News
In the News
Compliance the Number One Theme
April 7, 2005
Courtesy of Sarbanes-Oxley Compliance Journal
Jack Martin spoke with Robin Vasan, Managing Director at Mayfield Venture Capital about Elemental Security, a company Mayfield has invested in.
Jack: What does Mayfield Venture Capital do?
Robin: Our primary focus at Mayfield is on very early stage investing – Seed and Series A stage companies. So on a typical day we are reviewing business plans and meeting with prospective new companies. In addition, we spend a considerable amount of time with our existing portfolio companies.
Jack: You’ve made a very interesting investment in a company called Elemental Security. My question for you Robin, is why Elemental Security?
Robin: Well, I think there are several reasons. I’ll highlight three.
First of all, I would highlight the strength of the team. Elemental has brought together a team of very experienced professionals, combining security policy and language expertise. In addition, we just brought on a CEO by the name of Peter Watkins who has a proven track record in the security field as a senior executive, previously COO at McAfee.
The second thing that I would highlight is the company’s unique technology - a security policy language which we will talk about a bit further.
Finally, Elemental has put together is a unified approach to provide security visibility and control. Today’s security market requires companies to have more complete solutions beyond just reporting. Particularly in the compliance area, it requires both visibility audit reporting, as well as the ability to actually control and lock down functionality.
Jack: I think this may be a new concept to my readers. When you say policy language, what do you mean by that?
Robin: Elemental has built a custom programming language. A key early hire was a leading language expert by the name of Guido Van Rossum. Guido is the inventor of Python which is a very broadly used programming language. Starting with Guido and Dan Farmer, we’ve begun to amass a brain trust of security and language talent.
The Elemental policy language takes certain script-like elements from Python, and adds more detailed security policy features. So, as an example, a policy might be something along the lines of, make sure that none of my machines have ‘guest’ accounts with blank passwords.
Jack: How does this policy language work?
Robin: You would write policies in this policy language, in a very concise script-like form and then that script would run on all the different machines. The solution is cross-platform; Windows, Linux, Solaris etc. and you could test to see whether each of those machines were in or out of compliance with those policies.
Jack: Interesting. It sounds like they are applying the concept of use case of a scripting language to security.
Robin: I think that’s a fair way to describe it. In addition to the language itself, the Elemental solution will ship with a broad variety of pre-defined essential best-practice polices.
Jack: Like you said, ‘no guest accounts with no passwords’ and just deploy. You say this company has a unified approach, a lot of people over use that word unified. What do you mean by that?
Robin: There are a couple of things. The Elemental solution is a unification of both host and network information. In addition, the product unifies information across varies operating system environments.
Before starting Elemental, Dan Farmer wrote a number of important security tools focused on forensics and host configuration. This work was focused on how machines are configured from a security posture standpoint. Dan has integrated that work with the new concept in networking of network access control. Monitoring network activity to determine which machines are talking to each other and what services they are utilizing, as well as understanding which user authorization. So Elemental is unifying the themes of host configuration management and network access control.
Jack: Will this security solution help security administrators do their job more effectively?
Robin: I think that it is a major leap forward with respect to how security administrators understand what’s on their network, what different machines are doing, and provide reporting and audit from a compliance standpoint. Most corporations have a big thick document binder of their policies and procedures, but now those policies can actually be implemented with the Elemental solution.
Jack: The last thing that I’d like to talk to you about is the people behind this product. Mayfield is obviously an extraordinarily famous company inside of the Venture Capital field, but most people probably don’t know who Mayfield is as most people don’t live in the world of VC. Have you ever done something similar to this before?
Robin: Mayfield has a long history of starting successful companies, but I’ll give you one case study. A company called webMethods. Prior to joining Mayfield, I ran products and engineering for a couple of software companies and I saw a need in the market for a product to allow different software applications to communicate with each other over the internet.
In my investigation of the products and the technologies that were out there, I found this very small company and did quite a bit of analysis and investigation on their technology; that company was webMethods. Upon joining Mayfield, I led an early stage investment in webMethods and successfully helped that company grow from a handful of employees into a successful public company. So, that is one case study we were able to identify a market need and help build to an IPO. Similarly, we believe Elemental is uniquely poised to take advantage of the overwhelming need in the market for security policy audit and compliance.
Jack: Compliance and security are enormous hot buttons. It sounds like you’ve put together a very interesting group of people that actually are Elemental Security - from the co-inventor of SATAN to the inventor of Python. Could you just talk about the team for a moment?
Robin: Sure. Let’s start with the CEO, Peter Watkins, who has a very strong operating background at McAfee. He was a very early executive at McAfee and COO at Network Associates, and has also been CEO of a number of private companies. We recruited Peter to the Board about a year ago, and when we started the process to hire a CEO he raised his hand and we looked no further. I think attracting a recognized security industry leader like Peter is quite a coup. I think it speaks highly to, not only the product, but the promise for this company.
In terms of some of the other folks on the team, we’ve touched on Dan Farmer. Obviously, Dan is a noted computer and information security expert. He spent quite a bit of time at Sun Microsystems, and he’s got a long list of technologies (with colorful names) that he’s developed; SATAN, Titan, COPS and others.
Jack: You know SATAN made him a legend.
Robin: Yeah. I think my personal favorite name is, The Coroner’s Tool Kit. It’s more on the forensic side.
Jack: The Coroner’s Tool Kit. What’s the Coroner’s Tool Kit do?
Robin: After a system potentially has been compromised it literally helps you re-create a bunch of forensics and forensic information from the machine.
Robin: You know, Guido actually was voted one of the Top 20 software professionals in the world. He’s a very, highly-regarded language expert.
Jack: Yes. Guido’s Python product has probably had more books published on it than most programming languages have copies of the software sold.
Robin: Yes. He’s a wonderfully warm and stabilizing force with respect to an engineering organization. What engineer in Silicon Valley wouldn’t want the opportunity to work with an expert like him?
Jack: Sure. I can understand that. I understand this company has a very deep bench . Can you tell me a little about them?
Robin: Also, we’ve recruited top talent across the management team. We’ve brought on a VP of Sales by the name of Mike Rogers. Mike was also at McAfee where he was VP of Worldwide S&B solutions. He certainly knows the security landscape, he knows the customers, and he knows the channels. In addition, both the VP of Marketing and VP of Engineering have been with the company since the very early days. Ram Krishnan brings a very strong marketing and product management background from several security companies, Green Border and Valicert. Mike Schwartz, the VP of Engineering came most recently from Opsware, previously known as Loudcloud. Opsware and Loudcloud were building a product to do data center management and in some ways, the Elemental product has similarities.
Jack: You’ve got one very interesting team of people there. Robin, What great things can we look for from Elemental Security and Mayfield in the future?
Robin: Well, I think that the key thing is certainly compliance. It is probably the number one theme in the market today and we feel that the team at Elemental and the product that they’ve built is uniquely positioned to capture a significant portion of that market.