The annual Innovation Sandbox event at RSA Conference is an event intended to demonstrate the new technology coming into the cybersecurity industry, giving a platform to the top companies who enter and crowning a winning entry.
Selected by a judging panel of CISOs, investors and security veterans, the 10 companies presented for three minutes each in an aim to win the coveted prize of Innovation Sandbox winner, and stand alongside former winners including Sourcefire, Waratek and Phantom Cyber.
Infosecurity was among the large crowd at the conference in San Francisco, and the following companies were pitching:
First up was WireWheel, and presenting was founder and CEO Justin Antonipillai. He described it as “helping with privacy” as it is built on pillars of what personal data is being collected; where data is stored; who you’re sharing with and where it is processed. It works by “plugging into the data store or IaaS and finding the term.”
This was a good start, with a focus on privacy and visibility, and in dealing with the Big Data problem.
Next up was ShiftLeft, and presenting was CEO Manish Gupta. He said that with more code there is a larger attack surface, and more tools are needed to detect. Describing it as “Google Maps for source code” it can apparently find business logic flaws.
It didn’t really feel like the main USP of the company came across very well, and the omission of DevOps was surprising, although the judges’ questions did mention the patch management advancement feature.
Next was Salt, and presenting was CEO and co-founder, Roey Eliyahu. He began by pointing out the problem with “APIs everywhere, and breaches because of them.” To deal with this, Salt patented technology to identify and prevent it using AI.
Next up was Eclypsium, and presenting was CEO and founder Yuriy Bulygin. He began by asking the audience how well they know their device. Stressing the components that run the code which can be part of the attack surface, and that is where control has been lost – with attacks against the firmware.
The critics will point to the recent Bloomberg story, as it is a focus on compromised components. However, patching has been addressed already, and it seems the case that patching doesn’t work so maybe a firmware patch management solution could prove to be popular.
Next up was Duality Technologies, and presenting was CEO and co-founder Alon Kaufman. He talked about “homomorphic encryption” to extract value from data, “and use AI and ML for it, but security and privacy concerns are caused” and despite the need to collaborate and share, trust has been broken.
He said that the machine learning is done on encrypted data and by doing this, it has “broken the practicality barrier.” This was another presentation which was to the point, and talked about machine learning on encrypted data – and getting value from data. It’s an interesting proposition, and may be popular in these times of data visibility.
Next up was Disrupt Ops, and presenting was CEO Jody Brazil. The technology presents “policy guardrails” as the cloud allows applications to be built and deployed faster, which can lead to “overwhelming complexity” as if there is one misconfiguration, “it is impossible to reconfigure manually.”
He said that best practice benchmarks on what should be in place are provided, and unlike some of its competitors, the technology “finds and fixes problems.” Cloud has not been a trend so far this year, and the executive team and the angle around misconfiguration could be a strong message for this company.
Next up was CloudKnox, and presenting was CEO and founder Balaji Parimi. The message here was automation, and he pointed at the VFemail case as a fail point. He said that this sort of thing could have been prevented, as the root problem is using “30-year-old roles with privileges” and controlling is impossible to do manually.
He said that automation is used to provide “fine visibility into who touched the infrastructure and what did they do.”
Privilege management continues to be a problem for businesses, and this is another approach to it so it is hard to see where there is a need for something else in this space. Then again, there continues to be a problem, so maybe something more usable is needed.
Next up was Capsule 8, and presenting was co-founder and CEO John Viega. Very much taking the hacker style with a technology described as “built by black hats for black hats,” he said that a “horrible job” has been done in protecting Linux and as a result, operations are “drowning in data” and investing in automation “doesn’t fix the problem of fixing data source.”
He said that Capsule 8 is about “improving data quality and preventing attacks, depending on where it is” and the mission is to bring operations and security together “in harmony” with a single, safe attack protection solution for Linux.
John was fast out of the box here, with a strongly delivered message around the concept of what is wrong and how it is being fixed.
Next up was Axonius, and presenting was CMO Nathan Burke. Describing the company’s concept of asset management as “solving the least sexy part of cybersecurity,” he said that time is spent on discovering what assets you have, who owns them and how secure they are.
“Ask the security team and they don’t know and you’ll get different numbers, with more solutions it is harder to get basic questions answered and asset management became unsexy,” he said.
The final company was Arkose Labs, and presenting was CEO and founder Kevin Gosschalk. Beginning with a Sun Tzu quote, he said that security “has been compromised at a grand scale” and it’s technology is around preventing fraud, brute forcing and spam “as nine out of 10 login attacks use this technique; if you break the reason to attack you’ve won.”
He described this as “next generation” fraud prevention as it uses a series of models and trials that machines cannot recognize.
So that was the top 10 for 2019, and the judges announced the winner as Axonius. Congratulations to them, and we look forward to them making asset management sexy again!