Transparency Is Apparent In Duo's Vision For IT Security

One day in math class, Christopher Klaus calculated the business potential of selling a software application he'd developed to scan networks for security vulnerabilities. It all added up. So the 20-year-old quit Georgia Institute of Technology to found Internet Security Systems Inc.

A year later, Thomas Noonan, at 34 the youngest VP of sales at D&B Software, left his stable job to join the security-software startup of which he's now chairman, president, and CEO.

Since its founding in 1994, the $200 million-a-year company has become one of the most successful Internet-security businesses to come out of the E-business boom. That success has been based on the vendor's ability to find and block security threats, such as this year's Code Red and Nimda worms, for its clients. Now the challenge for Klaus and Noonan is to position ISS to develop security applications that do even more to withstand constantly changing threats-by working like a self-healing biological immune system that evolves to recognize and defeat new invaders.

"The human body doesn't pay much attention to the daily battle between the immune system and things out there in the air," says chief technology officer Klaus, now 28. "The same should be true for IT security, in that security should be transparent activity happening at all times."

Although today's security technology is a far cry from Klaus' immune-system metaphor, administrators should soon be able to manage antivirus software, firewalls, and intrusion detection from different vendors-by way of a single management console that collects security information from the various sources and correlates seemingly unrelated security events. The ultimate goal: Security software must one day be able to automatically react to an unknown threat and attempt to cleanse and heal the network.

Klaus and Noonan took the first step in pursuit of that goal by introducing RealSecure SiteProtector earlier this month. It's the first security product to unify the management of network-, server-, and desktop-security applications. The current version manages only ISS's own security apps, but the duo's short-term objective is to begin adding management capability for competing security products. In that next generation of ISS software, "we'll take in data from firewalls, backup systems, antivirus, whatever somebody wants to look at, bring that data into a single console, and correlate that data," Klaus says. A subsequent generation of products would offer automated fixes.

As Klaus builds the technology that he hopes will form the foundation of his self-protecting and healing software, Noonan, now 40, is happy to manage the company's daily operations. Says Noonan of Klaus: "He's so bright, visionary, and capable that to burden him with performance reports and expense reports and all the things management has to do is a poor use of his time."

Noonan, for his part, has added the sales savvy that ISS needed to grow into the company that's helped define the managed-security services market. He's "never met a stranger," says his old college buddy, John Wells, now a VP at Interface Americas. "He's a friendly guy who's got that strong competitor in him, that drive to succeed." Not that Noonan is a stranger to software engineering. Before his D&B job, he specialized in advanced automated control systems for computer-integrated manufacturing at Allen Bradley, a division of Rockwell Corp.

"We're able to talk on the same level," Klaus says. "That's one benefit of having a CEO who can talk on an engineering level."