Finjan: How the Pioneer in Network and Web Security Has Been Driving Innovations to Protect the World’s Web Applications for More Than 20 Years

TL; DR: Deriving its name from the Arabic word for a vessel that protects coffee, Finjan was founded with a mission to safeguard another type of java. In 1996, the company developed its pioneering security software to mitigate threats aimed at the Java programming language. Since its inception, Finjan has evolved into one of the world’s largest providers of online and network security solutions, serving a wide range of markets across the globe. By using a behavior-based approach to detect emerging threats in real time, Finjan’s patented technologies are delivering organizations the peace of mind that their data and mission-critical applications are safe.

Java has undoubtedly become one of the most popular programming languages. Many of us use Java-based applications, like OpenOffice, every day, and even our kids have been exposed to the language through popular PC games such as Minecraft.

Created in 1995, Java immediately caught the attention of Shlomo Touboul, who recognized not only its future potential, but also the inevitable threats to its security. Shortly after its release, Sun Microsystems hosted a competition for aspiring developers to create innovative programs using this new language.

Taking an unconventional approach, Shlomo opted to break into Java to illustrate its vulnerabilities. This behavior-based approach was an entirely new way to assess security at a time when signature-based detection was the standard.

The following year, Shlomo founded Finjan in Israel. Derived from the Arabic term Fingan, the company’s name refers to a type of small coffee cup — a durable vessel built to protect the caffeinated drink. The analogy was straightforward and effective — Shlomo’s company would similarly develop solutions to shield Java-based apps from emergent threats.

Finjan’s Vanessa Winters told us Shlomo Touboul founded the company 20 years ago to protect Java-based applications.

After relocating its headquarters to California in 1997, Finjan received funding from private groups, as well as large corporations such as Cisco. Throughout the 20 years that followed, Finjan would patent a variety of tools and launch several branches, including Finjan Mobile, Finjan Blue, and CybeRisk.

While originally invested in protecting Java, Finjan has since expanded into a massive security company that helps protect a variety of systems. Just as Shlomo surprised Sun Microsystems, Finjan has set the new standard of proactive threat detection.

“Shlomo started creating what we today call behavior-based detection and sandboxing,” said Vanessa Winter, Director of Investor Relations and Corporate Communications. “Some of those coined terms you hear actually originated with his inventions.”

Moving Ahead of the Curve With Behavior-Based Threat Detection

In the late 1990s, the internet was still relatively young, and spam, malware, and malicious attacks were far less prevalent and varied. In the following years, however, an increasing number of threats would emerge, including ransomware — which rapidly gained notoriety in the wake of 2005’s Gpcoder Trojan.

“Back in 1997, it was only about signature-based threat detection,” Vanessa said.

Signature-based detection identifies malicious code according to matches made against a database. While still widely used, this form of detection may fail to catch some of the most devastating and illusive malware, as databases must be frequently updated. Theoretically, if a yet-to-be-identified virus infects a system, a signature-based scanner will not be able to protect it.

Finjan’s revolutionary sandbox approach would prove invaluable in the coming years, setting the stage for some of today’s most effective security software. In its two decades of existence, Finjan has sold some of its technologies while keeping the patents.

“Back 20 years ago, we were well ahead of the curve in what we were doing,” Vanessa said “We installed Finjan software on IBM chassis and we had a very good business going on there. We sold off our hardware to M86 (later known as Trustwave and since purchased by Singapore Telecom), but our technology is still in the market today.”

Putting Security in the Hands of Consumers With Mobile Solutions

After selling a portion of its assets to M86, Finjan entered a non-compete agreement in 2009 that allowed M86 to license some of Finjan’s patents. This started a trend for a number of web security companies to license Finjan’s sandboxing and behavior detection properties.

When the non-compete ran out in 2015, Finjan re-emerged to launch a variety of smaller companies, including CybeRisk and Finjan Mobile.

“Finjan Mobile is where we’re spending the bulk of our investment now,” Vanessa said. “Finjan Mobile is essentially taking our enterprise-level tech and putting it in the hands of consumers.”

Among Finjan Mobile’s most prominent projects is VitalSecurity VPN, an integrated VPN for mobile platforms. The VPN — which protects user data and features an enhanced browser — is compatible with iOS, Android, Windows, and Mac.

“There are several iterations and versions that have been released, but the most recent one is a highly attractive browser with an integrated VPN,” Vanessa said. “We entered a partnership with Avira where we used its VPN in our browser. It’s a threat-detection browser that warns users.”

When users visit suspicious sites, they are alerted regarding the possibilities of data collection and the presence of malware.

“It’s basically scanning on every site a user goes to,” Vanessa said.

In addition, users have the ability to turn off geotracking and other potential sources for ad-based data collection.

Bringing Peace of Mind to End Users Through Patented Technology

Despite being tied up in non-compete contracts for six years, Finjan’s technology has been very much alive throughout its entire lifespan.

“There’ve been a lot of new companies entering the market, and we were still in the market licensing, so we kept up to date,” Vanessa said.

With the 2011 signing of the America Invents Act, several web security patents have been challenged or dissolved. According to Vanessa, 80% of the patent challenges imposed on Finjan never make it to the Patent Trial Appeal Board and the 20% that do get shot down 99% of the time.

To date, Finjan has only ever lost a single claim, which has minimal impact on the company, as multiple claims can be tied to a single patent.

“Fortunately, our patents have proven time and time again to be valid,” Vanessa said.

Despite facing patent challenges, Finjan’s unique approach to threat detection has stood the test of time, powering numerous security campaigns. Finjan’s current licensing model is royalty-based — companies are allowed to use Finjan’s code and tools as long as dues are paid.

“Any company that’s talking about behavior-based threat detection or sandboxing is using our technology, so there are certainly a lot of folks using it out there,” Vanessa said. “Beyond paying royalties, they have the ability to use our technology and play in the market, as long as we’re both aware of what they’re doing.”

Although many of these tools may not feature the name Finjan, they still use its groundbreaking detection methods to bring peace of mind to end users across the globe.

Combating Threats With a Close-Knit Team of Innovators

Finjan’s general attitude toward threat detection and security innovation is a reflection of Shlomo’s out-of-the-box thinking when he managed to impress Sun Microsystems back in 1996. For more than two decades, Finjan has been combating online crime by getting into the heads of those attempting to break and poke holes in otherwise stable code.

With most of its technological development in the past, Finjan now focuses on building up its various subsidiaries, including CybeRisk, Finjan Blue, and Finjan Mobile. CybeRisk provides security advisory services on a global scale, while Finjan Blue is the company’s attempt to partner with IBM for future patents and development projects.

Finjan’s modern approach takes a special focus on mobile security. When smartphones first emerged, the concept of antivirus apps was relatively unheard of. In more recent years, however, criminals have been able to exploit vulnerabilities in popular apps for companies like Facebook and Starbucks — stealing login information and even credit card numbers.

“The key thing we want to do is educate consumers and let them know what’s happening on their mobile phones, as a lot of folks are not aware,” Vanessa said.

The massive popularity of indie-developed apps further increases this risk, as less experienced developers may be unaware of the vulnerabilities lurking in their software packages.

A long-standing innovator, Finjan managed to change the face of web security forever.

“We want folks to recognize that we are an innovator with a big history in the market, and our purpose right now is educating them on who we are and what we’re about,” Vanessa said.

Today, Finjan is run by a small team of passionate technology enthusiasts. Vanessa cites the close-knit nature of the company as a major factor in its success. And she told us the passion for innovation that inspired Shlomo is the same passion that drives Finjan’s staff today.

ABOUT THE AUTHOR
Sean Garrity

Sean Garrity is a Contributing Editor at HostingAdvice with more than 10 years of experience researching, writing, and editing for numerous industry-specific publications. His goal is to help inform stakeholders about the latest trends and technologies in the hosting industry. When he isn’t wrapped up reading about the latest high-tech solution for hosters, you can find Sean connecting with experts to better understand and present topics that are of interest to the hosting community.