Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Innovation

    Entrepreneurs Drive Cybersecurity’s Future at RSA Conference

    By
    eWEEK EDITORS
    -
    March 4, 2020
    Share
    Facebook
    Twitter
    Linkedin
      RSAC2020.Sandbox

      By Paul M. Shomo

      SAN FRANCISCO—At last week’s RSA Conference in the Moscone Center here, a talented group of entrepreneurs battled on stage in a “Shark Tank”-style competition. Ten finalists performed three-minute presentations and survived three minutes of intense Q&A, all hoping to be named the best of the best by the titans of cybersecurity venture capital.

      Pay attention: The trends in this pipeline of incubation will affect us for years to come.

      This year brought a colorful field of entrepreneurs, including a DARPA competition winner, an iconic game developer and a former Innovation Sandbox finalist who made it back to the finals yet again, but with his latest startup.

      Privacy and Compliance Vendor SECURITI.ai Wins!

      Before the winner was announced, the consensus was that these were the strongest competitors yet. The judges emphasized the difficulty of picking only one, but SECURITI.ai ultimately took the crown.

      A leader in AI-powered PrivacyOps, SECURITI.ai automates privacy compliance with “people data graphs” and robotic automation. SECURITI.ai enables enterprises to take control of data rights, comply with regulations and build trust with customers.

      Everyone was a winner. History has shown that finalists are all showered with funding, and many will be acquired. These 10 finalists represent the future of cybersecurity and center around three trends.

      Trend 1: Organizations Have Many SaaS Assets That Need Defending

      Ninety-nine percent of cloud security failures through 2025 will be the customer’s fault, according to Gartner Research. Several finalists represented a new category of cloud security posture management (CSPM) and focused on securing an organization’s many SaaS assets.

      • Obsidian Security’s founders were former CTOs of Carbon Black and Cylance. Their latest venture delivers cloud detection and response across many SaaS assets. It leverages APIs for visibility into applications, users and data. The result is advanced threat detection, breach remediation and SaaS hardening.

      Their connection to Cylance was interesting because Cylance’s file heuristics were one of AI/ML’s biggest success stories. Obsidian leadership sounded more like veteran data scientists than buzzword merchants. They embraced a variety of approaches and spoke about building AI/ML’s foundation with curated data sets.

      • AppOmni was the youngest finalist, having been founded in 2018. AppOmni secures SaaS solutions by providing visibility and uses API scanning, security controls and configuration settings.

      Perhaps the first contentious moment was when judges goaded AppOmni into saying why they believed themselves superior to Obsidian Security. AppOmni retorted that the market demands protection, not just a “breach notification solution.”

      Trend 2: Everyone Is Developing Code; It’s Now the Largest Attack Surface

      Even the most analog-heavy companies have become software companies. Everyone builds customer portals, apps and APIs, and automation is changing the workforce. Cybersecurity has “shifted left” to secure this code.

      • Blu Bracket’s founders made history by returning to the finals with a second startup. Their latest venture focuses on preventing code theft. Heavy on Git technology, Blue Bracket discovers a customer’s code locally and across the web, rates risk and blocks egress points. It’s kind of like a data loss prevention (DLP) technology for code.
      • ForAllSecure’s next-generation fuzzing technology previously won the DARPA Cyber Grand Challenge competition. Fuzzing solutions generate inputs to locate vulnerabilities, but ForAllSecure adds CPU emulation to analyze the executable code being fuzzed. This approach detects more vulnerabilities and allows testing in-house code as well as third-party executables. In demand by governments, ForAllSecure claimed their results are “so actionable, they’re often deemed classified.”
      • Tala Security has built one of the first client-side Web Application Firewalls (WAFs). Its educational pitch highlighted the web’s least-protected attack surface: the browser runtime environment. JavaScript powers the modern web, and Tala explained that 60% of JavaScript executing in the browser originates from third-party tags.

      This third-party code is usually included by marketing teams without oversight, and compromised JavaScript can steal sensitive data from within the browser. The browser has runtime controls, but they’re not well-understood by developers. Tala’s engine analyzes web application code and leverages these controls to block client-side attacks.

      • Sqreen: Sqreen is an application security platform that protects, observes and tests software. As opposed to static code analysis products, Sqreen is a Runtime Application Self Protection (RASP) product that deploys alongside vulnerable applications. Its “security mesh” technology combines RASP and WAF functionality to analyze the full context of attacks on web applications.

      Trend 3: The Human Element

      The theme of RSA Conference 2020 was the human element. SECURITI.ai took the crown by servicing the human need for privacy. The remaining finalists centered around both the human as an attack surface and aiding analysts with backlogged vulnerabilities.

      • Elevate Security had this year’s only female founder and an all-female board. A security awareness training startup, Elevate focuses on affecting employees’ behaviors through feedback. Elevate scores employee risk based on their actions, reporting trends and even providing options to rate employees against their peers. At the core of their approach are behavioral science techniques used to nudge people into better habits.

      Elevate provides a novel approach to a hot category; the judges’ only concern was the market size.

      • INKY Technology founder Dave Baggett was one of the original co-developers of the iconic gaming franchise Crash Bandicoot. INKY Technology renders email, then uses AI-based computer vision to see its apparent origin as humans do. Its technology analyzes this alongside hidden metadata to reveal when an email is actually a phish.

      Cybersecurity is an arms race where countermeasures represent a continual cat and mouse game. Perhaps because they were initially judge-shamed for being too nice, the panel threw INKY a ringer during the Q&A. So what happens when bad actors change their attack vector?

      • Vulcan Cyber is a vulnerability detection, remediation and orchestration platform. After receiving on-stage praise for their Star Trek-themed name, one judge became cynical. Would a market with billions of daily security alerts want to hear about more vulnerabilities?

      Yet Vulcan Cyber does more than detect vulnerabilities; it focuses on reducing the human burden. Most of the industry’s vulnerabilities aren’t actionable or interesting. Vulcan’s core IP is a vulnerability database that not only prioritizes risk but has millions of orchestration solutions and even provides scripts.

      Conclusion

      Innovation Sandbox delivered yet again. Here’s where conference attendees can cut through all the noise and see where cybersecurity is heading.

      Companies have turned their data over to SaaS vendors, and increasingly an organization’s business value sits in its own codebase. Innovation Sandbox highlighted novel approaches to defend both attack surfaces.

      Paul Shomo is an occasional contributor to eWEEK and an independent analyst. He was one of the engineering and product leaders behind the forensics and incident response product, EnCase.

      eWEEK EDITORS
      eWeek editors publish top thought leaders and leading experts in emerging technology across a wide variety of Enterprise B2B sectors. Our focus is providing actionable information for today’s technology decision makers.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×