17 Apr London Security Incubator, CyLon, Selects First Cohort

The CyLon London incubator was announced back in January, billing itself as Europe’s first dedicated cyber-security accelerator. At the time it said it was expecting to select about 10 startups in its first intake. In the event it’s gone for six for its first 12-week program, announcing the team list today.

The not-for-profit incubator is not disclosing how many applications it received in total for, with Alex van Someren of Amadeus Capital Partners, one of the CyLon co-founders, saying only that it received “a lot” of applications, and has focused on “quality not quantity”.

The selected startups cover a mix of security areas, including mobile behavioral biometric authentication, a BYOD b2b solution relying on sandboxing to reduce risk, and cyber-attack risk assessment and attack simulation products. (See below for details on all six startups.)

The CyLon program does not take equity in any of the selected startups, with the £5,000 per founder living allowance that goes to selected teams provided by program sponsors. (Sponsors include Amadeus and Epsilon; global hedge fund Winton, and international law firms Freshfields Bruckhaus Deringer; and Fried, Frank, Harris, Shriver & Jacobson.)

Despite only selecting six teams, CyLon’s extra office space is not going begging — with two established security companies, Ripjar and SQR Systems, being invited and choosing to base themselves in the West London co-working space, alongside the selected entrepreneurs.

Regarding inviting two established companies to join the co-working space, van Someren noted: “There are no strict limits on when people move out. We are building a community here so it’s important that we can be flexible.”

The demo day for the six-strong cohort is pegged for mid-July. CyLon will also open applications for its second program, due to commence in Q4 this year, in the summer.

Here’s the list of inaugural startups, with their in-their-own-words descriptions:

• AimBrain: Mobile behavioural biometrics software framework: a seamless security layer which tracks how users interact with their device.
• Cyber Defence Technologies: A BYOD solution which creates a separate and secure environment on personal mobile devices to be managed by the employer.
• Cyberlytic: Real-time risk assessment of cyber-attacks to help security teams triage alerts and reduce response times from days to minutes.
• Intruder: Mirrors the activities of cyber attackers without the noise produced by vulnerability scanners and penetration test companies. Helping companies find the needle, not the haystack.
• Mentat Innovations: Machine learning in motion: scalable, robust, autonomous intelligence for detecting anomalous behaviour through metadata processing in the Internet of Everything.
• Ruuta: A social router that solves the everyday problems people have with their Internet boxes.

Security vs surveillance

Such comments are more than a little ironic, given the role government intelligence agencies have been shown to play in undermining data privacy — and arguably digital security generally — via dragnet surveillance programs which harvest data via commercial services and by tapping into the Internet backbone, as revealed by documents released by NSA whistleblower Edward Snowden.

Last fall Snowden specifically attacked the “anything goes” privacy intrusions of the U.K. intelligence agencies, saying: “There are really no limits on their capabilities. What they do is they collect everything that might be interesting to them — which includes basically a five year backlog of all the activities of citizens in the U.K., for example by the collection of their metadata records, which is who they call, the locations that they travel where their cell phones are associated with towers.”

Early this year the U.K.’s judicial oversight body for the domestic intelligence agencies also ruled that data-sharing agreements between GCHQ and the NSA had been illegal in the past, on the grounds that they breached European human rights law.

In his outgoing speech as GCHQ director Lobban defended GCHQ’s record, saying at the time: “Today, of all the communications out there globally – the emails, the texts, the images – only a small percentage are within reach of our sensors. Of that, we only intercept a small percentage; of that, we only store a minuscule percentage for a limited period of time; of that, only a small percentage is ever viewed or listened to.”

The current U.K. Prime Minister David Cameron has taken a hawkish stance on digital surveillance program in recent times, apparently calling for a ban on strong encryption at the start of this year. “Are we going to allow a means of communication between people which even in extremis, with a signed warrant from the Home Secretary personally, that we cannot read? No we must not,” Cameron said in January, in an apparent bid to apply more pressure to Internet companies to perforate their own security systems in the name of counter-terrorism espionage.

All of which is to say that U.K.-based security startups have to tackle all the usual entrepreneurial challenges, plus some additional hard political problems pushed onto their plate by the military-industrial-surveillance-complex in which they are forced to operate. The security space generally requires a greater level of user trust than many other technology areas — trust which risks being systematically undermined by government tracking activities.

Unless of course you’re making it your business to try to bolster government intelligence efforts. Earlier this year the U.K. Chancellor George Osborne said GCHQ would be investing £3 billion over nine years to develop what he dubbed “the next stage of national cyber intelligence” — working with “hundreds of small businesses” and recruiting “hundreds of new cyber specialists” as part of that process. It’s that taxpayer-funded cash that some of CyLon’s budding entrepreneurs may well have their eye on.