Saturday, July 24, 2010
New Blog location on oculislabs.com/company/blog
We've just released a major revision to our website and we are now able to host the blog there. Please go to http://www.oculislabs.com/company/blog/ for the latest.
Sunday, June 20, 2010
At SOFIC with Klas Telecom
I'm just returning from SOFIC 2010 (Special Operations Forces Industry Conference 2010) in sunny, hot Tampa Florida. Oculis Labs was featured in Klas Telecom's booth at the show, where we demonstrated a new small version of Chameleon running on the Klas Telecom GRRIP secure mobile platform.
You can see the whole kit in this picture. You're seeing a complete computer and TS/SCI communications package that fits in a 28lb "fly-away" case. The GRRIP is sitting on its case in this picture, and the new small-form Chameleon sensor is sitting on top just under the monitor. This Klas product is quite a serious achievement. Special Operations uses them extensively in the most rugged field conditions to reach back and access SIPRNET and JWICS via the BGAN network. In civilian-speak, this means the guys in the field can access highly classified networks from the mountains in Afghanistan. Klas Telecom has been very successful in delivering thousands of these essential tools for remote computing.
The obvious extension of the platform is to put Chameleon on it to protect the display against prying eyes. There is a really great fit between Klas and Oculis Labs in this respect. The customer goes to great lengths to ensure the security of their classified networks, but until now has not had the ability to protect the display from some pretty serious risks (think: translators, local liasions, even coalition forces).
We had great interest at the show. The first day was busy, the second a bit slower, and on the third day we got a lot of attention. As is typical with Chameleon, people who had seen it earlier started bringing over their colleagues and management to take a look. We're looking forward to working with Klas to see where this goes.
The obvious extension of the platform is to put Chameleon on it to protect the display against prying eyes. There is a really great fit between Klas and Oculis Labs in this respect. The customer goes to great lengths to ensure the security of their classified networks, but until now has not had the ability to protect the display from some pretty serious risks (think: translators, local liasions, even coalition forces).
We had great interest at the show. The first day was busy, the second a bit slower, and on the third day we got a lot of attention. As is typical with Chameleon, people who had seen it earlier started bringing over their colleagues and management to take a look. We're looking forward to working with Klas to see where this goes.
Monday, June 7, 2010
Weakness at the seam: electronic vs physical security
I noticed recently that government security blogger Bob Gourley is updating an article he originally published in 2003 titled “Cyber and Physical Security Unite”. The article clearly remains relevant today. In fact we have more to be concerned with today than before, particularly at the seam where electronic data meets the real world.
We need to be more intelligent about protecting electronic assets from physical threats, and not treat the two as separate issues. Today the practitioners in these two security spheres are usually independent. As a result, some of the most vulnerable spots are to be found along the seam where the two intersect.
Computer IT experts focus on protecting data "on the wire" with firewalls, encryption, VPNs, IPS, etc. This is all good. Physical experts tend to look at perimeters. Also good.
The under-rated risk is where that electronic information enters the real world at the computer monitor. The logical data protection control ends as the data is handed off to the physical world where it can be viewed by anyone who happens to have physical access. The rules associated with who can view what in the electronic world are rarely matched with who as has access in the physical world.
Think about your own work environment. You have an access card to get into the building, and a password to access the company financials you use to do your job. However there is nothing to stop other employees from looking at your computer screen. They have physical access to get into the building, but they don't have a need to see those sensitive financials. It's a simple example of how physical and electronic protections are not working together.
We put more and more of our lives into electronic assets every day. The value of protecting our data increases constantly, but social engineering and shoulder surfing are more serious today than ever. Security practitioners need to admit the risks go beyond just electronic, or just physical and make sure they protect information at all points along the way. If you are a security manager looking to protect computer screens against eavesdroppers I urge you to look at Oculis Labs PrivateEye and Chameleon products.
We need to be more intelligent about protecting electronic assets from physical threats, and not treat the two as separate issues. Today the practitioners in these two security spheres are usually independent. As a result, some of the most vulnerable spots are to be found along the seam where the two intersect.
The under-rated risk is where that electronic information enters the real world at the computer monitor. The logical data protection control ends as the data is handed off to the physical world where it can be viewed by anyone who happens to have physical access. The rules associated with who can view what in the electronic world are rarely matched with who as has access in the physical world.
Think about your own work environment. You have an access card to get into the building, and a password to access the company financials you use to do your job. However there is nothing to stop other employees from looking at your computer screen. They have physical access to get into the building, but they don't have a need to see those sensitive financials. It's a simple example of how physical and electronic protections are not working together.
We put more and more of our lives into electronic assets every day. The value of protecting our data increases constantly, but social engineering and shoulder surfing are more serious today than ever. Security practitioners need to admit the risks go beyond just electronic, or just physical and make sure they protect information at all points along the way. If you are a security manager looking to protect computer screens against eavesdroppers I urge you to look at Oculis Labs PrivateEye and Chameleon products.
Monday, April 26, 2010
The message is the message
I've never accepted the adage by Marshall McLuhan that "the medium is the message". It seems to my engineering mind that taken literally this cliche would mean there would be only a few different messages possible, one for each different "medium". If not to be taken literally, then it falls into the broad liberal arts category of "it means what we mean it to mean when we say it, and is not subject to direct analysis".
Having done a presentation in a new medium now, I'm sticking to my original belief: the message is still the message. However, this new tool sure does help to make the telling more effective. I've made the presentation public so you can check it out too. Click here to view it in your browser.
Friday, April 9, 2010
Beware inside the Hive
The observation "People are like bees" caught my eye in a book I'm reading by Terry Pratchett and Neil Gaiman called Good Omens: The Nice and Accurate Prophecies of Agnes Nutter, Witch.
The gist of the full quote was that the security systems that people set up are similar to bee hives. Bees are very attentive about defending their hives from outsiders and will attack anything that tries to get too close. But if you can get into the hive itself the worker bees will assume you're supposed to be there, that "management" is ok with the whole idea, and let you go about your business.
This analogy is not far off from what happens in our real offices. Social engineering hackers like Kevin Mitnick used a variety of schemes to get under the radar and into the relatively safe regions "inside the hive".
Think about it: the photocopy repairman is walking around the office, the delivery guy is in the mailroom, the guy in the suit is looking for someone down in accounting. What do you do when you see these things? 99% of the time you let them go if you're like most people.
The conclusion: don't assume your workspace is private or secure. Think about what you're showing on your desktop and computer screen, and take steps to keep it private.
Thursday, March 25, 2010
March Madness, Dilbert, and Boss Mode
Scott Adams (creator of Dilbert, blogger and generally interesting guy) wrote a blog post recently that really caught my eye.
He says CBS Sports contacted him to ask him to create a "business-looking" screen that a viewer could quickly pop up using the Boss Mode button built into CBS's video feed viewer. The idea is that if an employees is watching March Madness (the NCAA basketball tournament) on his computer during working hours he could quickly hid the fact from his boss. Further, they wanted the content to look business-like, but to actually be funny on closer examination.
It is nice to know CBS Sports has a sense of fun. That's all this is of course. Some commenters have decried the waste of corporate bandwidth, and the poor morality of shirking work. As a CEO myself, I don't see it that way. I measure my team on what they accomplish. If they can do an excellent job and still watch the game, then they are excellent as far as I'm concerned. The corollary is that if someone is consistently only delivering excuses for why the job is not done well, then they are a problem that must be dealt with.
Anyway, what really grabbed me about Scott's blog post is that our product PrivateEye has a Boss Mode that solves this problem exactly, and in my opinion far more elegantly than with a keyboard button. There's an option in PrivateEye to turn on Boss Mode - a setting that lets you choose what you want your screen to show in an 'emergency'. When it's on and you're looking at your screen you can enjoy the game (or your work) normally, but if anyone else looks at your screen or you turn your head away PrivateEye immediately displays your chosen Boss Mode view.
The idea is more elegant than hitting a button on your keyboard because that's a dead giveaway that you were up to no good. With PrivateEye, all you do is look away and it happens automatically. If this sounds implausible to you, please suspend disbelief for a minute because the product is real. You can check out video of it working here.
Sorry for the commercial, I try not to do that in this blog. I'm just really excited that someone like CBS is, in a humorous way, acknowledging the display privacy issue too. Now what we really need is to get on their radar screens for next year. Coming in 2011: March Madness, On Demand, In the Privacy of your Cube (powered by Oculis Labs). Catchy, isn't it?
Sunday, February 28, 2010
RSA Conference 2010: Bring Back the Weird
Its the day before I travel to the annual RSA Security conference, the big security industry event where everyone gets together to promote their wares, check out the competition, and network to find that next job. I've been coming to the RSA show since 1997 and, (no surprise here), it has changed over the years.
Other long-time industry folks feel free to disagree with me, but I think I've seen a dramatic decline in excitement, weirdness, and surprise at the show in the past 5 years.
In the beginning, the buzz was all about the crypto wars: new companies would come out with new "great' crypto systems every year. Some were good, some were snake oil, and most were just unnecessary. (I'm thinking, for example, of the guys who announced the unbreakable million-bit encryption system. It was super-strong, and used 'matrices and new science'. The only problem was the customer was left to figure out how to move those huge keys around. For the non-crypto folks: this is a pretty big oversight) It was obvious something big was going to happen in security, and in this wild-west period everyone was trying to stake a claim. It was great for the crypto community players. This period was hard on customers though, as they had to make career-defining security decisions without enough solid information.
The years from 2001-2004 settled down a bit. With the collapse of the internet boom, a lot of the noise left the market. Companies settled down and sold good, well planned products that actually solved the current security issues pretty well. It was easier to select a product then. If you needed a VPN, (and you knew you did - the press was doing a reasonably good job too) you could go out and evaluate a dozen compatible VPN servers from a dozen decent companies that all contained sensible crypto. The security industry had come into its own.
Having worked out a sensible model, the next thing, naturally, was to break that model. Security is no-longer a stand-alone feature that companies bolt on to their IT systems. No, security is an integral part of the network, client, OS, and storage system. The latest era has been one of integration and consolidation as IT giants like Cisco, EMC, and Microsoft have made security a core competence and built it into the product.
I observed this shift from the inside at my previous company. Initially, we made the specialty crypto chips and sold them to Cisco and others. Then more players came in to the market. To grow, we had to move upstream and started selling the protocol software that runs the security system. As the market matured, even that business was squeezed. The latest model was to license the crypto chip designs to the big chip makers so they could integrate it into their systems. All the basics a customer needs comes in their network switch now. There is little room left for a pure-play security company in network security.
What is a pure RSA-conference-attending security vendor to do now? What we are seeing at the RSA show these days, is a combination industry maturation and opportunistic marketing. The main players are now IT companies (EMC/RSA, Cisco, Microsoft, CA, IBM, Novell, and Google).
But there is another trend happening: read the blurbs for many of the exhibitors and you might be forgiven for thinking you were looking at an auditor's conference. This is a very typical blurb:
Stuff like this will chill the heart of any security enthusiast. And there are dozens of these compliance-officer-pleasing companies in the market now. This is the opportunistic thing I was telling you about: it sells because of government regulations and fear of lawsuits. Not that the security community has anything against selling on fear, we've done it for a long time, but this seems a long way from security to me. It seems like accounting. In any event, my hat's off to the evil geniuses that figured out they could shift the market and sell this stuff under the guise of security.
So what will this year's show bring? What will be remembered and talked about later? Who knows, I'm heading out to see with a small thrill of anticipation. But you know what I want: The resurgence of weird.
Other long-time industry folks feel free to disagree with me, but I think I've seen a dramatic decline in excitement, weirdness, and surprise at the show in the past 5 years.
In the beginning, the buzz was all about the crypto wars: new companies would come out with new "great' crypto systems every year. Some were good, some were snake oil, and most were just unnecessary. (I'm thinking, for example, of the guys who announced the unbreakable million-bit encryption system. It was super-strong, and used 'matrices and new science'. The only problem was the customer was left to figure out how to move those huge keys around. For the non-crypto folks: this is a pretty big oversight) It was obvious something big was going to happen in security, and in this wild-west period everyone was trying to stake a claim. It was great for the crypto community players. This period was hard on customers though, as they had to make career-defining security decisions without enough solid information.
The years from 2001-2004 settled down a bit. With the collapse of the internet boom, a lot of the noise left the market. Companies settled down and sold good, well planned products that actually solved the current security issues pretty well. It was easier to select a product then. If you needed a VPN, (and you knew you did - the press was doing a reasonably good job too) you could go out and evaluate a dozen compatible VPN servers from a dozen decent companies that all contained sensible crypto. The security industry had come into its own.
Having worked out a sensible model, the next thing, naturally, was to break that model. Security is no-longer a stand-alone feature that companies bolt on to their IT systems. No, security is an integral part of the network, client, OS, and storage system. The latest era has been one of integration and consolidation as IT giants like Cisco, EMC, and Microsoft have made security a core competence and built it into the product.
I observed this shift from the inside at my previous company. Initially, we made the specialty crypto chips and sold them to Cisco and others. Then more players came in to the market. To grow, we had to move upstream and started selling the protocol software that runs the security system. As the market matured, even that business was squeezed. The latest model was to license the crypto chip designs to the big chip makers so they could integrate it into their systems. All the basics a customer needs comes in their network switch now. There is little room left for a pure-play security company in network security.
What is a pure RSA-conference-attending security vendor to do now? What we are seeing at the RSA show these days, is a combination industry maturation and opportunistic marketing. The main players are now IT companies (EMC/RSA, Cisco, Microsoft, CA, IBM, Novell, and Google).
But there is another trend happening: read the blurbs for many of the exhibitors and you might be forgiven for thinking you were looking at an auditor's conference. This is a very typical blurb:
[Company X] delivers enterprise governance, risk and compliance (GRC) solutions. ... [X] enables companies to manage enterprise risks, demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls.
Stuff like this will chill the heart of any security enthusiast. And there are dozens of these compliance-officer-pleasing companies in the market now. This is the opportunistic thing I was telling you about: it sells because of government regulations and fear of lawsuits. Not that the security community has anything against selling on fear, we've done it for a long time, but this seems a long way from security to me. It seems like accounting. In any event, my hat's off to the evil geniuses that figured out they could shift the market and sell this stuff under the guise of security.
So what will this year's show bring? What will be remembered and talked about later? Who knows, I'm heading out to see with a small thrill of anticipation. But you know what I want: The resurgence of weird.
Thursday, February 25, 2010
Who is watching you now?
You've probably heard the recent scandal about a public school near Philadelphia that enabled teachers and administrators to turn on the webcam in school-issued laptops. Apparently, and allegedly, someone used the feature inappropriately and was found out. The kid's family is suing the school in federal court.
These articles summarize the story:
Washington Post
CNN
Arstechnica
Let's be clear that it was not the school's intent to be kiddie voyeurs, but rather to recover the laptops if they went missing. You have to wonder who thought this would be a good system, and who didn't think about the incredibly bad possible consequences. Thinking a little more about it, you know there are other, better, more appropriate systems already available for recovering lost laptops using GPS. Companies like Absolute Software, for example, seem to have a pretty good solution.
Poor decision making aside, the case has really struck a nerve with the press and public. People really value their privacy, and the thought that someone could turn on that little webcam and watch you feels like a violation.
Have you thought about your webcam? How do you know it is not on right now? Oh sure, the little light isn't on, right? That doesn't mean anything, you know. You can go into your camera settings and disable it. A hacker can do the same, allowing him to turn it on and monitor you without your knowledge.
Feel better? Good, just trying to help.
This year 75% of all laptops will ship with webcams. Your next laptop will probably have one too. What can you do about it?
This case interested me because Oculis Labs is all about personal privacy. Our PrivateEye product is designed to stop people from reading your screen. It turns out it has a great side-benefit too: PrivateEye stops other applications from grabbing your webcam and spying on you. That's right: if you want to stop someone turning on your webcam and watching you feed the cat, or whatever, run out right now and install PrivateEye (you can get it here).
Feeling better now? Next question: how do you know your microphone is turned off too?...
These articles summarize the story:
Washington Post
CNN
Arstechnica
Let's be clear that it was not the school's intent to be kiddie voyeurs, but rather to recover the laptops if they went missing. You have to wonder who thought this would be a good system, and who didn't think about the incredibly bad possible consequences. Thinking a little more about it, you know there are other, better, more appropriate systems already available for recovering lost laptops using GPS. Companies like Absolute Software, for example, seem to have a pretty good solution.
Poor decision making aside, the case has really struck a nerve with the press and public. People really value their privacy, and the thought that someone could turn on that little webcam and watch you feels like a violation.
Have you thought about your webcam? How do you know it is not on right now? Oh sure, the little light isn't on, right? That doesn't mean anything, you know. You can go into your camera settings and disable it. A hacker can do the same, allowing him to turn it on and monitor you without your knowledge.
Feel better? Good, just trying to help.
This year 75% of all laptops will ship with webcams. Your next laptop will probably have one too. What can you do about it?
This case interested me because Oculis Labs is all about personal privacy. Our PrivateEye product is designed to stop people from reading your screen. It turns out it has a great side-benefit too: PrivateEye stops other applications from grabbing your webcam and spying on you. That's right: if you want to stop someone turning on your webcam and watching you feed the cat, or whatever, run out right now and install PrivateEye (you can get it here).
Feeling better now? Next question: how do you know your microphone is turned off too?...
Thursday, January 28, 2010
Shoulder Surf for your country
The FBI illegally obtained thousands of Americans' telephone records during the Bush administration. The individuals involved apparently used a variety of methods, often with the cooperation of phone company employees.
NPR recently published the story at http://www.npr.org/templates/story/story.php?storyId=122774614
"They [phone company employees] worked in the FBI building, and agents would do what they called "sneak peeks" — basically, looking over a phone company employee's shoulder to get information from the computer screen without going through any formal channels."
The questions around this report go far and wide. What I wonder is: did everyone know what was going on? I doubt it. I suspect there were some phone co execs who were aware and felt it was the right thing to do, but there were others who would not have been ok with it. Phone companies are big and complicated, and it would be hard for anyone to know what everyone else was up to. Let's just say the guys who were sure it was the right thing to do probably gravitated to a position where they could enable that information sharing.
What really struck me about the report was the realization that we (Oculis) could have stopped these leaks. This "social hack" of letting FBI read the data over the shoulders was used because it was an easy way of subverting the security and audit controls without notice. The info security industry has good solutions for securing data in electronic form, but when it gets to the computer display it's simply broadcast out there for anyone to see.
Oculis is all about solving this problem. We're protecting that last 2 feet in the chain - from the screen to you. With PrivateEye running on those machines it would not have been possible for FBI to simply shoulder-surf the information. There would have been an audit trail, there would have been physical evidence that someone else was looking at company confidential material.
PrivateEye would have stopped the shoulder surfing. The rule-breakers would have had to find another way around, and they probably could, but each additional step increases the chance of detection. At a certain point the rule-breakers would have weighed the risks and decided it would be better to just follow the rules.
If you build a security system for the purpose of protecting information then do it right - don't stop 2 feet short of the goal.
Bill
NPR recently published the story at http://www.npr.org/templates/story/story.php?storyId=122774614
"They [phone company employees] worked in the FBI building, and agents would do what they called "sneak peeks" — basically, looking over a phone company employee's shoulder to get information from the computer screen without going through any formal channels."
The questions around this report go far and wide. What I wonder is: did everyone know what was going on? I doubt it. I suspect there were some phone co execs who were aware and felt it was the right thing to do, but there were others who would not have been ok with it. Phone companies are big and complicated, and it would be hard for anyone to know what everyone else was up to. Let's just say the guys who were sure it was the right thing to do probably gravitated to a position where they could enable that information sharing.
What really struck me about the report was the realization that we (Oculis) could have stopped these leaks. This "social hack" of letting FBI read the data over the shoulders was used because it was an easy way of subverting the security and audit controls without notice. The info security industry has good solutions for securing data in electronic form, but when it gets to the computer display it's simply broadcast out there for anyone to see.
Oculis is all about solving this problem. We're protecting that last 2 feet in the chain - from the screen to you. With PrivateEye running on those machines it would not have been possible for FBI to simply shoulder-surf the information. There would have been an audit trail, there would have been physical evidence that someone else was looking at company confidential material.
PrivateEye would have stopped the shoulder surfing. The rule-breakers would have had to find another way around, and they probably could, but each additional step increases the chance of detection. At a certain point the rule-breakers would have weighed the risks and decided it would be better to just follow the rules.
If you build a security system for the purpose of protecting information then do it right - don't stop 2 feet short of the goal.
Bill
Wednesday, January 27, 2010
Finding a great niche
There's a great big buzz about tablets computers, fanned in particular by the announcement of Apple's iPad today. The idea of a tablet computer is that it does not have a keyboard, or any other peripherals. You simply touch the screen with your finger to point, click, gesture and type. Think of an iPhone, but with a much bigger screen.
I absolutely love them, by the way ... but that is not the point of this post. Oh, and they are great for some kinds of computing, like web browsing and casual note taking and, ... anyway, not the point of the post. What is the relevant is that they have been around for a while and there are several major PC makers already selling them, like Lenovo and HP. They are turning up in places like hospitals for use by professionals there.
Last week I met with executives at one of these bit PC makers to talk about PrivateEye. They are looking at integrating the product right into the platform, which would be great. That's when I found out about the perfect niche for us: You can't put a 3M privacy filter on a tablet. The plastic interferes with the touch screen.
So I am now an even bigger fan of tablets. And touchscreens in general. We learned something really useful in that meeting: There is a whole segment of new systems out there where we can go and the competition can not. Our next task is to start making connections and finding ways to tell buyers that they can still have privacy with that shiny new gizmo.
And maybe I'll need one myself... for testing purposes.
Bill
I absolutely love them, by the way ... but that is not the point of this post. Oh, and they are great for some kinds of computing, like web browsing and casual note taking and, ... anyway, not the point of the post. What is the relevant is that they have been around for a while and there are several major PC makers already selling them, like Lenovo and HP. They are turning up in places like hospitals for use by professionals there.
Last week I met with executives at one of these bit PC makers to talk about PrivateEye. They are looking at integrating the product right into the platform, which would be great. That's when I found out about the perfect niche for us: You can't put a 3M privacy filter on a tablet. The plastic interferes with the touch screen.
So I am now an even bigger fan of tablets. And touchscreens in general. We learned something really useful in that meeting: There is a whole segment of new systems out there where we can go and the competition can not. Our next task is to start making connections and finding ways to tell buyers that they can still have privacy with that shiny new gizmo.
And maybe I'll need one myself... for testing purposes.
Bill
Tuesday, January 26, 2010
Loving the competition
We plan to be big at Oculis Labs. Our PrivateEye product solves a major computer privacy problem that just about everyone who works with proprietary or personal information has felt: is someone looking over my shoulder at my screen right now?
You've probably felt that sense of unease yourself. If so, you're part of that great big market we think will use PrivateEye. Given that you're reading this blog, there's a good chance you are technically interested enough to be an early adopter too. You could go over to the oculislabs.com website right now and download the product (go ahead, I'll wait here...)
The trouble is, not everyone is like you. Many people are happily not reading a tech blog right now. Most have no idea that they could solve the problem with a cool new software application. What they would think about is what you are probably thinking right now: 3M privacy filters.
There, I said it. We have competition, and they are big and well known. It's ok. This proves a $100m annual market for what they are selling. In other words, there's $100m worth of caring-about-that-problem-and-solving-it-with-a-primitive-piece-of-plastic in the world today.
It gets better: how many people have rejected the plastic filter because it is too cumbersome, or not effective, or too expensive? A lot of people have. There's the really big opportunity: finding ways to reach the 120 million new laptops that will ship this year.
Next time I'll tell you about one great niche we've found where we can go.
You've probably felt that sense of unease yourself. If so, you're part of that great big market we think will use PrivateEye. Given that you're reading this blog, there's a good chance you are technically interested enough to be an early adopter too. You could go over to the oculislabs.com website right now and download the product (go ahead, I'll wait here...)
The trouble is, not everyone is like you. Many people are happily not reading a tech blog right now. Most have no idea that they could solve the problem with a cool new software application. What they would think about is what you are probably thinking right now: 3M privacy filters.
There, I said it. We have competition, and they are big and well known. It's ok. This proves a $100m annual market for what they are selling. In other words, there's $100m worth of caring-about-that-problem-and-solving-it-with-a-primitive-piece-of-plastic in the world today.
It gets better: how many people have rejected the plastic filter because it is too cumbersome, or not effective, or too expensive? A lot of people have. There's the really big opportunity: finding ways to reach the 120 million new laptops that will ship this year.
Next time I'll tell you about one great niche we've found where we can go.
Monday, January 25, 2010
Thoughts on growth
Oculis Labs is now entering our third year in operation. It's been a good ride so far, and no-one wants to get off. In fact, we have more people jumping on. I should explain.
When I started the company in 2007 it was just me, some ideas, and the initial investment. I got to work prototyping the ideas, developing patents and making connections with partners and customers.
In 2008 we started getting attention from potential customers and press, but we were still in the development phase as we were trying to get the first product, Chameleon, working and stable. We had 4 engineers and other staff working at that point. Getting Chameleon working was a major effort - no-one had ever tried to combine gazetracking, with vision/cognition research, and Windows OS to make a radical new security application for protecting computer displays against eavesdroppers. In the end, we got it working and it is very impressive.
One thing we learned along the way was that selling to government was going to take a while, so in 2009 we started working on PrivateEye, a privacy application for consumers and enterprise (although it turns out government likes it too). By summer 2009 we had our first commercial release, and got a significant amount of press and customer enthusiasm.
It's one thing to have a good product idea, it is quite another to be in the market and selling it. We are there now, and while we have lots of work to do to make it big, we are on the right track and we're getting deals in both the government space Chameleon, as well as consumer and commercial with PrivateEye.
As we start 2010 we're are planning for more growth. Despite the poor economy for raising venture investment, Oculis has gained the confidence of enough groups to close our Series B round. That puts us into a rare group of small technology companies that has received funding in the past year.
It feels really good. It feels like growth.
Bill
When I started the company in 2007 it was just me, some ideas, and the initial investment. I got to work prototyping the ideas, developing patents and making connections with partners and customers.
In 2008 we started getting attention from potential customers and press, but we were still in the development phase as we were trying to get the first product, Chameleon, working and stable. We had 4 engineers and other staff working at that point. Getting Chameleon working was a major effort - no-one had ever tried to combine gazetracking, with vision/cognition research, and Windows OS to make a radical new security application for protecting computer displays against eavesdroppers. In the end, we got it working and it is very impressive.
One thing we learned along the way was that selling to government was going to take a while, so in 2009 we started working on PrivateEye, a privacy application for consumers and enterprise (although it turns out government likes it too). By summer 2009 we had our first commercial release, and got a significant amount of press and customer enthusiasm.
It's one thing to have a good product idea, it is quite another to be in the market and selling it. We are there now, and while we have lots of work to do to make it big, we are on the right track and we're getting deals in both the government space Chameleon, as well as consumer and commercial with PrivateEye.
As we start 2010 we're are planning for more growth. Despite the poor economy for raising venture investment, Oculis has gained the confidence of enough groups to close our Series B round. That puts us into a rare group of small technology companies that has received funding in the past year.
It feels really good. It feels like growth.
Bill
Subscribe to:
Posts (Atom)
