The Innovation Sandbox contest during the RSA Conference has produced a number of interesting ideas and products over the years. It's the first major break for many of the startups attempting to make it in InfoSec, allowing them to showoff their products to investors and potential customers.
The Innovation Sandbox is also big deal for the startups selected as finalists, as it usually translates into solid chance at success. Imperva won in 2006, and then went on to raise $90 million during their IPO in 2011. Sourcefire, acquired by Cisco in 2013 for $2.7 billion, won in 2005. Invincea took to the winners circle in 2011, and Appthority followed them a year later.
To qualify for the Innovation Sandbox, the startup's product has to have been in the marketplace for less than a year, and (as determined by the panel of judges) have the ability to make a significant impact within InfoSec as a whole. Moreover, the company has to be privately held with less than $5 million in revenue and have a management team with a proven record of bringing products to market.
Over the years, CSO has witnessed companies lure crowds to demos that worked flawlessly, driven by spokespeople who know the product by heart, because sometimes the person running the demo is the one who designed the product. Those demos are actually enjoyable to watch, because you can see the spark in their eyes as they proudly show off their creation.
We've seen our share of less than successful runs in the Sandbox too, including demo troubles, nervous talks, and Q&A sessions where the person speaking forgot key points of the pitch. But even then, most of those rocky beginnings were due to the pressure some startups feel when placed in the spotlight.
This year, two startups caught CSO's attention so we're paying them a surprise visit.
The first startup is illusive Networks (the lowercase I is intentional). They've created a technology called Deceptions Everywhere, which aims to stop targeted attacks by creating a deceptive layer across the entire network.
There's also Attacker View, which reveals possible attack paths on the network in order to limit – or remove – lateral movement in the event an attacker compromises something. All of this is capped by what illusive Networks says is real-time forensics information, which is collected as soon as an attacker acts on the false data, but before they can dump logs and remove any trace of their visit.
The second startup is SafeBreach. Like illusive Networks' Attacker View, SafeBreach has developed technology that examines your network through the eyes of an attacker. But that's where any similarities end.
When safe SafeBreach looks at the network, it's looking for things that will lead to a successful compromise. But it doesn't conduct static penetration testing or vulnerability assessments.
SafeBreach looks at vulnerabilities and specific weaknesses applying context to the systems they're found in, and the network relationships they affect. It allows security teams to see how an attack could be conducted, how far into the network it could go, and what assets are placed at risk. Because it continuously runs attack scenarios, any changes to the network are added immediately to the assessment.
The standout aspect here is that, if it works as promised, SafeBreach enables a level of context that most organizations simply don't have. By seeing how an attacker could pivot from a compromised desktop into the shared drives on the fileserver, before heading out to the QA server, a company can make adjustments, such as applying patches, implementing stop-gaps, and more.