation, a U.S. company, provides a cyber security solution that extends its focus beyond the network to give sufficient attention to the application and the digital information. Considering that more than 90% of all successful cyber attacks start by hacking the applications that store, access and/ or transfer digital information, Validian's offering is set to extensively remedy the existing shortfalls. Moreover, it has a set of additional first-to-market features that promise to change the sector landscape entirely by introducing new possibilities.
Validian prevents unauthorized access to the application through the following highlighted features.
Validian dynamically exchanges keys and certificates, thereby mutually authenticating application endpoints before they can communicate with each other. It does this for each and every session of the communication.
If there is no mutual authentication, then there can be no communication between these communication end points, preventing anyone from hacking or gaining unauthorized access.
A significant percentage of all implementations of information security policies (e.g. the encryption algorithms and symmetrical cryptographic keys used for encryption and decryption) are executed through implementations of the Secure Sockets Layer (SSL), a commonly-used protocol that manages the security of a message transmission on the Internet. More sophisticated implementations also use Public Key Infrastructure to provide a dynamically changing asymmetrical key for encryption.
The downside is that both SSL and PKI-SSL use a stored symmetrical key for decryption, despite PKI using a dynamic public key for encryption. Hackers know where this symmetrical key is stored, and for mobile devices it is stored on the mobile device itself. If a hacker steals encrypted digital information in transit, then they can locate and steal the stored symmetrical key to decrypt the stolen encrypted data.
As stated, Validian dynamically changes both the encrypting and decrypting keys so that any key that might be stolen (which is very difficult but in theory not impossible) becomes useless, considering that with Validian, the decrypting key is under continual change. While PGP also dynamically changes the encrypting and decrypting keys, its use is limited primarily for email. Moreover, it has other burdening deficiencies that have made it unsuitable for use in other deployments, explaining why SSL, invented in 1995, purposely avoided PGP, which was invented earlier in 1991.
Validian encrypts the data inside the sending application and securely transfers the data in a virtual tunnel from inside the sending application to inside the receiving application where it is decrypted, so that the data cannot be stolen before the encryption process or after the decryption process.
Hackers are more likely to steal data in transit before the encryption process or after the decryption process because all other technologies including SSL, PKI and PGP use "end-to-end" encryption and the data travels in the clear from the sending application to the encryption end and in the clear from the decryption end to the receiving application. Validian's solution thereby prevents theft of data in transit by encrypting the data inside the sending application and decrypting the data inside the receiving application so that at no point is the data available unencrypted. And as earlier mentioned, Validian's encryption and decryption process is entirely safe because it continually changes the keys.
Validian-enabled applications are IP address independent. This means that they are virtually immune to Denial-of-Service attacks, which are hacks targeted at disrupting the application through attacks such as pinging and bombing. A Validian-enabled application cannot be located or reached by a Denial-Of-Service-Attack and only surfaces when communicating with another mutually authenticated application endpoint.
This compelling feature not only means that Validian-enabled applications are immune to Denial-of-Service attacks, which are predominantly used by unscrupulous competitors in business, but it also means that, unlike SSL, Validian is ideal for mobile, which is currently the predominant hardware platform. Mobile devices do not recognize IP addresses, but rather, undertake a varying mapping process each time they encounter a new IP address. Mobile applications on a mobile device incur a new, dynamic address as the mobile device travels from one cell network to another (which occurs all of the time, even when moving around in the same city, for instance). This is one of a number of reasons why SSL-enabled mobile applications suffer significant performance issues.
Validian applications are impervious to man-in-the-middle and man-in-the browser attacks.
Man-in-the-middle is a type of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
Man-in-the-browser, on the other hand, is where a perpetrator installs a Trojan horse on a victim's computer that is capable of modifying that user's Web transactions as they occur in real time. A man-in-the-browser attack is more difficult to prevent because instead of occurring in a public exchange, the activity takes place between the user and the security mechanisms within that user's browser. It is more complex and is largely used to attack online financial transactions. Validian, however, effectively prevents the attack, clearly outlining its pertinence in the lucrative banking and financial services vertical.
Validian enables variable compression and then encryption of the same data at the same time inside the sending application. SSL cannot compress and encrypt the same data at the same time inside the sending application, rather only compress or encrypt. This essentially means that without Validian, data would be encrypted by SSL or PKI and then compressed by another technology afterwards. The shift, order and overlap in technologies is not only inefficient, but also exposes potential weaknesses. Validian, however, is able to compress and then encrypt the data, which is much more effective (i.e. greater compression).
Validian achieves secure peer-to-peer communications, in addition to client/server and server-to-server communications. No other technology, including SSL or PKI or PGP can secure peer-to-peer data transmissions.
Validian allows for fast, convenient development of secure, high quality applications.
Validian's technology can be integrated into an existing or new application by any developer, without any security expertise or experience, in an average of a few days. In stark contrast, SSL requires a developer with security expertise and can take from 4 to 24 months per application, not to mention a plum budget. PKI, too, has a huge and lengthy integration and implementation process. It is arguable that developers could Validian-enable over 1 million mobile applications during 2014 and 2015 whereas it is unlikely there will be even 1,000 SSL-enabled applications during the same time frame. This is a key differential.
The most compelling feature that casts Validian in a class of its own is its Next Generation of Policy Management.
The Validian Information Policy Management Platform enables IT managers to dynamically set and modify policies governing communication of data, including changing encryption algorithms, keys, key life time and level of compression, and distributing these changes automatically, immediately and transparently to all end points without having to re-develop or re-install the software. No other technology or solution can do this - Mobile Device Managers cannot dynamically change policies. Furthermore, SSL is stuck with the "PICK ONE" syndrome of coding only one algorithm and symmetrical key, which takes several months and significant costs to change.
In one renowned case, it took eleven months and over $100 million just to make a single change in the keys for the U.S. banking industry. Validian would do this in a fraction of a second for each and every session of communication and provide a choice of up to 26 encryption algorithms, not just one as is the case with SSL. Moreover, future modifications can be made instantaneously at any time.
Existing Validian policies apply to Authentication, Encryption, Key Management and Variable Compression. Notwithstanding, other policies, including Permissions & Access Control, Information Redaction and Billing can be added with the same magical ease. This is proving to be Validian's unique selling proposition and has been responsible for most of the initial installations. Moreover, customers have attested to its effectiveness after installation.
Why should you snap up this attractive investment opportunity?
While Validian's solution is by all accounts compelling, the ultimate litmus test is how the company will integrate its strong product offering into a solid overall strategy. This is what investors need to understand before committing to any investment.
There are a number of reasons that make Validian a great investment.
Unique sales strategy
Validian's core technologies, including all of its features and capabilities, have been developed, tested and undergone alpha and beta installations, followed by more testing and debugging.
To accelerate its successful commercial rollout, Validian is leveraging a unique sales strategy. It collaborates with channel partners specialized in different industries to provide industry-specific network security solutions. For instance, in hospitality and retail, it is collaborating with a new channel partner that provides solutions to both retail and hospitality, to present point of sale solutions.
This approach presents two unique benefits.
Channel partners, who are already selling to and servicing Validian's target markets, have the confidence of the target customer and are very influential about the technologies their customers should use and try. As the contemporary business adage goes, it is arguably five times easier to sell to an existing customer than to generate sales to a new customer. By selecting strategic channel partners, Validian avoids the costly process of generating new customers and instead allows its channel partners to capitalize on their already established customer relations.
As earlier mentioned, Validian's technology can be integrated into an existing or new application by any developer, without any security expertise or experience. Moreover, it can be done in an average of a few days, as opposed to SSL which may even take up to two years. This means that Validian's channel partners can successfully integrate target customers' applications without much technical support from Validian, allowing the latter to reallocate the technical and financial resources it would have otherwise used in the selling effort to other areas of need. This signals prudent resource use and allocation.
In future, Validian may occasionally pursue a direct sales model to establish one or more particular reference customers. But for the most part, it will continue conducting its business through channel partners.
Betting on high growth areas
Validian's technology has horizontal usage -Validian protects any application and any type or format of digital information or data. However, the markets it serves are vertical sectors, including: (I) Defense and Public Safety; (ii) Government -federal, state and municipal; (III) Health & Medical; (IV) Banks & Financial Institutions; (V) Entertainment & Media and the massive markets for both enterprise and consumer; (VI) Mobile; and (VII) Social Media. Validian is actively establishing Channel Partners in each of these vertical sectors.
Although all of these verticals are high growth areas, some sectors, such as social media, mobile and banks, will exhibit relatively higher demand for cyber security technologies in the midterm.
Validian, through its tested core features as well as press releases, has shown an unmistakable incline toward some of these high growth areas.
According to company press releases, Validian projects that it will finish the migration of its technology to mobile platforms in time to launch some of its key initiatives in the third quarter of this year. As earlier stated, Validian is more effective for mobile when compared with SSL and other technologies. The fact that it is independent of IP addresses improves overall performance on mobile devices, and is likely to prompt mass adoption by app developers. Validian is currently targeting certain social media apps and mobile apps, which have existing deployment of endpoints and end users ranging each from 10 million to 1 billion end users, but currently suffer from major security exposure and cyber attacks.
The fact that Validian effectively combats man-in-the-browser attacks also signals that it is well suited for the banking sector. Earlier this year, the U.S. Securities and Exchange Commission was actively seeking data on cyber security policies for Wall Street firms in a bid to assess cyber security readiness levels. This signals an impending uptick in demand for cyber security technologies for Wall Street firms, banks and financial institutions, which typically pay a premium when compared with other customers.
Validian not only presents solutions for areas with overwhelming demand for cyber security technology, but its core technologies are markedly better than what is currently there in the market. As Validian does installations that are used, viewed and tested by an increasing number of enterprises and users, it will reach an inflection point where rollout becomes viral. The double digit growth in revenue will increase its value, giving investors who committed to the company early enough an opportunity to cash in on their plum returns.
Validian is not on a collision course with the industry bigwigs such as Cisco (NASDAQ: CSCO), Intel (NASDAQ: INTC) or Palo Alto Networks (NYSE: PANW), but rather it is well positioned to become an acquisition target for some of these bigger players. Cyber security implementations necessitate a collaboration and combination of a number of different cyber security technologies, systems, solutions and products. These include firewalls, intrusion prevention systems, anti-virus and malware solutions as well as code scanning solutions. As effective as these continually evolving technologies may be, they are clearly not sufficient to address ever-persisting cyber attacks. That is why Validian is not competing with any security provider, but instead enhancing implementation by securing the gaps that other technologies are not designed nor intended to seal. Complementarily, some of these other cyber security technologies secure areas that Validian is neither designed nor intended to secure.
Major companies like Cisco and Intel actively engage as Channel Partners for emerging technology companies like Validian. They are notably receptive and open to working on collaborating to identify, test and evaluate new cyber security technologies and then integrate these new solutions with their existing product offerings, enabling them to distribute the integrated solution to their robust and established customer bases.
Just like Validian acknowledges, large companies, too, know that they are highly likely to expand by buying smaller companies like Validian at attractive valuations, as opposed to conducting in-house development of their own new technologies. This assertion is validated by historical trends as recent as 2013 and early 2014. In 2013, Cisco acquired Sourcefire for $2.7 billion, a company with fast growth that had annual revenue of $223 million. Cisco has used this acquired technology to improve its email and web security gateways, two of the more vulnerable segments of its business. Earlier in the year, Palo Alto Networks acquired Cyvera, a company that prevents risks from remote devices, for $200 million. FireEye (NASDAQ: FEYE) acquired Mandient, a company providing intrusion prevention to 2 million application end points, for $1 billion; and VMware (NYSE: VMW) acquired AirWatch, a company providing mobile device management to approximately 30 customers, for $1.54 billion.
As Validian achieves more adoption, it will begin to emerge more clearly as a great solution to a number of the vulnerabilities and exposures not solved by existing cyber security technologies. Moreover, it could begin gaining attention from potential acquirers, making its value increase and allowing investors to sell at a premium relative to their entry prices. Validian currently issues both debt offerings, including convertible debentures, and equity offerings, according to its10-K report, and trades publicly on the U.S. OTC QB market. This essentially means that it provides a variety of opportunities as a good investment for investors of varying abilities and different risk profiles.
The following article is from one of our external contributors. It does not represent the opinion of Benzinga and has not been edited.