#RSAC: Innovation Sandbox Presents Ten of the Best

Written by

Every year at RSA Conference in San Francisco, an event is held on the Monday to name the "most inovative start-up".

Named the ‘Innovation Sandbox’, the process sees vendors enter and be reduced down to a final ten, who get the pleasure of presenting three minute pitches to a panel of judges. Previous winners include  Sourcefire, Imperva and Appthority.

This year’s final ten was described by conference curator Hugh Thompson as “the best crop” of vendors it had ever seen, and a celebration on diversity in technology. “Anyone who says security is not innovating, I challenge them to say this after this afternoon,” he said.

In the room in which this is taking place, opposite the south expo hall that will open its doors after the afternoon, the audience take the seats in the centre while the ten finalists line the sides of the room.

The judges are introduced as: Renee Guttmann-Stark, Asheem Chandra, Gerhard Eschelbeck, Patrick Heim and Paul Kocher, and the ten finalists take the stage one at a time. In the unenviable first position is Versa Networks, with the presentation done by CEO and Co-Founder Kumar Mehta.

His proposition is to “transform and secure branch networks” by taking a plethora of proprietary appliances, and virtualising them to increase agility without large technical knowledge to manage it. “Get off separate devices and get a holistic view.”

How ready branches? Adoption of cloud apps and want direct access and see better user experience of apps and security in branches if manage in a proper manner and don’t need CISO to manage it.

First up never easy, and Kumar looks nervous in front of this audience and runs out of time. However he addresses something worth knowing that is unique in today’s offering.

Second is Vera, led by CEO and Founder Ajay Arora. He says in a world where we control data, how do you kill access if it falls into the wrong hands. “That exists today as we do it,” he says. “We allow users to control data where it travels, collapse the perimeter and layer controls on and leverage SAML, OAUTH and once data is in hands, we can control what to do and grant access.”

This sounds familiar to technology offered by Varonis and Watchdox (acquired by BlackBerry). The premise is once the data leaves the owner, it can be tracked to a granular level in real time. There is no change in behaviour, and no agents required. Arora delivers a much more confident speech which gets to the point, and answers the judges’ questions concisely.

Third up is Art Gilliland, formerly at HP and Symantec, and now CEO of Skyport Systems. He claimed that architecture is falling as “we focus on eliminating the gap between security and performance”. Skyport have built a converged system between the application for micro-segmentation through the DMZ and no need for agents to manage. This apparently offers “complete visibility into the application’s actions”.

For me Gilliland took a while to get to the point, and I left this still not really sure what they do. He claimed that they have invented a way to remove security enforcement from compute, so there are fewer impacts upon performance if policy is enforced.

Next is Guy Bejerano, CEO and co-founder of SafeBreach. The technology simulates breach methods across the kill chain, and understands the gaps to do it continuously and prevent a breach before it happens. “Simulators play war games in pairs and if do full breach scenario, attacker can do the same, and can choose where mitigate.”

This was probably the most unique presentation of a product so far today, although I was unsure if it was an on-premise tool, or a managed service?

At the halfway point was Gene Stevens, CTO and co-founder Protectwise. He led with the problem of too few professionals and an increasing threat, so it created a detection/visibility/response platform to record everything. “We start with full packet recording for an unlimited amount of time, and on top of that added a time machine for threat detection for real time analysis for an unknown and rich set of APIs.”

Stevens’ presentation was very fast paced and he ran out of time. He called it an “audacious solution” and my feeling is all data in one place in the cloud is a dangerous position to be in. get stumped on question on collecting data, but says tells story on position.

Next up was Kunal Anand, Co-founder and CTO of Prevoty. He said that if you rely on pattern matching, how do you know what to do with the software, and how can you be sure if malicious bits are added? Its tool Langsec relies on pattern matching, but is 30 times faster.

I left this not very clear on what it does, or how it works. He talked about SQL and MySQL and about building grammar support for each database and what goes on inside an application, but my thought was how open will cloud apps be to this?

Next was former Sourcefire SVP and now founder and CEO of Phantom, Oliver Friedrichs. He said that of the 551 vendors here, a typical enterprise has 50 and nothing inter-operates. “We solve it with connected layered tissue and bring open and orchestrated security platform.”

Apart from connecting and automation, this seemed a little short on context and solution. Playbooks were mentioned, but it seems like it was skated over too fast to get any real detail.

The eighth presentation came from Amir Ben-Efraim, CEO of Menlo Security. This company offers a cloud-based isolation agent that works on all devices and does not malware reach an endpoint. “It runs in a virtual machine and send composition to any user device.” For a pretty good solution that I was familiar with, this presentation ran under the three minutes and there was a little too much thought-based reference.

Penultimately was Shlomo Touboul, CEO of Illusive Networks. His seemed to be about a sandbox system, where you snare attackers with deceptions and detect them in three steps – no false positives, minimal IT overheard, and an agentless solution. “Get full perspective and when penetrate, collect data and report on it and we fool attacker with deception.”

The question was asked by the judges if this was about honeypots, but Touboul played this down so I was left a bit confused on what the offer was. It seemed like a sandbox, and I was unsure of the platform but there was a good message behind it.

The final presentation was by Chris Risley, CEO of Bastille. This was the only offer on IoT, which Risley said is vulnerable as it is not battle hardened and all protocols have been hacked. “We combine software sensors for full situational awareness for IoT and airspace” and a focus on spotting data center vulnerabilities. Risley ran out of time mid-case study, but this was a unique offering.

So those were the ten presentations and at the time of writing, the judges are deciding the winner. I’ll update this with the winner announcement, but if I were to stake a winner, then I’d pick SafeBreach for its unique offering. We’ll see if the judges agree.

UPDATE - The winner was announced as Phantom, meaning that this is the second time that Oliver Friedrichs was working for a winning vendor. Congratulations to them,  and we look forward to hearing more about them, and the other finalists throughout 2016.

What’s hot on Infosecurity Magazine?