The 1M1M Deal Radar 2010: Solera Networks ,South Jordan, Utah

Solera Networks develops software and appliances for network forensics, a technology created to give more complete information into breaches of network security. Solera compares it to “putting a security camera on your network” by combining high-speed data capture, indexed storage, and comprehensive analysis tools.

More than 85% of corporate security officers expect a major network security event in the next three years or had one in the past three years. Half of the same group knows it will take two to ten or more days to discover the full scope of the incident. According to Solera, network forensics reduces the cost of network security incidents to corporations by cutting the time to remediate from days to hours, and eliminates the chance of follow-on attacks.

Based in South Jordan, Utah, and Tokyo, Japan, the company was founded in 2005. The founders were engineers out of Novell who asked themselves, What if we could capture all the traffic that went over the network? How would that change our ability to secure the network? The current CEO is Steven Shillingford, who has a background in databases with Oracle. Other key managers are VP of marketing and product management Peter Schlampp, who comes from IronPort and Cisco, and CTO Joe Levy from SonicWALL.

Solera believes that network forensics is moving from the classified world of intelligence and defense into best practice for the modern enterprise. CSOs are looking for a way to protect their networks from a modern type of threat that traditional security technologies are unable to detect. New products, driven by demand from the government, record all traffic on the network and show real-time full-fidelity views into what’s happening. With this much data, search is critical and the differentiating factor in this developing market. Gartner estimates the 2009 network forensics security market at $100 million and believes that it will grow to $145 million by the end of 2010. Solera, however, believes that the market in 2010 is at $350 million and growing at 70%. The company thinks that Gartner’s view of the network forensics market is limited to a narrow definition of “forensics” as it relates to providing legal evidence of a security event. Many of Solera’s customers are using Solera Network solutions broadly for general incident response, which significantly increases the market opportunity.

Solera has three main product groups. First, the Solera DS series is a line of network forensics appliances that capture, index, filter, and regenerate network traffic data in real time, even on 10 Gb networks. The appliance store critical data onto scalable, local storage or via storage area network (SAN) to give a complete and accurate picture of network activity.

Second, the Solera Networks Virtual Appliance is available as a VMware image. It includes the same technology available in the DS series but can be deployed on any hardware platform and has the ability to capture traffic crossing a virtual switch.

Finally, the Solera DeepSee Forensics Suite is software that lets users search through their traffic just as they search the Web and navigate through it the same way they would navigate through the files on the computer. DeepSee reconstructs network traffic into meaningful flows, including network artifacts such as Web pages, Microsoft OfficeTM documents, PDF flies, or images. DeepSee returns network artifacts to the user exactly as they appeared on the network at the time of the incident.

The company gained traction and wider distribution of its products through integrator (e.g., FireEye and NetApp) and reseller partnerships and large government contracts. It also has the Solera Networks Donate&Defend program, which offers colleges and universities with network security programs and curricula free access to Solera Networks Network Forensics.

In addition to the government, customers include Tahitian Noni (bioactive beverages and personal care products) , Skyriver (wireless broadband), CAL-ORE (Internet and telecommunications), BAE Systems (aerospace), Xactware (property insurance), and several U.S. universities. The company has had 100%-plus y-o-y bookings growth for several years in a row.

Competitors include AccessData, which acquired SilentRunner in order to offer a more comprehensive solution; Narus, which focuses on telecommunications and government; NetWitness, spun off ManTech International; Niksun, an early entry with a full range of products; and Endace, which focuses on government but also on electronic trading organizations doing high-frequency trading. According to Gartner’s report, “The market for network forensics products remains highly differentiated. Key criteria to evaluate include performance (response time) in examining large volumes of stored data, and overall analytical capabilities.”

The company has raised a total of $30.9 million thus far: a $2 million angel round; a $6.9 million Series A  from Canopy Ventures in September 2006; a $7 million Series B from Allegis Capital and Canopy Ventures in April 2009; and a $15 million Series C from Trident Capital, Allegis Capital, and Canopy Ventures in July 2010. Revenues were about $12 million in 2009 and should be closer to $15 million in 2010.

There are no immediate plans for an exit. The company, which was recently named as a Red Herring top 100 private startup in North America, plans to use its new funding to extend its leadership position and contribute to a ubiquitous network forensics defense of the critical infrastructure.

This segment is a part in the series : The 1M1M Deal Radar 2010