RSA's Innovation Sandbox Reveals Next Set of Hot Security Startups

Innovation Sandbox allows RSA conference attendees a peek at incubating technology that may impact the careers of many future security professionals.


RSA Security's annual conference, staged last month at Moscone Center in San Francisco, is the largest of its kind in the world. The Innovation Sandbox it hosts each year is the closest thing to a "Shark Tank"-style reality TV show for cybersecurity startups, and it is always a popular subset of the main event.

The Sandbox provides a barometer for trendy security approaches. Attendees watch 10 entrepreneurs pitching their wares on a 3-minute clock before a large audience and panel of tough judges, and it is entertaining. More importantly, Innovation Sandbox allows conference attendees a peek at incubating technology that may impact the careers of many future security professionals.

Paul Shomo, a senior technical manager at Guidance Software, was one of the professional observers at this year's event. He first joined Guidance's new product research group in 2006, which launched the industry's first incident-response solution. For several years, he managed and designed cybersecurity and forensic products, and now works on cybersecurity strategy, partner integrations, and manages a research grant with CalTech to study machine learning in cybersecurity.

He offered eWEEK some observations about the startups selected to present at the Sandbox at the 2017 RSA event. The following is an adaptation of his account of the competition.

UnifyID Takes Home the Crown

This year, the futuristic authentication technology built by the San Francisco startup UnifyID took home the 2017 championship.

UnifyID transforms the way users authenticate themselves, addressing a longtime industry weakness by taking multi-factor authentication to new levels. In addition to the antiquated passwords, UnifyID factors in GPS information on mobile devices and wearables, and it even uses video to examine a person's gait or signature walk.

Many of this year's other products attempt to head off data theft through encryption and authentication. Almost all of the neophytes touted products powered by data science and advanced math; few left out machine learning, graph theory or a yet untapped encryption algorithm.

Along with the pedigree of founders and backers, it was common to hear the credentials of academics from Berkeley or MIT, or former NSA scientists mixing up the mathematical ingredients.

A handful of encryption vendors attempt to encrypt data, and keep it encrypted, even during usage. Runner-up EN/VEIL, of Fulton, Md., employs a patented homomorphic encryption which allows data to remain encrypted during use.

Encryption at Rest is a Trend

Baffle also focuses on encrypting at rest and in process, specializing in SQL. Santa Clara, Calif.-based Baffle's Ameesh Divatia explained the company's relevance by explaining that only 4 percent of stolen records in the past year's breaches were encrypted.

Detection and response make up the backbone of the security industry. New York City-based newcomer Uplevel ingests threat intelligence, SIEM and netflow data, then detects threats by applying machine learning, analyst rules and hidden relations discovered with graph analysis.

New York's Claroty secures industrial architectures, IoT devices and nuclear power plants. It already claims multiple seven-figure sales and boldly states that "when critical infrastructure is disrupted, the world doesn't work."

The cloud is also a major focus of competitors at the innovation Sandbox. Belmont, Mass.-based GreatHorn enables detection and response for incidents around cloud services such as Microsoft 360 and Slack. It employs automated policy configurations and response playbooks to battle social engineering and phishing attacks.

Cloud Access Security Broker (CASB) products implement policy enforcement between organizations and cloud service providers, but multiple upstarts are building the next generation.

For example, Menlo Park, Calif.-based Red Lock manages cloud workloads created and destroyed each day and scores risk. Tel Aviv-based Cato Networks replaces CASB products with a software-defined and cloud-based enterprise network, claiming a "vertically integrated, Apple-like experience."

Check back in a year or two years' time and see if any of these companies have moved into the mainstream of IT security.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...