The RSA Innovation Sandbox: part startup Olympics, part unicorn hunt.
RSA 2017 opens Monday, February 13th, 2017, at the Moscone Center in San Francisco, California. The first day's highlight is the annual Innovation Sandbox. Moscone Center
By The CyberWire Staff
Feb 20, 2017

The RSA Innovation Sandbox: part startup Olympics, part unicorn hunt.

RSA opens today with the annual Innovation Sandbox, a competition that began with a very large number of nominations, now winnowed to ten finalists. The Sandbox aims at selecting what the RSA Conference characterizes as the year's most innovative information security companies. 

The competition.

RSA solicits applications (and receives a lot of them), and then selects ten finalists to compete before the judges at this annual San Francisco conference. 

Final presentations will be made in the Sandbox at the Moscone Center during the afternoon of Monday, February 13th, 2017. This year's finalists are, in alphabetical order:

  • Baffle, of Santa Clara, California. The company takes its mission to be "making data breaches irrelevant." Their deep encryption is applied immediately and stays with the data it protects, whether those data are at rest, in motion, or in use.
  • Cato Networks, of Alpharetta, Georgia, and Tel Aviv, Israel. They offer a software-defined cloud-based secure enterprise network that connects branch locations, physical and cloud datacenters, and mobile users in a secure, optimized network. "One Network, protected by One Security stack and enforcing One Policy."
  • Claroty, of Tel Aviv and New York. The company provides a single, holistic, secure platform for operational technology, securing such highly valuable and highly sensitive installations as power plants and offshore rigs. 
  • Contrast Security, of Los Altos, California. Contrast holds out the promise of self-protecting software, enabled by deep security instrumentation.
  • EN|VEIL, whose leadership claims roots in the Johns Hopkins University Applied Physics Laboratory and the National Security Agency, offers a scalable framework whose homomorphic encryption lets enterprises work on data without needing to decrypt it.
  • GreatHorn, of Belmont, Massachusetts. GreatHorn has an "automated policy engine" that comes pre-configured, ready to install to protect an enterprise from highly targeted attacks in realtime: spoofed emails, homograph domain attacks, and financial fraud attempts.
  • RedLock, of Hyderabad, India, and Menlo Park, California. They offer a platform that makes enterprise security easy, with a cloud-native architecture, workload behavior monitoring, and out-of-the-box policy packs and templates.
  • Unify ID, of San Francisco. They combine implicit authentication with machine learning in ways that uniquely identify you, and they promise to make remembering passwords a "thing of the past."
  • Uplevel, of New York. They apply advanced data science to information culled from internal systems and external sources, and they use it deliver automation throughout incident response.
  • Veriflow, of San Jose, California. Veriflow delivers a solution that serves reliability. Their continuous network verification technology predicts and verifies availability and security, getting ahead of outages and vulnerabilities, whatever their source.

The judges.

A panel of five veteran industry thought leaders will choose the winner this afternoon. This year's judges are:

  • Asheem Chandra, Partner, Greylock Partners
  • Gerhard Eschelbeck, Vice President Security and Privacy Engineering, Google
  • Nillofar Razi Howe, Senior Vice President and Chief Strategy Officer, RSA Corp.
  • Patrick Heim, Head of Trust & Security, Dropbox
  • Paul Kocher, President and Chief Scientist, Crytography Research Division of Rambus

Once the final presentations are complete, the panel will conclude its deliberations and announce the winner. We expect an announcement around 4:30 Pacific Time today.

The Sandbox record.

Past winners include some impressive, and familiar names. 

  • Sourcefire took the prize at the first Sandbox, back in 2005. They won for their suite of enterprise threat management solutions, from next-generation security platform through advanced malware protection. This Maryland-born unicorn was bought by Cisco in 2013 for $2.7 billion.
  • Imperva, activity monitoring, protection, and risk management specialists, won in 2006. Their 2011 IPO raised $90 million.
  • Yoggie Security Systems was, according to RSA, the inventor of behavior-based blocking technology in the form of a hardware-based computer security solution. They had raised an additional $2.8 million in capital within a year of winning in 2007, and in 2011 they exited in an acquisition by CUPP.
  • In 2009 Alert Enterprise won for its pioneering work in the convergence of logical and physical security. They raised $27 million in two rounds of venture funding after taking top honors at RSA.
  • Altor, 2010's winner, took the prize for virtualization and cloud security solutions. After raising $16 million in two venture funding rounds, they were acquired that same year by Juniper Networks.
  • 2011's winner, Invincea, was in the news last week over its acquisition by Sophos for $100 million. The work that earned them distinction has been in advanced endpoint protection that combines containerization, threat detection, and response.
  • Appthority has continued to go strong since winning in 2012. The app-risk management shop has raised a total of $25.25 million in equity funding since its appearance in the Sandbox.
  • Remotium was recognized in 2013 for it BYOD-enabling mobile security technology. Avast bought them in 2015.
  • In 2014 Red Owl Analytics won for its risk oversight software solutions for compliance and investigations. They've since attracted $21.6 million in equity investment.
  • Waratek's Runtime Application Self-Protection for apps in data center, hybrid, or public clouds took the honors in 2015. Headquartered in Dublin, they continue to go strong, with a North American base in Atlanta.
  • Last year Phantom won for its solution addressing diverse threats in complex environments, and the scarcity of expert security personnel. Since winning, they've closed $13.5 million in funding from Kleiner Perkins.

Any one of the finalists over the years would be worthy of serious industry and investor attention, and this year's class is likely to be no different. Consider last year's ten finalists—familiar names to those who follow the industry. In addition to Phantom, the eventual winner, they included the IoT security experts Bastille Networks, the deception specialists at Illusive Networks, Menlo Security's cloud-based isolation artists, Prevoty (which automates defense and intelligence), ProtectWise (on-demand detection of complex threats), SafeBreach (whose "virtual hacker" prowls the killchain looking for trouble), secure infrastructure provider Skyport Systems, the data-centric security experts of Vera, and Versa Networks, who provide software-defined WANs. 

We'll update this article with news of the winner when it's available, and we'll offer perspective from the Sandbox itself.