The Scoop on Cranite Systems
September 03, 2004
While wireless security specialist Cranite has had great success with its systems -- and expects even more -- the company is looking to a future beyond security, into WLAN management services.
There is no shortage of companies trying to capture a share of the wireless-security market. While big players like AirFortess have been grabbing headlines, though, a less well known firm has been quietly inking contracts and -- even more impressive -- landing venture capital. (Remember venture capital?)
Based in San Jose, Calif., Cranite Systems set up shop in August 2000 and has driven sales with a flagship product WirelessWall. The firm has inked deals with recent months with FireTide, AirMagnet and Vivato. The company recieved $10 million in a funding round led by Diamondhead Ventures, JK&B Capital, BV Capital, Industry Ventures in San Francisco and Selby Ventures.
The funding is viewed largely as a vote of confidence in the leadership of John Vigouroux, who came on board in mid-August having previously served as president and COO of Tumbleweed Communications. "When I looked at Cranite, it was obvious to me was just how big this opportunity was," says Vigouroux.
At Tumbleweed, he saw the IT staff literally ripping out the wireless hardware from newly acquired laptops, because of security concerns. "So I called a bunch of CIOs out there and it seemed that everyone was thinking the same way," he recalled. With proper security, he figured, Wi-Fi technology could truly take off. "Security is the only thing stopping it from being widespread."
Fair enough, but Vigouroux is hardly the first to think of it. So what separates Cranite from others in the field? To hear him tell it, the difference lies in the manner in which different solutions act to secure wireless data.
Most products come in at the security layer built into the 802.11b standards. To put it very simply, this essentially means encrypting data. "We come at it at a layer two, not only encrypting the data but securing the network as well," he explained. Each packet on the network has information showing where it came from and where it is going. In layer three that information is out in the open, making it possible for a black hat to backtrack into a doorway and exploit the network. A layer-two solution seals that gap.
Cranite has been able to charge anywhere from $10,000 to several hundred thousand dollars for use of the system, with the typical price ranging from $25 to $75 per user. Analysts say the company's best friend right now is a market wary of putting all its eggs in one basket."Right now there is a feeling among a lot of wireless buyers that you should buy your security solution separate from your wireless LAN hardware," explained Craig Mathias, a principal with consulting firm Farpoint Group in Ashland, Mass.
In the near future, though, security may be wrapped up into the original wireless LAN products -- witness the final release of the 802.11i specification, currently being tested as WPA2 by the Wi-Fi Alliance -- which could call into question the business model of Cranite and other security vendors who may find themselves the target of acquisitions efforts.
In the meantime, though, Cranite has more immediate concerns.
While sales are rolling in, Cranite's vice president of Corporate Marketing Chris Dorst says it is not always easy to change the way people think about security. "Everyone thinks that if you have a lock on the front door, you must be secure. Now we come in selling bars on the windows, selling machine gun turrets on the roof," he says.
To jump that hurdle, Dorst has set his sights on government and healthcare users, the kinds of institutions that are under regulatory constraint to use the highest-end security solutions available. He also sees a strong market in the financial services sector, where there is a powerful business incentive to keep things private.
As Cranite executives work on the next iteration of WirelessWall, they are thinking beyond security issues to consider the IT management aspects of the situation.
"You have all these access points, you have all these nodes that may be off someplace else, and when you come back into the network you have no idea where they have been," Vigouroux said. "Any time you go wireless, you open up all these nodes of vulnerability in the enterprise network. That's why you see so many IT managers and CIOs walking around ashen faced."
To help contain the situation, Cranite plans to soon offer management tools including the ability to quarantine incoming devices, ability to detect and lock down rogue access points and so forth. Either the firm will develop these tools in house, or else acquire them from outside business partners, Vigouroux said.
"The vision here is a bigger vision," Dorst said. "We believe you should be as secure as you are at your desktop -- anywhere. Whether you are a mid-sized business or a very large business, wherever level of security you have behind your firewall, that's the security you should have wherever you are."