Today marks the opening of RSA 2015. Like many years before, the Moscone Center turns into a flashy hack-a-thon jammed with all manner of security minds and companies hawking their great ideas.
RSA is rich in style, but often lacking in substance. Nevertheless, there are good ideas and technologies out there. Like the good analysts we are, Anitian will sort it all out for you. Our team is inside RSA stripping away the flash and froth to get down to what really matters.
It is already obvious that RSA 2015 will be the largest ever. Estimates are that 30,000 people will be attending—easily double the attendance of just a few years ago. Based on the number of sweaty bodies jammed into the Innovation Sandbox, that number seems plausible.
No longer relegated to the basement, security is now a real, viable part of companies. CEOs actually care about security (for the first time in forever) because they do not want to lose their jobs. It is amazing how people suddenly care about something when it threatens them personally.
Raytheon Gets Some Websense
The big news this morning was that Raytheon agreed to acquire a majority stake of Websense from Vista Equity. Anitian did technical advisory services for this deal, so it was not news to us. However, this deal, plus the recent Bain/BlueCoat acquisition (which Anitian was also involved with) and the TrustWave/Singtel deal show how hot security has become. Expect to see more acquisitions over the next few years.
Inside the Sandbox
The Innovation Sandbox is always my favorite event. Ten upstart security tech companies vie for the award as the most innovative company. This event is gaining popularity. When it started in 2005, it was a small side-event. However, some great companies got their start in the Sandbox, like SourceFire, Imperva, Cylance, CrowdStrike, and SkyHigh.
Here is a summary of this year’s contestants.
Waratek – Sandbox Winner
Waratek aims to solve a serious and pervasive problem plaguing business applications: Java sucks. Java’s flexibility and extensibility make it a popular development language. However, they also make Java difficult to secure. Java attacks have figured prominently in a few high-profile breaches.
To secure Java, Waratek runs code inside virtual containers. The “hypervisor” then controls and manages that code. It has a rules engine that can proactively protect applications against exploits without having to change the code.
Waratek is an elegant and practical technology. What surprised me is that the panel chose this over Ticto, Vectra, FortScale, or SecurityDo all of which have sexy, high-concept products. Could this signal a refreshing trend? Is RSA setting aside sensationalism for practicality? Let’s see what tomorrow brings.
After a long, clumsy pitch from the BugCrowd representative, I blurted out, “You’re an Ebay for hackers.” The representative stammered and partially agreed. BugCrowd crowdsources bug hunting. Companies sign up and then security researchers can connect with them and get paid for finding bugs.
I want to like this idea, but honestly, it’s an untenable business model. Crowdsourcing is fine for singular, focused needs (like coolers with blenders built into them), but security testing is a complex, dynamic challenge. Just letting random people hack away at code is unscientific and at best will lead to inconsistent results.
This is yet another endpoint security product. The more I questioned the representative of this company, the more annoyed she seemed to get, which makes me suspicious.
Suspicions aside, endpoint “advanced security” products are cropping up everywhere. This company is going to have a difficult time differentiating themselves. That said, they have an attractive GUI.
Feed it data, FortScale analyzes it for user behavior. That is the basics of this user analytics technology. It is sort of like a DLP product, but it uses log data for its inputs. Call this a “user security analytics” technology. I was impressed with this company.
However, its dependency on log data from other products makes it a nice-to-have and not a need-to-have product. This technology could be valuable, but it needs integration into a whole. I see an acquisition in this company’s future.
NexDefense detects for anomalies in SCADA and industrial controls. It watches everything going on in an ICS network, and looks for anything weird. This is an ultra-boring technology with an ultra-awesome GUI. The graphics and visualizations are right out of a video game. I would buy this technology just to get that GUI. Who cares what it monitors; I could stare at those packet blob things and rays of communication all night.
They do breach detection. They have a dumb name. Their website broke the night of the Sandbox. I guess they took the loss pretty hard.
Their GUI is super busy with code, numbers, and colors. It felt like the inside of a mid-2000s Acura—cluttered. They take in data from netflows and log data. I was not impressed. This was what RSA Netwitness was about four versions ago, and that is not a good thing. They need to clean up their GUI and provide a clearer view of what their product is actually doing.
This is yet another endpoint security product. However, this one has gone full Palo Alto and calls itself…wait for it…“Next-Generation Endpoint Protection.” Old technology never dies, it just gets “next generation” appended to the name. I will give them credit, they seem more fully baked than CyberReason.
The details of their engine are spotty. They claim to monitor processes, files, memory, and so forth without any endpoint impact. I have heard that before and it is never true.
This company feels like it was created for the sole purpose of being acquired by CheckPoint. However, CheckPoint just bought an endpoint technology. So, now they need sales. Yahoo seems to really have a thing for them; I do not.
This company was the runner-up for the Sandbox, and I can see why. Their technology is cool. Ticto is a cross between a smart card, a one-time password fob, and a picture keychain. It has a LCD screen on the front that shows a picture ID. It can be used to badge into an environment, and is presumably compatible with existing HID-type readers.
However, the cool part is the random pictographs that display and are synchronous across any group of people. So you can look at somebody’s card and know immediately if they are in an authorized group or not.
The technology is slick. However, I would question the costs. Technologies like this may deliver an innovative way to handle user access, but do the costs justify those improvements?
This is a code scanning technology that will mathematically guarantee the quality of code. How you mathematically guarantee code is, honestly, beyond me. This company’s website also was dead after the Sandbox. Maybe they should have guaranteed the code of their website.
This is a network-based analytics and detection technology. It has sensors that you feed packets and it yanks them apart and analyzes them. They say it can even analyze encrypted traffic. Assuming the engine does what it says, I like Vectra. The GUI is polished and attractive, and the deployment is simple.
What Vectra lacks is a solid story or marketing narrative. They feel like a “me too!” kind of company. Their corporate vision is lost inside an onslaught of buzzwords on their website. They will struggle to compete with FireEye-type sandboxing technologies and NGFW platforms.
Security Analytics Figures Prominently
One big take-away from the Innovation Sandbox is how prominent security analytics has become. Security analytics will shape this industry for the next few years. Check out our series on Security Analytics.
If you want to yell at (or hug) the Anitian team, don’t miss our reception at Jamber, Wednesday night during the pub crawl from 5:30-8:30 PM. E-mail firstname.lastname@example.org for more information.