Network Security

Access control


Access control is an old standby. As long as we want to allow some users access and deny others, these products will be with us. The trick is finding one that is, clearly, an Innovator in a rather stale category. What more can one do after determining that someone knocking at the door should be allowed entry or not? It turns out that there is quite a bit one can do. Actually, the magic is less in what one does than in how it is done.

The two companies in the category this year have really taken a deep look at the problems associated with controlling access to computing resources. They have opted for new approaches they believe will be sustainable over a protracted period of change in how we use those resources.

One Innovator has tackled the problem of determining what users may need access. In an environment of exploding resources, before one can control access to those, one needs to identify what they are. That's the starting point for one of our Innovators.

The other one begins by addressing the other end of the spectrum – SMB customers – and makes large-scale enterprise resources available at a good price and with the management simplification these smaller companies need. How? Well, of course, they took their solution to the access control problem into the cloud. How they did it, though, was the key to their innovation.

These two companies have taken very creative approaches to solving the challenges of their respective marketplaces. That is really saying something because access control, as boring a topic as it may seem on the surface, is the key to securing the enterprise. Controlling who can and cannot enter is a challenge. There are a lot of pieces to the problem, and those have been addressed in a large number of ways. Typically, though, the methods are birds of a feather. We were looking for something different. What we found merits your consideration, regardless of the size of your organization. 

By the way, we also addressed that old bugaboo of identification. We found a really good example of creative use of biometrics. So, read on….

Lighthouse Gateway from Lighthouse Security Group  

Go out and get a top-drawer identity and access management (IAM) product and make it available to the SMB market. Good idea, right? Except for one thing: SMB companies cannot afford enterprise-class IAM products, no matter how much they need what those products do. Along comes this Innovator who lights the way to a solution.

Lighthouse took the core IAM technology from partner IBM, added its own shell to make it accessible and configurable to users in SMBs that do not have quite the resources that big enterprises do, and provided a system-style IAM application customized for SMBs.

Next, Lighthouse put the whole thing in the cloud and delivered it as a service, but, as the visionary to whom I spoke emphasized, not a managed service. The customer still is in control. Only, due to the layer that Lighthouse adds, the product – called Lighthouse Gateway – provides big system capability scaled to an SMB's needs.

What is the vision for Lighthouse? Most companies are not in IAM, but have a need for it. Regulatory requirements are broad and getting broader every day. So, even smaller companies are being forced to adopt mature IAM. They have two choices: Put it in the data center (high cost), or acquire the same best-of-breed capabilities using Lighthouse for a much lower entry cost and overall cost of ownership. 

When I asked the visionary from Lighthouse what he thought made the company innovative, he answered that the key is not trying to build technology from the ground up, but to add value to/leverage existing technology. Mid-market and SMB companies deserve the same capabilities that a big company does.


Vendor: Lighthouse Security Group  

Flagship product: Lighthouse Gateway 

Cost: $2,995 per month

Innovation: Making IBM “big Iron” capabilities in IAM available to smaller organizations at an affordable price and within their means to support.

Greatest strength: The vision to see what the market needs and figuring out a creative way to provide it.

BSA Visibility from Insightix

Insightix is an Israeli company that has experience – especially in consulting – in what they refer to as the “jungle problem.” By that it means that the enterprise is a jungle, and nobody really knows everything on the network. The implication is that there is a need for complete, real-time, contextual network intelligence in order to secure the network. 

Insightix is seven years old with 120 employees. The company is well-balanced between marketing and technology, but is focused on technology to support the customer and integrate with vertical applications. To make that work, it seeks technology partners and provides a platform for that partners' products.

The Insightix tool – called Insightix Business Security Assurance (BSA) product suite –  is designed to detect, identify, profile, audit and control all devices connected to the network in real time. That's a pretty big order. But, that is what BSA is designed to do. And this provides first-rate support for compliance.

From the business perspective, Insightix understands where it brings value to the marketplace. That value could be an end-user or technology partner. Because it provides the total intelligence in real time to the appropriate delivery target, it addresses the business need directly. Because this is an agentless approach, it is more efficient and lightweight at the endpoint. From a features delivery perspective, the product does discovery of all network assets, audit, compliance, risk analysis, user identity profiling, remediation, control and enforcement. That makes BSA a full, closed-loop access control tool. Closed-loop means that the testing, remediation and re-testing cycle is under the complete control of the tool. Closed-loop systems are efficient because they automate the process of looking for and addressing flaws. Trouble is, one first has to know where the flaws are. 

What value does Insightix bring to the table? According to the visionary with whom I spoke, “The BSA solution suite provides a 360-degree view into the actual state of your network security, effectively bridging the network security gap that exists between the actual security state of enterprise networks and what is known to IT.” 

Couldn't have said it better myself.


Vendor: Insightix 

Flagship product: BSA Visibility

Cost: starts at $30 

Innovation: Solving the “jungle problem.”

Greatest strength: Providing a holistic closed-loop access control tool.

Eyeswipe Nano from EyeLock

Biometrics tools – real biometrics of the kind that one can use reliably in a high-security environment – are relatively rare. Add the need for rapid and reliable identification and one has a requirement for a very rare bird indeed. EyeLock enters the picture here with its approach and we would present them with “The Better Mousetrap Award” – if such a prize existed.

EyeLock was founded five years ago in response to several factors. First, iris-matching systems have been around for a while, but have not reached the mainstream because owing to iris matching they are not scalable to millions of customers. Existing systems were too difficult to use and too expensive. Additionally, they did not work well and so were used in small deployments. Nobody focused on image acquisition, so EyeLock – formerly the Hoyos Group – did, and the result was a suite of products that solved those problems.

EyeLock focused on accuracy and speed (50 people per minute), ease of use and low cost. It offers its own matcher to avoid difficult integration. Enrollment is simple. There is no change to the existing access control system. Applying this approach, EyeLock systems have been proven to work in high-volume situations where there are up to 100,000 users and one million transactions. Its own on-board database can enroll 30,000 users alone.

This Innovator took a unique approach: It focused on the user and not the device. Today's competitive devices focus on the technology, but it is difficult for the customer to use the technology. From a business perspective, the company's ability transcend verticals, and its impact in real-world situations – often in high-transaction environments – are not just for the sake of a “big idea.” Finally, an extraordinary relationship with EyeLock's channel, and some early outreach to the banking press, which sees this as a game-changer, helped seal their success. 

What advice did the visionary with whom we spoke have? “Great innovation is only realized if it can be delivered to the user, productized and monetized.” 

That makes sense, and it certainly has worked in a very tricky product space for this Innovator.


Vendor: EyeLock 

Flagship product: Eyeswipe Nano

Cost: $2,495

Innovation: Moving from retinal scans to image acquisition allowing high-volume identification.

Greatest strength: Finding a way to build a genuinely better mousetrap that solves a real problem.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.