Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Big Data and Analytics
    • Big Data and Analytics
    • Cloud
    • Cybersecurity
    • Innovation

    RSA Innovation Sandbox Opens a Portal into Cybersecurity’s Future

    By
    CHRIS PREIMESBERGER
    -
    May 14, 2018
    Share
    Facebook
    Twitter
    Linkedin
      RSA.Sandboxwinner2018

      SAN FRANCISCO — RSA Security’s annual conference, staged recently at Moscone Center in San Francisco, is the largest of its kind in the world. The Innovation Sandbox it hosts each year is the closest thing to a “Shark Tank”-style reality TV show for cybersecurity startups, and it is always a popular subset of the main event.

      The Sandbox provides a barometer for trendy security approaches. Attendees watch 10 entrepreneurs pitching their wares on a 3-minute clock before a large audience and panel of tough judges, and it is entertaining. More importantly, Innovation Sandbox allows conference attendees a peek at incubating technology that may impact the careers of many future security professionals.

      Paul Shomo, Senior Technical Manager of Third-Party Technologies at OpenText, was one of the professional observers at this year’s event. Shomo has spent more than 15 years as a software engineer with experience working in security and forensics, networking and storage; he also has spent several years managing strategic partnerships and advising on M&A activity.
       
      He joined OpenText after it acquired Forensic Investigations and endpoint security provider Guidance Software last year.

      Shomo offered eWEEK some observations about the startups selected to present at the Sandbox at the 2018 RSA event. The following is an adaptation of his account of the competition.

      Innovation Sandbox 2018

      The trend of automating manual labor with orchestration technologies was on display at Innovation Sandbox, as well as threat detection inside the cloud and for the internet of things (IoT). If history is any judge, a handful of these companies will be acquired or become major brands.

      Cybersecurity now exhibits an impact at the level of geopolitics. Its digital tentacles reach into our personal lives, threatening privacy and our employer’s well being. We all need to keep up with this industry, yet it’s one of the most technical and ephemeral areas of IT. If your ambition is to stay on the bleeding edge, RSA’s Innovation Sandbox is the closest thing to a portal into the future.

      Innovation Sandbox’s competition is similar to a “Shark Tank”-style reality show. Each entrepreneur gives a 3-minute presentation before a panel of judges. The testy interactions between passionate entrepreneurs and opinionated judges make this show exciting.  

      Wellspring of Future Trends

      Industry experts pick the 10 finalists, and the trends seen across these chosen few are predictors of our collective future. The trend of replacing human labor with orchestration technologies were present throughout. At RSA, most competitors dropped references to machine-learning algorithms or artificial intelligence techniques to aid the location of threats.

      The second major trend involves the many efforts to gain visibility into closed-off environments such as IoT devices and a variety of cloud environments.  

      Detecting Threats on the Network vs. Installing on Endpoints

      • Instead of forcing their way onto traditional endpoints, which are already full of installed third-party agents, these startups tap into the network. The first startup, Awake, records network traffic to collect threat intelligence and focus on what’s important. Awake founder and CEO Michael Callahan sounded the alarm that attackers are now hacking with legitimate software such as Twitter for Command and Control and Team Viewer for Remote Access. Awake enables forensic queries into its data to detect patterns of suspicious behavior hiding within the norm.
      • Acalvio falls under the category of deception technologies. These technologies set the bait to lure hackers to hit deployed sensors. When their threat detection goes off, these type of deception technologies exhibit few false positives. One judge pushed back that deception is already a crowded field. CEO and founder Ram Varadarajan retorted that their proprietary sensors differentiate Acalvio. These sensors appear as digital mirages of easily managed virtual machines.
      • BluVector also does detection and response using network traffic. Unlike the others, BluVector provides visibility into the endpoints using an agentless technology. A judge hinted that they believed BluVector did too much. CEO Kris Lovejoy noted that the company’s self-adapting technologies emerged from 10-year-old Defense Advanced Research Projects Agency (DARPA) research, and that other engines were licensed from third parties. BluVector’s probability engine not only provides users a Hunt Score but also integrates with existing threat hunting tools and infrastructure.   

      Visibility into the Cloud to Detect and Respond

      So much of enterprise computing is in the cloud. Gaining visibility into these environments for threat detection presents a challenge. The cloud often employs heterogeneous architectures, is encrypted, or is only visible as a black box one can see through the APIs of web giants such as Google or Amazon.

      • ShieldX’s detection and response targets multi-cloud architectures. It is able discover and group cloud assets without installing agents. Founder and CEO Dr. Ratinder Paul Singh Ahuja described the company’s Deep Packet Inspection (DPI) of network traffic. ShieldX wields technology to prevent “east-west lateral movement” of hackers across assets. 
      • StackRox CTO and Co-Founder Ali Golshan promotes technology that provides visibility at the app level. It sees into both cloud containers and native environments. StackRox employs scans for vulnerabilities and misconfigurations and then orchestrates enforcement and configuration.

      New Take on the Internet of Things (IoT) Security

      • IoT device manufacturers develop firmware in proprietary and minimalist environments. It’s often quite difficult to deploy third-party security software inside these devices. For this reason, Refirm Labs bypasses the need to run inside IoT, and it requires zero access to a manufacturer’s proprietary source code. Instead Refirm Labs scans the manufacturer’s firmware image before it deploys it into hardware. Its technologies detect new “zero day” vulnerabilities, encryption keys and visible passwords.

      Hackers Target People and Data, Security Should Start Here

      • Malware and vulnerabilities used to dominate the security narrative. Now we’re seeing a shift toward data-centric and people-centric security. CyberGRX CEO Fred Kneip said that 56 percent of reported breaches involve a third party. CyberGRX employs a rules engine to identify, prioritize and mitigate risk from third party vendors.  
      • Hysolate introduced something called virtual air gapping by using multiple VMs with seamless connectivity and user experience–all on a single endpoint. Users can operate carefree in their internet VM. As CEO and co-founder Tal Zamir explained, “in the Internet VM, you can do whatever you want. It has full internet access and local admin rights.” When operating on sensitive tasks, users work in Hysolate’s Sensitive VM. It’s locked down and limits connections to only within circles of privileged assets. 

      There Can Be Only One 

      • Runner-up Fortanix is a secure key and crytpographic service delivering runtime encryption. Fortanix CEO Ambuj Kmar explained that its technology protects data in use, even when the infrastructure has been compromised. Memory is a free for all, with hackers and forensic tools often scraping out passwords and private data. With Fortanix’s runtime encryption, even data held in memory remains private.
      • This year’s winner and No. 1 innovator was BigID (pictured). Privacy matters enough to make billionaires blush; just ask Mark Zuckerberg. It’s not surprising the winner’s slogan said: “Our big idea is that privacy matters.”

      As BigID CEO Dimitri Sirota puts it: “Privacy is difficult because you have to figure out not just whose data you have, you have to understand the context of that information.” This winning startup delivers ML to find, map and match identity data. BigID’s appeal to investors is obvious, due to the impending General Data Protection Regulations (GDPR), which goes in effect May 25.

      The trends that were on display at Innovation Sandbox will form our future. Also keep an eye out for this crew of security luminaries. If Innovation Sandbox’s history is any judge, a handful of these companies will become acquired or built into major brands. 

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×