As at least the 10 finalists in the RSA Conference 2023 Innovation Sandbox competition show, the need to comply with government regulations, ensure a distributed workforce post-pandemic, and improve AI capabilities will drive cybersecurity startups this year. leading the scene.
“[A]Application security (AppSec) is a hot topic among our competitors and it shows where we are in the digital transformation process,” writes Rik Turner for Omdia.
Interest in AppSec continues to grow, Turner said, due to the growth of remote access fueled by the COVID-19 pandemic, which has closed offices and schools around the world and forced organizations to adapt to remote access. I think it’s a thing. “The trend of working from home is certain to continue, at least in part, even as the pandemic wanes to endemic status,” he said.
At the live event at the RSA Conference in San Francisco on Monday, April 24, judges will hear presentations from the 10 finalists, listed in alphabetical order. Endor Labs; Hidden Layers; Pangea; Dependent AI; SafeBase;
A significant year for AppSec
The importance of AppSec – eliminating security vulnerabilities at the application level during development and implementation – was highlighted by the Log4j crisis. “Modern app architectures are becoming increasingly componentized and more inclined to reach out to third-party apps for services like payments and maps,” Turner said. They have compromised websites to give access to many other apps.”
Astrix aims to secure communication between all kinds of apps, sometimes called inter-SaaS security. It focuses on extending access management to machines and other non-human identities to make connections between an organization’s core systems and cloud services more secure.
Dazz uses automation to triage security alerts and offers “accelerated cloud remediation” to streamline developer workflows. Automation not only has the potential to improve the speed and accuracy of the first wave of incident response, but it can also reduce alert fatigue, a much-discussed component of burnout.
Endor Labs is dedicated to tracking and managing open source components. Log4j revealed that most potential vulnerabilities are untracked and widely sourced. A software bill of materials (SBOM), US Press.Joe Biden issued an executive order in May 2021 mandating that he create an SBOM following the Colonial hack of his pipeline. “[E]Even before that, the sheer number of open-source libraries that developers were incorporating into their code was a major concern, and an entirely new market segment emerged called Software Composition Analysis (SCA),” Turner said. pointed out. outside.
Pangea helps organizations create secure and compliant cloud security services by using a block-based API builder and hosting the service itself. “Organizations don’t always know whether the APIs created by their own developers are secure, much less the APIs of third parties whose apps may be used in production. No,” he points out Turner. By using this secure API library, developers can avoid the entanglement of open source libraries typically utilized when building applications.
Role of AI
Artificial intelligence is all the rage, but with ChatGPT having a pop culture moment and raising its own security concerns, companies are pitching their products in AI terms wherever sensible. And while some AI hype has only skyrocketed automation, AI has brought many benefits to cybersecurity.
Relyance AI focuses on machine learning as a way to track personal data as it moves through internal and third-party APIs and other systems to ensure compliance with privacy regulations. Turner classifies the company as “a data security company that has also dabbled in the world of AppSec, with technology designed for the business environment created by digital transformation.” increase.
Hidden Layer seeks to protect an undervalued business asset: machine learning data sets. Its technology, which the company calls machine learning detection and response (MLDR), monitors the inputs and outputs of ML algorithms looking for “anomalous activity consistent with adversarial ML attack techniques.” If your ML training data is corrupted, its output will be erroneous and it will be difficult to peer inside the black box to see the problem. Turner said, “After all, anyone who can ‘poison the well’ of data used in such analytical exercises can distort the results and not be used in business decisions, medical procedures, or military strategy. “
Web3 protection
AnChainAI protects the blockchain, which is the very property of Web3. With the recent wave of cryptocurrency heists and the regulatory demands that come with it, organizations managing crypto wallets must avoid becoming victims or accomplices of crime. The company aims to build a predictive engine to identify and flag suspicious transactions, and sell Know Your Wallet, forensics, and contract evaluation services to financial institutions, asset owners, and governments.
Zama also addresses the Web3 problem with a suite of open source cryptographic tools for building fully homomorphic encryption (FHE) applications that protect data security. According to the company, its tools allow it to process data without decryption, enabling true end-to-end encryption. Zama believes the company’s technology is what enables “httpz”, the next step in his web security.
serious business
SafeBase creates a centralized repository of security policy and compliance documents to expedite security reviews. It addresses the professional and necessary parts of third-party risk management, such as distributing renewed certificates and managing non-disclosure agreements. Turner noted the value of a “single source of truth,” but said, “The big question is how can customers verify that the data they receive from the trust center is legitimate?” ” he pointed out.
Valence Security secures cloud workflows with SaaS Security Posture Management (SSPM). Monitor a mesh of client third-party SaaS applications, detect and remediate misconfigurations, and manage identity security using a combination of services. Turner said that while there are many opportunities in the SSPM space and cloud security market, that means Valence also faces a fair amount of competition.
Winners will be announced on April 24th at the end of the presentation. This year’s judge is his Niloofar Razi Howe, Senior Operating Partner at Energy Impact Partners. Paul Kocher, independent researcher and founder of Cryptography Research. Co-founder and CEO of Cato Networks, he is Shlomo Kramer. He is Barmak Meftah, Co-Founder and General Manager of Ballistic Ventures. Christopher Young, Executive Vice President of Business Development, Strategy, and Ventures at Microsoft, said: All but Meftah are back from last year.