Top 10 RSA Conference Security Innovators

Here are the 10 RSA Conference Innovation Sandbox competitors for the title of most innovative security product likely to have a big impact.


At the 2010 RSA Conference in March, 10 companies will compete in the Innovation Sandbox, a competition among products less than a year old made by a private company with less than $5 million in revenues and with leaders who have delivered products successfully before. The winner will be declared the most likely to make a significant impact on information security. Here are this year's 10 finalists.


Altor Networks' VF v3.0 — This virtual firewall platform for protecting VMware virtual machines includes firewall and intrusion detection and operates from within the hypervisor and the virtual switch, enabling examination of packets between virtual machines on the same physical host. The software includes an API for automated provisioning.


Catbird vCompliance — A feature of the company's V-Security platform, vCompliance correlates the protections its software affords to VMware virtual machines with specific requirements of certain regulations such as Payment Card Industry (PCI), Department of Defense Information Assurance Certification and Accreditation Process (DIACAP), Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA). The idea is to make it simpler to comply and to prove compliance to auditors.


Envision Security's Risk Communicator — A Web application offered on a software-as-a-service basis, Risk Communicator is a framework for CISOs to assess network risk, to prioritize it, to decide which projects will address risk appropriately and to justify the money spent. The process is documented to prove to regulators that a consistent approach was taken and to corporate executives that security decisions were made with business justifications.


Hacktics' Seeker — Seeker is software for developers that automatically tests applications for flaws and then demonstrates via video how the flaws can be exploited. The goal is to identify problems and fix them during the development process. The company says the tool can be used by developers who are not security experts and that it addresses the entire software development cycle.


Hytrust's Appliance CE — This appliance sits between virtualized data centers and the machines seeking access to data center resources where it acts as a clearinghouse for access control, policy management, security configuration and compliance. The device is meant to apply the well-established protections designed for traditional data centers to the more fluid nature of virtualized data centers.


KiduSema's FabulaRosa — This is software that creates a sandbox environment for creating visual images that it translates into very long passwords that it generates out of the sandbox. Users remember the elements of the images and create them when needed in order for FabulaRosa to generate them. In addition, the passwords are disguised to protect them in transit. These strings can be 63,353 characters long and used for authentication or encryption.


Navaho System's Virtual Private SaaS — This service encrypts customer data before it is transmitted to a SaaS provider. The data remains encrypted while in the SaaS provider's database, but is accessible by the SaaS application. Virtual Private SaaS includes a proxy that sends data as needed by the SaaS application, retaining enough characteristics in the clear so the application can sort, search and validate fields, but keeping the data itself encrypted. Customers control the encryption keys.


RavenWhite's Blue Moon Authentication — This is an authentication mechanism used for password resets. Rather than ask your mother's maiden name, it asks you to check whether you like or dislike a list of 15 items for which you have previously registered your like or dislike. The company claims Blue Moon Authentication results in less than 1% false positives. It is meant to overcome problems other methods have such as bad sites capturing the answer to authentication questions (mother's maiden name) and applying them to other sites the user accesses and that ask the same question.


Silver Tail Systems' Forensics — This software monitors all Web site activity, seeks anomalous behavior and sends out alerts about it. In addition to warnings, the package provides tools for investigating the exact nature of attacks and the damage they might have done. IT can parse activity based on user, page and IP statistics. Investigators can track attacker behavior that got them into the site and what they did while they were there.


Whitebox Security's WhiteOPS — WhiteOPS does five things: 1) monitors transactions and transaction-related data; 2) tracks user activity across applications; 3) creates a baseline threshold for all attributes that can be adjusted for anomalous behavior; 4) authorizes transactions; 5) learns, defines and enforces security policies across multiple security devices. The platform gives a central dashboard for these functions and enables an overarching security policy enforcement point.

Copyright © 2010 IDG Communications, Inc.