If you like what we do here, please click on our sponsor's banner and check out our store. Thanks!

It's official. Internet IPOs are back. The latest home run came Tuesday, when Internet Security Systems soared $18 3/8, closing at $40 3/8. The company raised about $66 million for its war chest -- more than double the $25 million the company had expected to raise when it filed its registration statement.

The company provides network security protection against "the weapons of disruption": viruses, hacks, e-mail attacks, and so on. And these problems are very real for companies and governments. Just in the past month, a teenager hacked unclassified computer networks of the Pentagon, and another young hacker terminated the phone service to the Worchester, Mass., airport.

True, ISS has yet to make any money. But this isn't a problem, because the market for Internet security is growing at an incredible rate. According to the Aberdeen Group, the intrusion detection market is expected to be about $100 million in 1998. The year after, it should double. As for ISS, its sales have soared from $257,000 in 1995 to $13.5 million in 1997. These are Amazon.com-style numbers.

The villains of Internet security come in two categories. There are the proverbial hackers, who typically break into systems for the thrill of it. It's a matter of showing intellectual prowess.

The other category is actually more common: employees. Disgruntled employees have access to passwords, and are not afraid to wreak havoc on the corporate networks.

The 1997 Information Week/Ernst & Young LLP Information Security Survey of IT managers came up with some startling findings: 42 percent of all U.S. respondents reported malicious acts from external sources (up from 16 percent a year earlier), and 43 percent of the reported malicious acts were from employees.

Risk vs. Reward

With such threats, why would a company put its mission critical applications on the Net?

Well, using IP (Internet Protocol) technology has many benefits. Buying PCs is very cheap. Wiring them using IP technology is also cheap, and not very complex. Employees across the organization can use browsers to conduct business-to-business transactions, customer support, payroll, financial reports, and engineering designs. Such IP networks are known as intranets.

It was only several years ago that such tasks were the domain of the IT department; now virtually anyone can log in and take advantage of a wired enterprise. But the open nature of an IP network has a problem. There is much potential for security breaches.

There are ways to reduce the risks, such as encryption and firewalls. Encryption scrambles data, and then transmits it and unscrambles it. But what if someone attacks the data at the source, before it is encrypted? Then the security fails.

As for a firewall, this lies between the intranet and the outside networks or the Internet. First of all, a firewall must be configured properly and periodically reconfigured (so as to allow for new applications, users, etc.). Also, firewalls can be susceptible to hackers who gain access to information from internal users of the intranet.

The key to security is having an enterprise-wide policy. For example, employees may be forbidden to download certain types of Java applets, or to look at certain sites, or to have access to certain parts of the network. It is difficult, however, to enforce such a policy.

But intrusion detection technology is the solution. And ISS offers such a technology for which Wall Street is willing to pay lots of money.

So, is ISS the only player? Actually, there are a variety of competitors, some big, some small. One player is AbirNet. Like ISS, AbirNet is a young company, founded in 1996. The company has its headquarters in Israel and offices in Dallas. The company has attracted venture capital from some major players, the biggest of which is CheckPoint Software, a red-hot firewall company.

AbirNet's product is called SessionWall-3 and is geared to small and medium-size organizations (unlike ISS, which focuses mostly on major organizations).

Basically, the software analyzes the packets of data that course through the network. You set up filters to monitor the data flows and if there is a match, you can have the system alert you or block the transmission. Notification can be done via pager, fax, or the network.

With the product, you can limit the activities of certain employees -- such as disallowing FTP (File Transfer Protocol), e-mail, and/or access to certain URLs. AbirNet licensed technology from SmartFilter, which keeps a database of more than 70,000 websites, news groups and FTP sites that could pose productivity problems for the organization. In fact, "cyberloafing" (employees cruising the Web for fun) is becoming a major problem for companies.

Perhaps the most powerful aspect of SessionWall-3 is that it can read all the e-mail in the enterprise. You can tell if an employee is engaging in sexual harassment, or looking for a new job, or is engaging in fraud. Is this an invasion of privacy? Well, it appears the courts don't think so. The rationale is that a company owns the means of communication (i.e., the network) and thus also owns the information.

But SessionWall-3 tries to reduce the privacy problems. For example, the software will provide warning messages to the users.

AbirNet licensed technology from Finjan Software called SurfinGate. The technology scans for suspicious Java applets and downloadable ActiveX applications. AbirNet also licensed eSafe, which identifies virus threats.

With SessionWall-3, a user can generate a myriad of reports, showing the vulnerabilities of the network. The reports are presented in a way that does not create delays within the network.

The software is very affordable and is easy to install.

Conclusion

The big issue is whether a small, private company such as AbirNet can compete in the Net security marketplace. The answer is simple: yes. But it comes down to two options: being bought out or an IPO. Of course, ISS chose the latter (then again, it still could be bought out). Having $66 million in the bank, as well as being able to use its own stock as currency for acquisitions, will be a tremendous help.

Then there is WheelGroup, a strong intrusion detection company. It agreed to be purchased for $124 million by Cisco. Then there was the purchase by Network Associates of Trusted Information Systems for $300 million.

The security market is red hot, and should get even hotter. Other major networking companies, such as Ascend, 3Com, Bay Networks, and Cabletron, are likely to make offers for Net security companies that will be difficult to refuse. It's hard to see this market slowing down. Companies and governments need secure networks. Plain and simple.

Commercial: Readers interested in IPOs may want to check out The Investor's Guide To New Issues: How To Profit From Initial Public Offerings, available in our bookstore.