The RSA Conference (RSAC) 2020 gives security vendors old and new a chance to demonstrate their capabilities.
The RSAC Early Stage Expo gathers over 50 promising start-ups from all over the world, many of which have so far been in stealth mode. These are 12 of the most interesting, in alphabetical order:
1. Blu Bracket: Code Security Suite
Blu Bracket was founded in 2019 with a focus on providing security solutions for software code. At RSA, the company demonstrated its Code Security Suite, which it claims will provide greater visibility into, and keep an audit of, an organisation’s code.
Companies have the ability to see where their code is located, who has access to it, and to classify sensitive code. The product can also identify if secret information such as passwords are present.
2. BotRx: DeTx and ProTx automated fraud protection
BotRX’s mission is to protect against automated attacks against IoT devices, mobile apps or websites. The DeTx and ProTx solutions shown at RSA provide automated bot detection and mitigation capabilities to prevent identity fraud.
The company’s bot detection network aims to find anomalous behaviour and prevent automated bots attempting to log in using harvested credentials, perform form jacking attacks or crawl for website vulnerabilities.
3. Concentric: Semantic Intelligence
Concentric came out of stealth mode in January 2020 with a focus on discovering and protecting important unstructured data. Its Semantic Intelligence offering automatically discovers and classifies business critical data.
Concentric claims its Autonomous Data Risk Profiles can identify both structured and unstructured data such as intellectual property (IP), personally identifiable information (PII), financial information and source code, and then apply risk scores to it based on the sensitivity of the information and the controls and policies currently applied to it.
4. Cyber Armor: Identity-based zero-trust workload and data protection
Israel-based Cyber Armor aims to bring together workload and data protection across environments by allowing DevOps teams to create zero-trust workloads.
The company claims its service-to-service, identity-based control plane it will be showing at RSA is able to identify workloads based on application code analysis and create cryptographic signatures that only allow authorised workloads to run, access data, and use network resources
5. CyCognito: The CyCognito platform
Launched in November 2019, Palo Alto-based CyCognito aims to help quantify an organisation’s full attack surface by mapping its assets and attack surface on the internet.
The CyCognito platform to be demonstrated at RSA uses a bot network to scan IP ranges, web applications, keyword and code fragments, deployed software and TLS configuration. It then applies risk scores to each potential attack vector based on ease of discovery and exploitation and the potential impact on the business.
6. Dasera: Safer data queries
Part of RSA’s RSAC Launch Pad event, Dasera wants to enable safer internal use of sensitive data by employees. The Sunnyvale, California, company says its analysis engine can automatically find, flag and rewrite unsafe queries in data warehouses to help employees query data safely.
7. Gold Comet: Secure messaging
Gold Comet provides private communications solutions. The Virginia company launched last year and says the browser based encrypted Gold Comet Messaging system on display at RSA allows users to send and receive messages only from persons in their contacts list, and new contacts are added via a verification system that includes a challenge question.
8. LevelOps: Application Security Platform
Santa Clara start-up LevelOps aims to improve security across the entire software development lifecycle. The DevSecOps tool it is presenting at RSA does this by discovering and tracking development and operational artefacts in one place.
The company says it can track and map releases, products and services across teams and organisations including code, tickets and design documents. Security teams can them automate and disseminate security requirements for each artefact.
9. LUMU: Continuous compromise assessment
LUMU aims to help organisations identify potential compromises on their network. The Lumu platform being shown at RSA collects and correlates network metadata from sources including DNS queries, Netflows, proxies, firewalls and spambox filters with threat intelligence, and can help organisations isolate confirmed instances of compromise.
10. OutThink: Human risk intelligence platform
Based in London and an alumnus of the UK LORCA and CyLon incubators, OutThink describes itself as a “human risk intelligence platform.” It claims the SaaS platform it's showing at RSA provides real-time analysis and continuous risk scoring of employees based on factors such as knowledge level, willingness to comply and use of technology, and then provides advice on how to tailor security training to that user.
11. Soluble: DevOps security
Soluble aims to help automate DevSecOps processes and ensure greater security at the outset of a project. The company says it can provide developers pre-configured access and policy controls to new services from a drop-down menu when creating new services.
Kubernetes-based operators apply these controls across databases, buckets and third-party services and provides an audit trail and service map for visibility.
12. Zero Networks: Access orchestrator
Part of the RSAC Launch Pad event, Zero Networks wants to automate zero-trust network security and access. The Israeli company says it can automate the creation and enforcement of network access rules to enable companies to configure their zero-trust architecture deployments.
Remote APIs control users and machines, while its cloud-based service defines and enforces policy automatically.