The RSA Conference is the industry’s biggest cybersecurity show, and it hosts the premier startup competition, Innovation Sandbox. In the competition, 10 entrepreneurs pitch their startups to a panel of investors and industry luminaries. Forecasters and early adopters take note: For over a decade, this competition has produced major brands like Cylance, SentinelOne, Cybereason, and many others.
This year Talon Security won by making a bold but convincing case that it might be the corporate web browser of the future. Judge and VP for products at Check Point Technologies, Dorit Dor, called Talon a “legit alternative” to existing players.
Talon Security pointed out how difficult it is to deploy security controls and software across heterogeneous devices accessing an organization’s clouds. Many of these are third-party devices, but they all have users who can install a web browser. That’s something that doesn’t even require admin privileges. Since Talon has joined Microsoft on Google’s Chromium code base, Talon’s browser will have near-universal device and web compatibility.
Talon customers would require this browser to use their cloud, so they can manage privileges centrally. This hardened browser can keep privileged data contained within it, blocking cut and paste, screen capping, and saving.
These 10 finalists, the business problems they solve, and their visions for the future are quite different from past industry thinking. Three distinct trends emerged:
1) Post-Cloud IT Infrastructure and its Security is Still Under Construction
Fans of blockchain have long awaited its impact on the cybersecurity industry. BastionZero’s founders are both academic crypto researchers, who created a blockchain security startup before deciding to decentralize zero trust.
Founder Sharon Goldberg speaks passionately as to how zero-trust thinking is fundamentally flawed due to centralization. Inspired by the crypto ethos, BastionZero brings a decentralized solution based on multiple roots of trust. If one root is compromised, organizations will still maintain control. It allows engineers and build processes secure access to their clouds, with recorded sessions that can be replayed during audits.
Carbon Black founder, JJ Guy, and Cylance founder, Greg Fitzgerald, showcased their cloud-native asset intelligence startup, SevCo. Numerous systems claim to provide point-in-time inventories of devices, but they’re never correct. With virtual workers, third-party contractors, and unmanaged devices accessing the cloud, the problem is only getting worse.
SevCo’s real-time streaming platform is powered by a correlation engine. It continuously collects and dedupes device telemetry, even scraping adjacent device information from Address Resolution Protocol (ARP) tables. After generating the most up-to-date inventories, it’ll be curious to see if SevCo can conquer the difficult problem of identifying Internet of Things (IoT) and unmanaged devices.
2) Security Doesn’t Revolve Around the CISO
Most of the prior years catered to those hunting threats and reporting to the CISO. This year, startups are rethinking core IT infrastructure security around the cloud transformation.
Talon’s web browser, SevCo’s IT inventory, and BastionZero’s authentication are more likely sold to buyers under the CIO. The next three finalists continue this trend. They manage risk across data, privacy, and DevOps teams while defending the digital transformation.
“DataGovOps is going to be the next revolution,” said David McCaw, founder of Dasera.
He built Dasera to free data security that’s siloed within separate DataOps, ITOps, and PrivacyOps teams. Using API integrations, Dasera maps data and context and automates workflows and policy management.
In years past, Innovation Sandbox has incubated SecDevOps startups into an already crowded marketplace. Here, judges pointed out this challenge of the tough market. Yet Cycode stood strong, articulating its focus on the full software development lifecycle. Cycode spans from application code to the complexity of open-source libraries. It manages the complex deployment paths that caused the Log4J vulnerability to linger.
Innovation Sandbox has launched security orchestration startups in the past. In 2022, Torq ushers in the next generation. Torq removes the need for Python coding with a no-code approach, allowing security experts to visually build automation for incident response. Torq is built for users across organizational departments. It allows security workflows that can ask IT for things like account provisioning and asks end users for permission grants.
Also see: Best Website Scanners
3) APIs and Vulnerabilities Overshadow Malware in Cloud Security
This is the second straight year purpose-built malware detection has been missing from the finals. While surprising to some, the judges have their reasons.
While still widely used against endpoints, placing malware in the cloud, and hoping it falls near privileged data is a low-probability tactic. At this time, cloud security is more about stealing and using credentials. Credentials enable adversaries to log in across the multicloud’s broad identity layer, then access assets with APIs. While the origin point of API attacks could be malware, many believe API attacks often originate from a hacker’s own device, sitting behind an anonymized IP.
The remaining finalists directly secure cloud applications and assets, either from API attacks or by detecting and remediating cloud vulnerabilities and over permissions. While none specifically bring malware detection, several give more visibility into cloud workloads.
Neosec is an application security company defending B2B APIs by leveraging API gateways like Google Apigee. Neosec identifies an organization’s APIs, detects vulnerabilities, and uses behavioral analytics to visualize misuse and abuse. It also includes a managed service to aid customers in handling these new and complex API attacks.
Lightspin makes cloud-native app protection easy with its graph technology. Their visualization is best described as constructed backward from valuable assets. It illustrates the critical path of vulnerable or misconfigured nodes that hackers might work through to reach sensitive data.
Araali Networks embraces agent deployment frameworks supplied by Kubernetes. They’re creating an agent-based threat management solution to protect private clouds. Araali monitors network traffic, enforces explicit policies, and blocks threatening code.
Cado Security takes a unique forensics and incident response approach to cloud workloads. Instead of playing the difficult agent game, Cado leverages cloud providers to access cloned point-in-time images of workloads. When done near the time of security alerts, this provides valuable offline forensics.
Cloud forensics has big potential. This offline analysis has zero impact on high availability workloads. It allows examining both binary files inside workloads and forensic evidence of running processes. Cado Security doesn’t boast specific malware detection but allows searching for malware indicators.
Also see: Real Time Data Management Trends
Evolving to Keep Up With Digital Transformation
For years hackers breached the perimeter, deployed malware, and worked their way inside on-premises networks towards data. That world is in decline. At Innovation Sandbox, we got to witness a new species of cybersecurity, a species evolving to keep pace with an ever-changing IT infrastructure and the digital transformation.
About the author:
Paul Shomo is a media correspondent and contributor to eWeek. A cybersecurity analyst, he was one of the engineering leaders behind the security forensics brand, EnCase.