Security startups hope to build venture-funded castles in the Innovation Sandbox

Some of the industry's most notable firms have gotten their start on the playground

The Innovation Sandbox contest during the RSA Conference has produced a number of interesting ideas and products over the years. It's the first major break for many of the startups attempting to make it in InfoSec, allowing them to showoff their products to investors and potential customers.

The Innovation Sandbox is also big deal for the startups selected as finalists, as it usually translates into solid chance at success. Imperva won in 2006, and then went on to raise $90 million during their IPO in 2011. Sourcefire, acquired by Cisco in 2013 for $2.7 billion, won in 2005. Invincea took to the winners circle in 2011, and Appthority followed them a year later.

To qualify for the Innovation Sandbox, the startup's product has to have been in the marketplace for less than a year, and (as determined by the panel of judges) have the ability to make a significant impact within InfoSec as a whole. Moreover, the company has to be privately held with less than $5 million in revenue and have a management team with a proven record of bringing products to market.

Over the years, CSO has witnessed companies lure crowds to demos that worked flawlessly, driven by spokespeople who know the product by heart, because sometimes the person running the demo is the one who designed the product. Those demos are actually enjoyable to watch, because you can see the spark in their eyes as they proudly show off their creation.

We've seen our share of less than successful runs in the Sandbox too, including demo troubles, nervous talks, and Q&A sessions where the person speaking forgot key points of the pitch. But even then, most of those rocky beginnings were due to the pressure some startups feel when placed in the spotlight.

This year, two startups caught CSO's attention so we're paying them a surprise visit.

The first startup is illusive Networks (the lowercase I is intentional). They've created a technology called Deceptions Everywhere, which aims to stop targeted attacks by creating a deceptive layer across the entire network.

There's also Attacker View, which reveals possible attack paths on the network in order to limit – or remove – lateral movement in the event an attacker compromises something. All of this is capped by what illusive Networks says is real-time forensics information, which is collected as soon as an attacker acts on the false data, but before they can dump logs and remove any trace of their visit.

The second startup is SafeBreach. Like illusive Networks' Attacker View, SafeBreach has developed technology that examines your network through the eyes of an attacker. But that's where any similarities end.

When safe SafeBreach looks at the network, it's looking for things that will lead to a successful compromise. But it doesn't conduct static penetration testing or vulnerability assessments.

SafeBreach looks at vulnerabilities and specific weaknesses applying context to the systems they're found in, and the network relationships they affect. It allows security teams to see how an attack could be conducted, how far into the network it could go, and what assets are placed at risk. Because it continuously runs attack scenarios, any changes to the network are added immediately to the assessment.

The standout aspect here is that, if it works as promised, SafeBreach enables a level of context that most organizations simply don't have. By seeing how an attacker could pivot from a compromised desktop into the shared drives on the fileserver, before heading out to the QA server, a company can make adjustments, such as applying patches, implementing stop-gaps, and more.

Join the CSO newsletter!

Error: Please check your email address.

More about CiscoCSOImpervaQRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place