Small companies at a Stanford University conference showcased new computer network defenses for potential partners

John Stewart, Cisco Systems' chief security officer, spent St. Patrick's Day looking for cybersecurity innovations. Technology companies that include Cisco (CSCO), Oracle (ORCL), and eBay's (EBAY) PayPal division descended on Stanford University on Mar. 17 for a conference designed to introduce security startups to industry and government officials. Computer network gear maker Cisco was scouting out small technology companies whose products can help steel its own network against what Stewart says has been a barrage of attempted hacking attacks. Small computer security companies with compelling technology are becoming harder to find because venture capitalists are investing less in security software companies, according to Stewart. "I'm very unsettled by the innovation stall," he says. Computer security experts at the conference, staged by the Security Innovation Network, said that it's nearly impossible to stop hackers from gaining access to corporate networks. Companies can mitigate the damage by identifying the most critical information in their networks and defending the systems that house that data. Among startups attending the conference were Skybox Security and RedSeal Systems, which make software that help companies identify where they might be most vulnerable to attacks. Solera Networks' software can help companies dissect an attack and figure out if important information was stolen. Software from Skybox Security looks at how companies can be attacked and which parts of their networks may be most vulnerable. Only a small percentage of vulnerable points in corporate networks can actually be exploited by hackers, says Skybox Chief Executive Gidi Cohen. "It's important to know which ones can lead to serious attack," he says. Hackers' target: software source code

Solera Networks' software analyzes large amounts of data about companies' network traffic so as to help customers determine which information may have been pilfered during a cyberattack. The software can help companies determine whether cyber thieves got away with credit-card numbers or intellectual property, says Chief Executive Stephen Shillingford. The need for new tools to combat cybercrime is growing more urgent as the number of attacks grows. Cisco's Stewart says hackers are trying to break into Cisco's network more frequently and via more sophisticated means. Google (GOOG) disclosed in January that hackers based in China were responsible for an attack on its networks and those of more than 30 other companies. The hackers were looking for software source code, according to a March white paper from security software vendor McAfee (MFE). The code can contain important intellectual property. "The intent is to go purely after the heart of the organization," said Stuart McClure, a senior vice-president at McAfee, at the Stanford conference. One challenge for companies is to balance tight security with allowing employees to access the data they need to do their jobs. Companies must pay special heed as to which information can safely reside in software delivered over the Internet by an outside vendor and which data requires stricter levels of security, says Patricia Titus, chief information security officer of Unisys' (UIS) federal systems division. "We have to get out of the mindset of protecting everything," Titus says. Large companies likely won't find a cure-all for their security concerns solely by scouting interesting startups. But small companies' technologies can provide fresh tools to fend off hackers. "It's annoying to wake up and constantly play defense," Cisco's Stewart says. "I want to be able to say: 'Enough is enough.'"