Innovation Sandbox Roundup: How the Top Ten Finalists Hope to Impact Change in Cybersecurity


Posted on by RSAC Editorial Team

As the ten finalists gathered to compete for the coveted “Most Innovative Startup” title at this year’s RSA Conference Innovation Sandbox competition, it was clear from the different technologies on display, each designed to solve complex security and risk problems, the multi-dimensional layers and challenges our industry faces every day. While Apiiro took the top prize, there is no doubt we will be hearing more great things coming from all of these innovative companies. A roundup of the presentations delivered by the top ten finalists is below.

Apiiro is looking to reinvent the secure development lifecycle by making security and risk visible in a single view from design to code to cloud. “Organizations are being held back because DevSecOps, cloud security and risk management tools lack understanding of risk” across the entire development lifecycle, noted CEO Idan Plotnik. This failure, he continued, is partly attributed to the fact there is only one security architect to 159 developers who are all making multiple changes a day. “Expecting a security architect to review hundreds of changes a day and decide which are risky is asking the impossible.”

Abnormal Security is a cloud-native email security platform that leverages behavioral intelligence to stop advanced email attacks. Abnormal Security builds behavioral profiles using identity, relationships and content to baseline normal behavior and then uses behavioral anomaly detection to stop attacks. In his pitch, Reiser pointed to recent events to show the importance of their solution: “Similar to SolarWinds, if you look at the true source of the Colonial Pipeline attack, it all started with a spear-phishing email.”  Abnormal Security takes a different approach to email security as they integrate directly with the Microsoft 365 platform and not the network gateway. 

Axis Security was created to solve the access problem. “Access is broken,” CEO Dor Knafo stated. “We have ended up with too much complexity and excessive access.” With their Secure Access as a Service solution, Axis enables organizations to have to manage only a single policy, regardless of whether a user goes to on-premises or the cloud.

As organizations look to enrich their machine learning capabilities using third-party data, protecting the privacy of that data often creates limitations. “Organizations that want to share and collaborate on data between departments and across companies are boxed in by competitive and legal red tape,” noted Ché Wijesinghe, CEO of Cape Privacy. Cape Privacy seeks to remove that barrier by offering an encrypted platform that allows data scientists within and across organizations to share and collaborate to improve machine learning models.

With account takeover fraud expected to reach $30 billion in three years, Ari Jacoby, CEO of Deduce, declared, “It’s a great time to be a fraudster.” Deduce offers one of the largest real-time identity networks, with over 150,000 sites and one billion authenticated user events a day, to help organizations enrich their authentication decisions and compensate for what they refer to as “data poverty.”

Open Raven helps organizations gain visibility into data in the cloud. “The singular focus of Open Raven is to restore the visibility and control security teams need to keep data safe at modern speed and scale,” said CEO Dave Cole. The Open Raven platform focuses on protecting the massive amounts of data at rest by auto-locating data stores that are often forgotten and inventorying and classifying data that is increasing business risk.

Satori is a DataSecOps solution focused on addressing one of the most complex security and compliance risks associated with the modern data infrastructure: how to streamline access to data. “Today, data is exploding into multiple clouds, lakes and warehouses, and data science and analytics are being integrated into almost every domain,” explained Eldad Chai, CEO. Satori sits in between the users who access data and data stores to provide full data flow visibility universally across all data stores.

Strata is an identity orchestration platform focused on solving the problem of making identity work across multiple clouds and identity systems by delivering identity to apps exactly as they need it. Their patented Strata platform serves as an abstraction layer that integrates heterogeneous identity management systems to make multiple policies, APIs and sessions work as one. “Most enterprises have at least three clouds, all with their own identity systems,” noted Chief Product Officer Eric Leach. This is not sustainable. As Leach stated, “Rewriting your apps to work with an identity system is expensive and complex.”

Wabbi is a SecDevOps infrastructure platform that integrates with existing tools to centralize and orchestrate security in the application development process through automation. “Enterprises are drowning in application security data without any information,” explained CEO Brittany Greenfield. “We help to facilitate the contract between development and security about what’s tolerable and what standards each project needs to meet.” 

Wiz offers a unique approach to cloud infrastructure security by performing a full vulnerability assessment across the entire cloud environment to help organizations identify and prioritize the attack vectors that are putting them at most risk. “Cloud security is rarely the result of one single vulnerability or misconfiguration,” said Yinon Costica, VP of Product. “It is the result of multiple problems that are interrelated, and this is what attackers are actually exploiting.”

Contributors
RSAC Editorial Team

Editorial, RSA Conference

RSAC Insights Innovation & Startups

hackers & threats

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community