News Article

Is your app secure? ViaForensics can tell
Date: Sep 11, 2014
Author: John Pletz
Source: Chicago Business ( click here to go to the source)

Featured firm in this article: NowSecure Inc of Chicago, IL



Andrew Hoog is a high-tech plumber. Instead of wielding a wrench, he uses code to fix leaky apps that spill valuable data such as passwords.

These days a lot of people need plumbers like him. His Oak Park company, ViaForensics LLC, counts 10 of the largest companies in the world (according to revenue) among its customers and last year had $3.1 million in sales. So far this year, the staff has grown by one-third to just over 50.

The company's primary product, ViaLabs, is software used by companies to test the security of their own apps that are used both internally and by their customers. It recently launched an app called ViaProtect, which can be downloaded to smartphones and tablets to identify which apps are security risks on those devices.

Since it began beta testing this year, ViaProtect has been downloaded 100,000 times. It's free to individuals, but companies using it for more than 10 devices have to pay.

"As (companies) are looking at doing app stores themselves, they're worrying about, 'How can I get apps faster for my workers?' " says Jason Wong, a New York-based analyst at Gartner Inc. "With mobile being what it is, it's less about security and more about productivity and ease of use."

WEAK SPOTS
ViaForensics' approach to fixing leaky apps is to help developers spot problems such as the one seen this year with SSL, the longtime standard for web transactions such as banking, which proved exploitable by a vulnerability called Heartbleed. Mr. Hoog's viaLab tool tests apps by automating and simulating common attacks to reveal weaknesses, such as apps that transmit personal information without first encrypting it, before hackers find them.

"The problems in mobile are pretty solvable," says Mr. Hoog, 39. "It comes down to using the right algorithms."

Mr. Hoog, a one-time chief information officer in St. Louis, got interested in mobile software after buying an early Android device, then wrote a couple of books and became an expert witness on mobile forensics. He soon shifted his focus to prevention, and ViaForensics—co-founded with his wife, Chee-Young Kim—became a favorite among banks and oil-and-gas companies for quickly testing apps to find security flaws.

His startup faces giants such as Armonk, New York-based IBM Corp. and Veracode Inc. of Burlington, Mass. as well as newbies such as San Francisco-based Lookout Inc., a consumer application that claims 50 million users and raised $150 million last month to move into the enterprise market. (Mr. Hoog's company is backed by Chicago venture fund Jump Capital LLC, but he won't say how much money he's raised.)

ViaForensics has won loyal fans by focusing on simplicity and speed. "It saves you a lot of time," says Dan Ford, cybersecurity strategist at Digital Management Inc., in Bethesda, Maryland. "Previously, I had to take all these open-source products and perform tests. It could take days. Via made it so I could do all that testing in about 45 minutes."