SAN FRANCISCO -- Startup companies from across the spectrum of security approaches delivered three-minute pitches to a capacity crowd of several hundred attendees at the RSA Innovation Sandbox awards on the eve of the 2015 RSA Conference. A panel of industry luminaries scored the pitches and any other information they could glean from the contestants, and as 5 p.m. rolled around they declared Waratek, a maker of runtime application self-protection (RASP) for Java, the winner.
In an unplanned move, judges declared a runner-up: smart identity badge maker Ticto. This company's product looks like a regular ID badge, but a bit thicker. The secret sauce is that when you use your badge to gain access to a particular area, the display on the front shows a random pattern that changes periodically, along with an LED that changes color at each pattern change. Every badge in that area displays the same color and pattern, so anyone who has a counterfeit badge will immediately stick out.
Another favorite, at least from speaking with audience members following the presentations, was Bugcrowd. A software engineer named Rob (he didn't give his last name) said he "liked the idea of crowdsourcing -- it's an interesting concept. They said there were other companies out there that do this, but I've never heard of them. If they are out there, they haven't done a good job of marketing it."
Patrick Heim, head of trust and security at Dropbox, served as one of the judges. He felt there was an unusual amount of innovation this year. "This year we had 93 companies that applied to be part of this. … It's fabulous to be exposed to that much innovative thinking."
Of those participating, 10 were selected to present at the event. In addition to the companies already mentioned, this included user behavioral analytics company Fortscale and several contenders who were offering various approaches to improving threat and breach detection: Vectra Networks, SentinelOne and SecurityDo. Endpoint security company Cybereason claimed it was bringing data analytics to the desktop. NexDefense presented an anomaly detection system for industrial control systems. Static-scanning startup TrustInSoft was offering that holy grail of the discipline: mathematically proven security.
This was the tenth year of the program, initially called Innovation Station. Past winners include the now well-established Sourcefire and Imperva.
Read about Microsoft's security priorities for 2015.
Check out this RASP primer from searchSecurity