And the Winner of the 2021 RSAC Innovation Contest is…

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The RSA Conference’s Innovation Sandbox Contest has been a source of new ideas and approaches for an ever-evolving cybersecurity industry for 16 years. This year’s contest was no different, as startup founders and leaders made their pitches from around the world.

From agentless solutions for multi-cloud infrastructures to implementing zero trust and threat scoring, the 2021 class of innovators predominantly addresses cloud, data, and application security. As RSAC boasts, the finalists that qualify for the competition “have collectively seen over 50 acquisitions and received $5.2 billion in investments,” since 2005.

With a fresh group of finalists ready to take on the cybersecurity marketplace in the 2020s, we dive right into this year’s contest details and innovators.

Also Read: Top 22 Cybersecurity Startups to Watch in 2021

RSAC contest criteria

Outlined by moderator and RSA Program Committee Chair Hugh Thompson, finalists for the competition had three minutes to make their pitch. After the buzzer, judges have three minutes to pose questions to the vendor.

For judging vendor solutions, criteria included:

  • Presenting the problem the solution addresses
  • Pointing to the audience(s) the problem or solution influences
  • Evidence of originality or uniqueness in approach
  • A defined marketing strategy
  • Forecasting how the solution will affect the marketplace
  • The makeup of the organizational leadership
  • Market validation through funding, R&D, and more

RSAC contest finalists and results

After all finalists presented, judges took under an hour to deliberate and select this year’s winner. Before giving their results, judge Paul Kocher noted the shifting nature of the industry, saying, “The way things were done in the past is not the way they’ll be done in the future.” Judge Niloofar Howe pointed to how many ideas were rooted in addressing the biggest news of the year and the titan that is cloud security.

And the 2021 RSAC Sandbox Innovation Contest winner is…Apiiro Security.

In considering the ten finalists, judges noted that their decision came down to two choices. The runner-up for this year’s contest goes to Strata.

InnovatorProduct DescriptionEstHQFunding
Apiiro SecurityCode risk platform2019Tel Aviv, Israel$35M
StrataMulti-cloud identity management2019Boulder, CO$11.5M
Abnormal SecurityAdvanced email security2018San Francisco, CA$74M
Axis SecurityZero trust cloud security2018San Mateo, CA$99.5M
Cape PrivacyEncrypted learning privacy software2018New York, NY$25M
DeduceAccount takeover tools2019New York, NY$7.3M
Open RavenData security platform2019Los Angeles, CA$19.1M
SatoriData access cloud security2019Tel Aviv, Israel$5.3M
WabbiSecure DevOps infrastructure platform2018Boston, MA
WizPublic cloud security solution2020Tel Aviv, Israel$230M

RSAC 2021 innovators

Winner: Apiiro Security

The winner of this year’s Innovation Sandbox Contest is Apiiro Security. Hailing from Tel Aviv, the vendor boasts itself as the world’s first Code Risk Platform, offering risk visibility across design, code, and cloud segments. In a world where protecting PII and meeting compliance mandates is essential, Apiiro’s innovation is its insights across organization segments, including the ever-important DevSecOps triad. Apiiro connects to an organization’s systems across hybrid infrastructure through a read-only API and promises real-time inventory and actionable remediation for risks.

Presenter: Idan Plotnik, CEO and Founder

Runner-Up: Strata

When considering the top 10, judges narrowed their deliberation to risk-focused Apiiro and identity-focused Strata. Striving to offer an industry-first identity orchestration solution, dubbed the Maverics Platform, Strata’s leadership is no stranger to the identity space. Founder and CEO Eric Olden led Oracle’s identity security division twenty years ago and was a co-creator to the creation of SAML in 2000. Strata and Maverics aim to solve the complex identity and access management (IAM) problems facing large enterprises. With the ability to integrate across identity systems, organizations can create and replicate orchestrations for apps with ease.

Presenter: Eric Leach, Co-Founder and Chief Product Officer

Also Read: Top IAM Tools & Solutions

Abnormal Security

Born out of Silicon Valley in 2018, Abnormal Security is an advanced email security platform for the cloud age organization. As mentioned in their presentation, socially engineered attacks are the most costly security threat at $2.1B in 2020, second only to ransomware. Integrated into Office 365 and Google Suite, Abnormal Security emphasizes protecting infrastructures moving to the cloud and applying artificial intelligence to catch abnormal identities, relationships, and context. Abnormal activity related to email communications is on notice with this vendor’s service.

Presenter: Evan Reiser, CEO and Co-Founder

Axis Security

In an ever-expanding universe of XaaS offerings, Axis Security calls its offering a Secure Access as a Service or the Application Access Cloud. CEO Dor Knafo outlined the complexity of access today. From excessive access across private clouds, SaaS, and on-premises applications to the unnecessary risk posed by such extended access, Axis leans on zero trust and its “Application Isolation Technology” to offer secure and segmented cloud access. With quick deployment, the Axis Security platform promises to secure partner and third-party access, authorize employees from anywhere, and accelerate network migration.

The San Mateo-based vendor currently holds the second-highest funding total at $99.5 million of this year’s finalists. Axis Security also made our top cybersecurity startups to watch in 2021.

Presenter: Dor Knafo, Co-Founder and CEO

Also Read: Top Zero Trust Security Solutions

Cape Privacy

At a conference hosted by cryptography giant RSA, Cape Privacy was the only contest finalist specializing in encryption technology. The New York City-based vendor targets data scientists, machine learning engineers, and data owners everywhere with the Cape Privacy Encrypted Learning Platform. By optimizing encryption protocols for machine learning, Cape Privacy reduces compute overhead and enables secure information sharing between organizations. The goal: accelerate the adoption of ML across industries while securing data privacy.

Presenter: Che Wijesinghe, CEO

Also Read: Tokenization vs. Encryption: Which is Better for Protecting Critical Data?


The second startup hailing from NYC, Deduce seeks to address the glaring problems of account takeovers, data leakage, and identity fraud. As CEO Ari Jacoby put it, 50,000 accounts are breached every hour and collectively will cost up to $30 billion in the next few years. Powered by a consumer data network of 150,000 websites and a billion-plus daily user events, Deduce’s innovative solution collects identity-based threat intelligence to classify identity risk and alert customers in real-time.

Deduce Presenter: Ari Jacoby, CEO

Open Raven

With leadership responsible for founding OWASP and hailing from industry players CrowdStrike, SourceClear, and Spunk, Open Raven is a Los Angeles-based vendor committed to data security visibility and compliance for the cloud. CEO Dave Cole noted, “We face an inflection point of data being moved into the cloud.” Instead of tracking data in motion, Open Raven goes further in analyzing data at rest. Classifying inventory and automating data governance are features that can improve any hybrid infrastructure’s security posture.

Open Raven Presenter: Dave Cole, CEO

Also Read: Top Cloud Security Companies & Tools


Israeli cybersecurity vendor Satori is a data access service for monitoring, classifying, and controlling access to sensitive data. Offering an industry-first DataSecOps platform, Satori aims to provide appropriate and timely access, real-time data context, and granular policy enforcement. The platform creates a layer of protection and visibility between data users and data stores to address concerns about transferring sensitive data via a data proxy. Goals include:

  • Robust data access control
  • Visibility into data usage and transfer
  • Ease of fulfilling compliance obligations

Satori Presenter: Eldad Chai, CEO and Co-Founder


Coming out of Boston, Massachusetts, Wabbi is a Secure DevOps (SecDevOps) infrastructure platform. While enterprises are searching for security confidence, they’re also drowning in application security information. Wabbi addresses this problem and aims to eliminate the downside for teams choosing between security and agility. As your “appsec guardian angel,” Wabbi gives structure to code development workflows to maximize application security through the DevOps pipeline. Wabbi is the only company to make this year’s finalists without public funding information, but no doubt their product shined through this fact.

Wabbi Presenter: Brittany Greenfield, Founder and CEO

Also Read: Application Security Vendor List for 2021


The youngest of startups featured, Wiz was launched earlier this year and is already featured on the big stage at RSAC. Despite that, the third Tel Aviv-based finalist tops the list in funding at a whopping $230 million for its Series B round. With experience in cloud security at Microsoft, Wiz co-founder Yinon Costica argued that cloud security doesn’t come down to one single misconfiguration. Organizations moving to the cloud have a web of potential vulnerabilities, and companies don’t have proper visibility. In an agentless solution, Wiz’s innovation addresses a growing awareness of insecurity in the public cloud.

Wiz Presenter: Yinon Costica, Co-Founder and Vice President of Product

Also Read: Cloud Bucket Vulnerability Management in 2021

RSAC 2021: Another year of innovation

The 2021 Innovation Sandbox Contest was a success thanks to innovators’ creative pitches and judges’ probing questions and considerations. This year’s judges included:

  • Dorit Dor, VP Products, Check Point Software Technologies
  • Niloofar Howe, Senior Operating Partner, Energy Impact Partners
  • Paul Kocher, Security Entrepreneur and Researcher
  • Shlomo Kramer, Co-founder and CEO, Cato Networks
  • Christopher Young, SVP Business Development, Microsoft

If you missed the chance to see this year’s competition, RSAC has you covered. Find all ten pitches here.

See eSecurityPlanet’s Innovation Sandbox coverage from RSAC years past below:

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Sam Ingalls Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis