The 5 Most Innovative Cybersecurity Startups From RSA Conference
CRN asks a number of executives attending RSA Conference 2021 which cybersecurity startups they believe are coming up with innovative ways to protect data, cloud workloads and open-source software.
Securing The Future
A number of technical and go-to-market leaders attending RSA Conference 2021 spoke with CRN about which cybersecurity startups they believe are disrupting the industry by coming up with new ways to secure data, cloud workloads and open-source software as well as novel approaches to assessing third-party risk or regulatory compliance.
Innovations around data security have caught the industry’s attention, with emerging vendors looking to take on challenges around finding and controlled unstructured data regardless of location and managing security assets in the cloud in a noninvasive manner.
Other emerging vendors highlighted below have made it easier to incorporate security into the software build process from the get-go, replace passwords with passwordless multifactor authentication, and hold multiple vendors up to the same yardstick and quantifiably assess the level of risk they introduce.
From passwordless authentication to safeguarding unstructured data managing security assets in the cloud, here’s a look at the cybersecurity startups that industry leaders attending RSA Conference 2021 expect to make waves in the months and years ahead.
Orca Security
Orca Security’s approach to looking at cloud assets provides organizations with a level of visibility and manageability that’s in high demand as businesses accelerate their shift to a hybrid cloud or full cloud model since the start of the COVID-19 pandemic, according to Rob Cataldo, managing director for Kaspersky North America.
Orca’s noninvasive technology provides instant compatibility with the existing security infrastructure a company already has in place, ensures other products and processes aren’t disrupted during the installation process, and delivers visibility into as well as the ability to manage other security assets, Cataldo said. This is something that other vendors haven’t been able to do effectively up until now, Cataldo said.
The level of elegance that Orca brings around orchestration has been desired for a long period of time, particularly since the rapid shift to remote work last spring, according to Cataldo. As a result, Cataldo said IT and security departments increasingly want to be able to log into a cloud server and host their infrastructure elsewhere rather than having to maintain IT assets themselves in a physical office.
BigID
BigID is doing interesting things around the under-addressed topic of identifying how sensitive data is used across a customer’s organization, especially around applications that are adjacent to traditional data loss prevention (DLP) use cases, according to Ryan Kalember, Proofpoint’s executive vice president of cybersecurity strategy.
It’s difficult for organizations to figure out and understand how they’re using data that might be sensitive to subject to regulatory requirements like the European Union’s GDPR, Kalember said. Finding all this data across an organization and all its applications is a nontrivial task, Kalember said, and is far more complicated that simply putting together a policy document that describes how data is used.
Companies like BigID are actually trying to find unstructured data both in the cloud and on-premises and build real controls around it, Kalember said. As more security departments become responsible for privacy as well, Kalember expects to see more interest in the capabilities BigID can bring to bear.
Snyk
Snyk specializes in identifying open-source vulnerabilities, and the product has a lot of appeal to developers as organizations look to incorporate security into their software build process from the get-go, according to Kevin Simzer, Trend Micro’s chief operating officer. Snyk appeals directly to the development community offers a software development kit (SDK) that’s tailor-made for developers.
Ninety percent of software running in the cloud today is open source, and Simzer said it’s important for organizations to have a platform in place that protects both the applications the business develops itself as well as those its application developers inherit from open-source libraries like GitHub and Jira.
Trend Micro has added Snyk to its platform for cloud builders for greater breadth, and Simzer said Snyk’s capability sits alongside six different services Trend Micro already had in place. The partnership has been mutually beneficial, Simzer said, since Trend Micro has been able to bring Snyk’s technology to security operations people in the customer organization that actually have money to spend.
HYPR
HYPR is trying to kill passwords with a cross-platform approach, complementing the likes of Yubico—which has tried to move the industry to a hardware token form of authentication—as well as Microsoft, who’s largely taken a Microsoft-only approach, according to Proofpoint’s Kalember.
Companies like HYPR that help the industry move away toward a password-less multifactor authentication approach are going to have a meaningful impact by making things much harder for attackers, Kalember said. Killing passwords and going to multifactor authentication will have a bigger security benefit than trying to figure out who needs access to which systems and applications.
Most breaches involve either human error or compromised credentials, according to Kalember, who cited the Verizon Data Breach Investigations Report. So companies like HYPR that are working to reduce or eliminate the use of passwords have the potential to significantly reduce the number of breaches that occur going forward.
BitSight
BitSight’s ability to hold multiple vendors up to the same yardstick and provided a quantified score has never been more relevant for customers, according to Kevin Kiley, OneTrust’s chief revenue officer. The company’s security ratings play a vital role in third-party risk management by arming customers with the necessary information to make quick, objective decisions about which vendors to work with, he said.
Customers are seeing real relief from BitSight’s ability to present information about third-party risk in an easily digestible manner that helps customers make key decisions, Kiley said. BitSight is the gold standard when it comes to security ratings, and Kiley said that’s never been more needed than it is right now.
OneTrust incorporates BitSight’s security ratings into its controls for managing third-party vendor risk. Kiley said BitSight’s capabilities are very complementary to what OneTrust provides through its assessment of suppliers and exchange of information, which ensures that OneTrust customers are aware of changes made by vendors that might be impactful to them.