RSAC 2024: The Top 10 Innovation Sandbox Finalists
Expert Insights breaks down the Innovation Sandbox finalists at RSAC 2024.
In cybersecurity, “we need innovation to thrive,” said Hugh Thompson, Program Committee Chairman of RSA Conference, as he opened the Innovation Sandbox at RSAC 2024.
RSA’s innovation sandbox allows 10 cybersecurity innovators three minutes to pitch their ideas to a panel of judges.
Last year, the winner was HiddenLayer, an AI risk detection and response solution. Since winning the prize, they have raised $50m USD in series A funding.
Judgements are based on the problem each finalist is trying to solve, the soundness of the IP, the commercial viability and go-to-market strategy, the impact and reach the product could have, the talent of the team, and – finally – market validity and customer pipeline.
The contest has been running for 18 years, and the finalists have collectively seen over 80 acquisitions and $13.5 billion in investments.
This year, the Top 10 finalists are:
VulnCheck
Speaker: Tom Bain, Chief Marketing Officer
Website: https://vulncheck.com
VulnCheck is an exploit intelligent platform designed to provide better data faster and remove the human element. It provides an autonomous early warning vulnerability management system to help teams catch vulnerabilities faster. It enriches and works with any platform and enterprise workflow, and can be used by cybersecurity vendors to enrich their data.
Key Quote: “Stop chasing and start outpacing.”
Reality Defender
Speaker: Ben Colman, Co-Founder and CEO
Website: https://realitydefender.com
RealityDefender uses AI to detect generated AI content across text, videos, and audio. It can be deployed on-prem and in the cloud and works for any platform. The platform’s key use cases include scanning video content before it goes on air or text content before being published to prevent disinformation, as well as detecting AI generated voice fraud. AI generated audio is the #1 use case currently, with banks globally using the platform to identify fraud. The company’s vision is to become the detection layer for all AI generated fraud.
Key Quote: “Fiction on demand…the outputs are fake, the threats are real” on generative AI.
RAD Security
Speaker: Brooke Motta, Co-Founder and CEO
Website: https://rad.security
RAD Security is a behavioral, cloud-native, AI detection and response solution. It can detect and protect against vulnerabilities and suspicious behaviors by creating a unique ”fingerprint” of your environment. Using this baseline, it identifies any unusual behaviour, or ”drifts”, in real-time, and uses LLMs to prioritize risks. It has had 3x YoY top-level growth, and aims to shift runtime protection left.
Key Quote: “Burnout is at an all-time high. Are you all okay?!”
P0 Security
Speaker: Shashwat Sehgal – Co-Founder and CEO
Website: https://p0.dev
P0 Security helps to manage cloud privileges. It provides ”universal” access governance and can secure all identities – human and machine – without impacting workflows. It provides an inventory for all identities and automates lifecycle management for user access, including just-in-time and short-lived access. Finally, it provides lifecycle access for non-human identities. It works within ten minutes of deployment with a fully agentless architecture.
Key Quote: “Governing cloud access continues to be one of our most pressing challenges.”
Mitiga
Speaker: Ofer Maor, CTO and Co-Founder
Website: https://www.mitiga.io
Mitiga is a cloud and SaaS investigation solution. It provides a distributed cloud security data lake collecting petabytes of cloud data. It provides alerts on cloud threats, with contextualized, easy to understand data, across all different systems. Their team can provide full cloud investigation, so teams can track threats. When a major breach occurs, automated threat logic provides information on your defence posture.
Key Quote: “SOC teams don’t have the right tools to detect, investigate and respond in the cloud.”
Harmonic
Speaker: Alistair Paterson, CEO and Co-Founder
Website: https://www.harmonic.security
Harmonic helps teams to identify all of the data leaving their organization. It’s essentially a DLP tool for generative AI technology. Their tool, Maestro, provides visibility into AI adoption across the enterprise. It is based on a set of data protection LLMs that doesn’t train on organization’s data, and it communicates directly with end users to avoid friction for security teams. Their team is made up of experts from Digital Shadows, and the service is currently popular amongst by financial services, and typically bought by the CISO within an enterprise.
Key Quote: “Data privacy is the #1 barrier to GenAI adoption.”
Dropzone.AI
Speaker: Edward Wu, Founder and CEO
Website: http://dropzone.ai
Dropzone.AI uses generative AI to help human analysts and SOC teams analyze, investigate and sort security alerts. Their autonomous AI ”agents” can investigate, contextualize, and sort alerts from any security tool. It is built on a custom LLM system trained on common alert type data. When an alert is generated, the system gathers surrounding context to generate an autonomous detailed report. It can be immediately operationalized by teams of any size. It’s delivered as a SaaS tool, connects to all of your security systems, and can be set up in 30-minutes. It’s used by MSSPs and enterprise SOC teams.
Key Quote: “Cyber defenders have been battling cyber attackers since the dawn of the digital age. But we are not winning the war.”
Bedrock Security
Speaker: Pranava Adduri, Co-Founder and CEO
Website: https://www.bedrock.security
Bedrock Security uses a distributed discovery method that adapts to your data to improve DLP. It replaces static DLP rules and uses AI-powered reasoning to classify data and discover data loss that may otherwise be missed. It can be deployed in 15-minutes. Bedrock works with vendors to auto-contain data loss problems.
Key Quote: “Modern enterprises are much like the Titanic when it comes to their data.”
Antimatter
Speaker: Andrew Krioukov, Co-Founder and CEO
Website: https://www.antimatter.io
Antimatter helps organizations to manage the data being fed into generative AI systems. It’s a data control plane that sits between data and applications so that teams can control data sharing. It works as follows: first you connect the data sources you want to protection. Second, you review and edit permissions across these apps. Third, you can view and monitor all of these interactions. It has an impressive list of leading investors, including Google Cloud, Cisco Duo, and OKTA.
Key Quote: “Generative AI is fundamentally different. The more data you give it, the more powerful it is. Existing security processes don’t work here.”
Aembit
Speaker: David Goldschlag, Co-Founder and CEO
Website: https://aembit.io
Aembit describes itself as ”OKTA but for workloads”; a workload identity and access management provider. It grants access based on policy and uses secret-less credentials. It secures workloads in the cloud, data center or in SaaS, and provides conditional access using Wiz and Crowdstrike. Ambit’s workload identity management platform is designed to replace secrets in the same way identity providers like OKTA are replacing passwords. Customers are generally cloud security architects and DevOps. It doesn’t require any code to use.
Key Quote: “Secrets are scattered through software. Secrets are a huge risk.”
Winner:
After much anticipation, the judges narrowed the finalists down to two companies: Aembit and Reality Defender, before announcing Reality Defender as this year’s winner.
“[Reality Defender’s] approach on AI is that it’s cat and mouse, and I would say we are deeply hopeful that your solution works, and deeply grateful that entrepreneurs are willing to take this problem on, because it’s a very hard problem to solve and a very important problem to solve,” said Niloofar Razi Howe, Operating Partner at Capitol Meridian Partners, on behalf of the judges.
“There’s a great 1968 quote that was misattributed to Andy Warhol, which says everyone’s going to be famous for at least 15 minutes because of something you did, whether you wanted to be famous for it or not. Today, with the world of AI and synthetic media, it can happen to every single person, and it’s one of the most consequential problems we face – especially in an election year.”
“This year it’s not just the U.S – 8 out of 10 of the most populous countries are having elections. Half the world’s population is going to have an election, and it’s a problem we need to solve.”
When it came to the runner-up, the judges praised the experience of Aembit’s leadership team, and the creativity of their workload identity management platform.
“Workflow-to-workflow is [an area of security] that a lot of us haven’t tackled. We are still worried about user-to-machine,” said Nasrin Rezai, SVP & CISO at Verizon. “And it is going to be even more important in AI-based solutions, where the machine-to-machine interactions are going to be even more problematic.
“The other element to it is that it’s solving for the challenge we have about secrets: they’re spread everywhere. They’re a major headache for defenders, and these guys have a solution.”
About Expert Insights
Expert Insights is a B2B research and review platform for IT solutions and services. We help over one million IT managers, CISOs, small business owners, and other professionals discover the best IT and cybersecurity solutions.