With its unique model for protecting advanced IT systems against critical threats, the start-up company Prosa Security AS is becoming an attractive partner for demanding clients in the banking and finance industry. The solution is also attracting attention outside Norway.
‘There are many things you need to get right if you are to create a success, but everything certainly seems to be in place here. I believe that our technological solution is well ahead of our competitors. At the same time, we have capable team with great expertise and commercial know-how, in addition to good owners and supporters,’ says CEO Erik Rosen.
The expertise is based on research conducted at the Norwegian Computing Centre and the University of Oslo. Entrepreneurs Anders Moen Hagalisletto and Åsmund Skomedal have been working for several years on developing methods for automating analyses of IT systems. Hagalisletto is currently CTO of Prosa, while Skomedal is a board member in the company and Research Director at the Norwegian Computing Centre – which is heavily involved as an owner together with the University of Oslo.
Other external owners include Kjeller Innovation, Founders Fund and Akershus Technology Fund. Inven2 has helped to bring in these owners. The entrepreneurs are also co-owners, including Rosen, who was brought in through a structured recruitment process to lead the commercial development of the company.
‘The field originated 25 years ago, but in the 1990s I was still analysing systems using pen and paper. As the 2000s progressed, new tools and techniques were finally developed that made it possible to automate the analyses. Slowly but surely, this enabled us to develop the technology and methods we have now established,’ explains Skomedal.
Unique and precise copying of systems
The unique thing about Prosa’s solution is that, using software they have developed themselves, they build a precise, detailed copy of the client’s entire IT infrastructure, which on the surface looks exactly like the system itself. They have also developed a battery of tests that can be run against the model to find out whether the security is as good as it should be. Usually, they find security holes that they report back, so that the client can reprogram and fix the holes.
‘The model provides a precise representation of how the system behaves, and we don’t know of anyone else in the world that does exactly that. IT security today is characterised by a high degree of random test methods and ways of understanding the system, and there is a great need for better standards and models that can help security architects to analyse and solve security problems. That is the help we offer,’ Hagalisletto explains.
‘Many of our competitors have almost given up understanding how complex the systems are and how intricate the attacks can be. We want to understand what is going on, while at the same time helping our clients to understand it as well as they can,’ he continues.
‘Performing these tests on a copy of the system instead of on the actual system makes it possible to work a lot more proactively,’ Skomedal underlines.
‘Today, most security analyses are performed on the practical solution and involve trying to find things like viruses and hostile traffic. This is a type of reactive analysis, while our solution is about proactively identifying security holes before they become a problem. If you use the method right from the start, or at least before launching IT solutions, you get the best effect. That is why Prosa Security will offer licences to its clients, so that they have access to their own proprietary security model at all times. This means that they always have the security tool available in connection with software development. The result is better IT security, cost savings and less risk of reputational damage.’
With the Norwegian Computing Centre’s unique experience of analytics behind it, the company is in a strong position to expand further. Systems for settlement transactions in the banking and finance sector have been identified as a strategic focus area, although the solution can be used on many types of IT systems. Several big clients are already on board.
‘We are currently in the process of signing new contracts, and several big banks have expressed interest in meeting us, even before we have really started our marketing campaign. In 2017, we will largely focus our efforts on Norway, and if that goes well, an international campaign will be launched in 2018. We have already seen interest in Europe, but we want to build some good user stories in Norway before we go abroad,’ says Rosen.
Important Inven2 collaboration
The three of them have many good things to say about the collaboration with Inven2, which, among other things, helped them to access verification funds under the Research Council of Norway’s FORNY2020 programme. Inven2 also provided the general manager for a while after the company was formed in 2015.
‘For the Norwegian Computing Centre, it was a relatively new experience to work with a TTO, but it has worked very well. We have different roles and expertise that complement each other, and our collaboration has been decisive for the success that the company and the technology have enjoyed so far,’ Skomedal concludes.