Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:20 AM

IPLocks Locks Up $11M

Database security startup looks to spread its software message

Database security startup IPLocks has clinched $11 million in Series D funding as the vendor plans to expand its global operations and exploit compliance initiatives around the world.

The Series D, which brings IPLocks' total funding to $23 million since 2002, was provided by a group of institutional and individual investors. Ron Radcliff, the startup's vice president of business development, however, would not reveal the identity of these backers.

But Radcliff was a little more forthcoming on what the firm will do with its cash influx. "What we're doing is expanding our field sales support. We're also enhancing our marketing awareness campaigns," he says, adding that the firm's R&D efforts will also get a boost.

The startup's flagship offering is its Database Security and Compliance software, which aims to lock down database information through user monitoring and auditing. The software runs on either a Microsoft Windows or Linux server attached to a user's database server.

According to IPLocks, the software works across all major database platforms, including IBM, Microsoft, Oracle, Sybase, and Teradata. The vendor has already racked up over 130 customers. These include some big names, such as Ernst & Young, NEC, and Western Corporate Federal Credit Union.

Last year IPLocks expanded its presence in the Asia-Pacific region, announcing a reseller agreement with Decillion Solutions Group, which is part of NEC, and Radcliff says that the firm will now refocus its transatlantic efforts. "We're beginning to expand our operations in Europe. Currently we're mostly U.K.-based."

But IPLocks is not the only vendor playing in the database security space. Fellow startup Imperva, for example, recently clinched $17 million in second round funding to support its own security efforts.

Imperva, however, takes a different approach, relying on its own SecureSphere family of appliances to monitor database traffic. (See Imperva Pushes Database Security.) Another startup, Guardium, also offers specialist hardware. (See Security Fears Draw VC Bucks.)

A key selling point for IPLocks, according to Trish Schaefer Reilly, the startup's vice president of marketing, is that the vendor can operate without installing an agent on the database servers. Instead, the IPLocks software accesses the databases as a "read only user."

Although IPLocks also offers agents that can be installed on devices, Schaefer Reilly told Byte and Switch that 90 percent of the firm's customers prefer the simplicity of the agentless approach.

The idea here is that, by avoiding the use of agents, users can side-step the hassle of issuing patches and software upgrades throughout their infrastructure. That said, some users have already expressed a preference for security in dedicated hardware. (See Microsoft in Whale of a Deal.)

Either way, database security is fast becoming big business. The SANS Institute, for example, recently listed online database attacks as one of its Top 20 most critical Internet security vulnerabilities, which reflects the recent trend toward data-targeted exploits, in which criminals steal user information rather than funds. (See SANS Exposes 'Safe' Technologies.)

Database issues have even led to high profile security flaps at the FBI and the White House, underlining the importance of locking down critical data. (See FBI Flap Highlights Security Challenge.)

Additionally, the advent of regulatory requirements such as Sarbanes Oxley, and similar legislation in countries such as Japan, appears to be paving the way for security startups. (See Users Splash Cash on SOX, Gartner: Sarbanes Struggle Continues, and CA's Clarke: SOX Driving IM.) "Regulatory requirements are kicking things into overdrive," explains Schaefer Reilly. "We want to make the market much more concerned about securing their databases and about data protection."

The San Jose, Calif.-based vendor, which currently has around 65 employees, will also be looking to increase the size of its workforce, according to Schaefer Reilly, although she would not say by how much.

— James Rogers, Senior Editor, Byte and Switch

Organizations mentioned in this article:

  • Ernst & Young International
  • Guardium Inc.
  • IBM Corp. (NYSE: IBM)
  • Imperva Inc.
  • Microsoft Corp. (Nasdaq: MSFT)
  • NEC Corp. (Nasdaq: NIPNY; Tokyo: 6701)
  • Oracle Corp. (Nasdaq: ORCL)
  • The SANS Institute
  • Sybase Inc.
  • Teradata


    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/6/2020
    Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
    Stephen Ward, VP, ThreatConnect,  7/1/2020
    Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
    Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-07-07
    An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
    PUBLISHED: 2020-07-07
    Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
    PUBLISHED: 2020-07-07
    A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
    PUBLISHED: 2020-07-07
    Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
    PUBLISHED: 2020-07-07
    A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...