12 of the hottest startups at the RSA Conference 2019

These RSAC Early Stage Expo startups bring fresh cybersecurity solutions to fight phishing, improve application security, provide better cloud protections, enforce security policy, more accurately authenticate and more.

rocket launch startup cloud success growth
Getty Images

The RSA Conference 2019 is set to kick-off on March 4 in San Francisco, and this year’s theme, Better, is an invitation to the industry to work harder to ensure a higher level of security for consumers and organizations worldwide. This is exactly what RSAC’s most innovative startups are aiming for. Tackling everything from phishing to container security and cloud management, this year’s lineup is filled with fresh approaches to familiar problems and applications of new technologies aimed to address today’s biggest security challenges.

The RSAC Early Stage Expo gathers over 50 promising startups from all over the world, many of which have so far been in stealth mode. These are some of the most interesting:

1. RedMarlin: AI-powered phishing detection (booth 43)

The majority of cyber attacks start with phishing. RedMarlin, a Mountain View-based startup, uses machine learning to detect such attacks in real time. Its AI engine indexes websites and quickly catches phishing pages and their variants.

The technology is signatureless and it automatically adapts to the continuously changing phishing web pages. RedMarlin claims it can start protecting any brand in less than 60 seconds. The startup brags about the usability of its products, and says that the AI-based URL scanner is suited for “both a mom-and-pop shop and a big corporate enterprise.”

2. Portshift: Identity-based application security platform (booth 41)

Portshift merges security and operations so that DevOps teams can deploy applications fast, having security built into deployment. The platform secures applications from code to runtime. It uses digital signing techniques to validate and authenticate applications, and it allows control of how applications communicate. Portshift uses APIs that work with continuous integration/continuous development (CI/CD) systems, such as Jenkins.

The startup has operated in stealth mode so far, collaborating with just a few organizations in Europe and the U.S. During the RSA Conference 2019, it will showcase its product for the first time and announce its general availability outside beta sites. Portshift was born out of Team8, the company creation platform that specializes in cyber resilience and data science, and leverages the expertise of Israel's Intelligence Unit 8200.

3. Styra: Authorization for Kubernetes environments (booth 1)

Styra, currently in stealth mode, is developing a next-generation cloud-based tool for security and compliance. Its goal is to enable enterprises to define, enforce, and validate security across their Kubernetes (an open-source system for automating application deployment, scaling, and management) environments.

Styra’s graphical library of customizable policies lets security and DevOps teams mitigate risks and accelerate development. The same team built the Open Policy Agent, an open-source policy engine that can be used to enforce policy across the cloud-native stack. The company is based in Redwood City, CA.

4. Inky: Cloud-based email protection system (booth 18)

Inky Phish Fence uses computer vision and anomaly detection algorithms to block both brand forgery emails and spear phishing attempts. When it detects suspicious emails, it displays warning banners, guiding the user on how to best address the issue.

The platform understands emails and looks for signs of fraud. It claims it “can spot imposters by a pixel,” catching everything from spam and malware to serious threats. Inky integrates with Office 365, Exchange and G Suite, and pricing is per mailbox per month. The startup will debut at RSAC, but mid-sized companies and manufacturers have already tested its products.

5. Pixm: Phishing protection using computer vision (booth 29)

Pixm also wants to help customers and organizations win the war against phishing attacks. It offers real-time protection not only for email inboxes, but for other channels such as Facebook, LinkedIn, Slack, and instant messages as well.

Pixm says it has a fresh perspective employing advanced computer vision technology to prevent phishing attacks from happening. The product is free for personal use, but businesses have to pay up to $7 per month. The startup is backed by cybersecurity investors and former representatives of the intelligence community, such as ex-NSA hacker Ron Gula.

6. Basil Security: Security policy enforcement system (booth 19)

Basil Security uses blockchain technology to provide cybersecurity and regulatory compliance solutions for cloud operations and DevOps, helping organizations prevent insider attacks and errors. The startup offers a stateful, distributed security policy enforcement system with immutable, unified audit logging.

Basil targets high-security environments, enterprises, and service providers in regulated industries that are interested in complying with the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).

The creator of Basil's technology, Hunter Prendergast, is a former U.S. Navy nuclear reactor operator who became interested in cybersecurity during his military service. Basil's CEO, Ron Herardian, is a veteran of the enterprise software industry and served in multiple roles at Cisco and Oracle.

7. NuID: Decentralized authentication solution (booth 42)

NuID offers a blockchain-based authentication solution that the company claims eliminates the need for users to trust anyone with their passwords, thus reducing the risk of data breaches. The platform leverages zero knowledge cryptography, a method by which a party can prove to another party that they know a password without actually communicating the password or any other information.

NuID’s unified protocol for authentication supports passwords, as well as tokens and biometrics. It enables businesses to reduce security risks while having a user-friendly experience. The startup closed an equity seed funding round at a pre-money valuation of $20 million in December 2018.

8. ArecaBay: Network engine for API DevSecOps (booth 10)

ArecaBay enables InfoSec and DevOps teams to discover, monitor and secure APIs. Its technology works across encrypted traffic, correlates multi-point API transactions, and uses machine learning for a self-adaptive learning and behavior analysis.

Headquartered in Los Altos, CA, ArecaBay has built two products. The first, XRay, is an app observability tool for DevOps. It provides insights and performance metrics, correlates API calls across services, and discovers the root cause of issues in a multilayer environment. The second product, ArecaBay Force Field, monitors and secures APIs across services and clouds without impacting applications.

9. ToucanX: “Air-gapped technology” (booth 13)

ToucanX proposes a new cybersecurity architecture that separates assets that are considered sensitive and classified, making them inaccessible to a malicious actor, regardless of the level of penetration or type of attack.

The startup claims to bring “air-gapped technology to the enterprise endpoint,” and it says it does it without sacrificing productivity or user experience. ToucanX offers solutions to protect PCs, mobile devices, IoT devices, and cloud environments.

10. Cequence Security: Automated application security platform (booth 50)

Cequence Security has developed an AI-powered application security platform which analyzes behaviors and intents to identify malicious bots. The software platform will support multiple security service modules to detect and block a broad range of attacks on web, mobile and API applications.

During RSAC, Cequence Security will demonstrate how its botDefense works. The product launched in November last year and is designed to detect and block malicious bot attacks. The startup says that this product overcomes the limitations of web application firewalls (WAFs) and older bot management tools, as it offers real-time detection and defense without requiring any changes to applications.

11. SecureStack: Platform security as a service (booth 49)

This Australia-based startup allows organizations to have secure servers in AWS, Google GCP, Azure and VMware using a “build once, deploy anywhere” philosophy. SecureStack automates security information and event management, backup, audit and vulnerability assessments. It delivers data and insights smoothly, giving customers extensive information on what’s happening on their networks.

At RSAC, the company will present two products, SecureCloud and CloudBuilder.

12. Armor Scientific: Identity governance platform (booth 33)

Armor Scientific is a startup just coming out of stealth mode. It aims to deliver the first identity governance platform for universal access management. The startup uses a GPS-enabled hardware token that acts as a biometric remote control. Users simply touch it to log in, thus the need for passwords is eliminated.

Users and devices are protected by location-aware multi-factor authentication, a blockchain-enabled cryptographic trust domain, AI/machine learning behavior analytics, and an outcome-assured workflow engine.

Bonus: The RSAC Innovation Sandbox Contest

Make sure to also check out this year’s ten finalists of the RSAC Innovation Sandbox Contest:

  • Arkose Labs - Solves fraud problems for the world’s most targeted businesses
  • Axonius - Asset management platform
  • Capsule8 - Zero-day attack detection platform
  • CloudKnox - Manages human and non-human identity privileges across hybrid cloud environments
  • disrupt:Ops - Automated guardrails for multi-cloud infrastructures
  • Duality Technologies - Protecting privacy, IP, and regulation compliance
  • Eclypsium - Stops threats in the firmware of critical devices
  • Salt - Security policy, vulnerability assessment, security awareness
  • ShiftLeft - Continuous platform for code analysis, runtime protection, and vulnerability research
  • WireWheel - Cloud-based data privacy & protection platform

These ten startups will have three-minute pitches in front of a panel of judges. The winner will be announced at 4:30 pm on Monday, March 4.

Copyright © 2019 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!