The RSA Conference’s Innovation Sandbox Contest has been a source of new ideas and approaches for an ever-evolving cybersecurity industry for 16 years. This year’s contest was no different, as startup founders and leaders made their pitches from around the world.
From agentless solutions for multi-cloud infrastructures to implementing zero trust and threat scoring, the 2021 class of innovators predominantly addresses cloud, data, and application security. As RSAC boasts, the finalists that qualify for the competition “have collectively seen over 50 acquisitions and received $5.2 billion in investments,” since 2005.
With a fresh group of finalists ready to take on the cybersecurity marketplace in the 2020s, we dive right into this year’s contest details and innovators.
RSAC contest criteria
Outlined by moderator and RSA Program Committee Chair Hugh Thompson, finalists for the competition had three minutes to make their pitch. After the buzzer, judges have three minutes to pose questions to the vendor.
For judging vendor solutions, criteria included:
- Presenting the problem the solution addresses
- Pointing to the audience(s) the problem or solution influences
- Evidence of originality or uniqueness in approach
- A defined marketing strategy
- Forecasting how the solution will affect the marketplace
- The makeup of the organizational leadership
- Market validation through funding, R&D, and more
RSAC contest finalists and results
After all finalists presented, judges took under an hour to deliberate and select this year’s winner. Before giving their results, judge Paul Kocher noted the shifting nature of the industry, saying, “The way things were done in the past is not the way they’ll be done in the future.” Judge Niloofar Howe pointed to how many ideas were rooted in addressing the biggest news of the year and the titan that is cloud security.
And the 2021 RSAC Sandbox Innovation Contest winner is…Apiiro Security.
We are pleased to announce @ApiiroSecurity is the #RSAC Innovation Sandbox Contest winner. Named the “Most Innovative Startup,” Apiiro was selected by a panel of esteemed judges for its Code Risk Platform™. https://t.co/6GlpYXec5u pic.twitter.com/YgbPXOBErz
— RSA Conference (@RSAConference) May 19, 2021
In considering the ten finalists, judges noted that their decision came down to two choices. The runner-up for this year’s contest goes to Strata.
|Apiiro Security||Code risk platform||2019||Tel Aviv, Israel||$35M|
|Strata||Multi-cloud identity management||2019||Boulder, CO||$11.5M|
|Abnormal Security||Advanced email security||2018||San Francisco, CA||$74M|
|Axis Security||Zero trust cloud security||2018||San Mateo, CA||$99.5M|
|Cape Privacy||Encrypted learning privacy software||2018||New York, NY||$25M|
|Deduce||Account takeover tools||2019||New York, NY||$7.3M|
|Open Raven||Data security platform||2019||Los Angeles, CA||$19.1M|
|Satori||Data access cloud security||2019||Tel Aviv, Israel||$5.3M|
|Wabbi||Secure DevOps infrastructure platform||2018||Boston, MA|
|Wiz||Public cloud security solution||2020||Tel Aviv, Israel||$230M|
RSAC 2021 innovators
Winner: Apiiro Security
The winner of this year’s Innovation Sandbox Contest is Apiiro Security. Hailing from Tel Aviv, the vendor boasts itself as the world’s first Code Risk Platform, offering risk visibility across design, code, and cloud segments. In a world where protecting PII and meeting compliance mandates is essential, Apiiro’s innovation is its insights across organization segments, including the ever-important DevSecOps triad. Apiiro connects to an organization’s systems across hybrid infrastructure through a read-only API and promises real-time inventory and actionable remediation for risks.
Presenter: Idan Plotnik, CEO and Founder
When considering the top 10, judges narrowed their deliberation to risk-focused Apiiro and identity-focused Strata. Striving to offer an industry-first identity orchestration solution, dubbed the Maverics Platform, Strata’s leadership is no stranger to the identity space. Founder and CEO Eric Olden led Oracle’s identity security division twenty years ago and was a co-creator to the creation of SAML in 2000. Strata and Maverics aim to solve the complex identity and access management (IAM) problems facing large enterprises. With the ability to integrate across identity systems, organizations can create and replicate orchestrations for apps with ease.
Presenter: Eric Leach, Co-Founder and Chief Product Officer
Also Read: Top IAM Tools & Solutions for 2021
Born out of Silicon Valley in 2018, Abnormal Security is an advanced email security platform for the cloud age organization. As mentioned in their presentation, socially engineered attacks are the most costly security threat at $2.1B in 2020, second only to ransomware. Integrated into Office 365 and Google Suite, Abnormal Security emphasizes protecting infrastructures moving to the cloud and applying artificial intelligence to catch abnormal identities, relationships, and context. Abnormal activity related to email communications is on notice with this vendor’s service.
Presenter: Evan Reiser, CEO and Co-Founder
In an ever-expanding universe of XaaS offerings, Axis Security calls its offering a Secure Access as a Service or the Application Access Cloud. CEO Dor Knafo outlined the complexity of access today. From excessive access across private clouds, SaaS, and on-premises applications to the unnecessary risk posed by such extended access, Axis leans on zero trust and its “Application Isolation Technology” to offer secure and segmented cloud access. With quick deployment, the Axis Security platform promises to secure partner and third-party access, authorize employees from anywhere, and accelerate network migration.
The San Mateo-based vendor currently holds the second-highest funding total at $99.5 million of this year’s finalists. Axis Security also made our top cybersecurity startups to watch in 2021.
Presenter: Dor Knafo, Co-Founder and CEO
Also Read: Top Zero Trust Security Solutions in 2021
At a conference hosted by cryptography giant RSA, Cape Privacy was the only contest finalist specializing in encryption technology. The New York City-based vendor targets data scientists, machine learning engineers, and data owners everywhere with the Cape Privacy Encrypted Learning Platform. By optimizing encryption protocols for machine learning, Cape Privacy reduces compute overhead and enables secure information sharing between organizations. The goal: accelerate the adoption of ML across industries while securing data privacy.
Presenter: Che Wijesinghe, CEO
The second startup hailing from NYC, Deduce seeks to address the glaring problems of account takeovers, data leakage, and identity fraud. As CEO Ari Jacoby put it, 50,000 accounts are breached every hour and collectively will cost up to $30 billion in the next few years. Powered by a consumer data network of 150,000 websites and a billion-plus daily user events, Deduce’s innovative solution collects identity-based threat intelligence to classify identity risk and alert customers in real-time.
Deduce Presenter: Ari Jacoby, CEO
With leadership responsible for founding OWASP and hailing from industry players CrowdStrike, SourceClear, and Spunk, Open Raven is a Los Angeles-based vendor committed to data security visibility and compliance for the cloud. CEO Dave Cole noted, “We face an inflection point of data being moved into the cloud.” Instead of tracking data in motion, Open Raven goes further in analyzing data at rest. Classifying inventory and automating data governance are features that can improve any hybrid infrastructure’s security posture.
Open Raven Presenter: Dave Cole, CEO
Also Read: Top Cloud Security Companies & Tools
Israeli cybersecurity vendor Satori is a data access service for monitoring, classifying, and controlling access to sensitive data. Offering an industry-first DataSecOps platform, Satori aims to provide appropriate and timely access, real-time data context, and granular policy enforcement. The platform creates a layer of protection and visibility between data users and data stores to address concerns about transferring sensitive data via a data proxy. Goals include:
- Robust data access control
- Visibility into data usage and transfer
- Ease of fulfilling compliance obligations
Satori Presenter: Eldad Chai, CEO and Co-Founder
Coming out of Boston, Massachusetts, Wabbi is a Secure DevOps (SecDevOps) infrastructure platform. While enterprises are searching for security confidence, they’re also drowning in application security information. Wabbi addresses this problem and aims to eliminate the downside for teams choosing between security and agility. As your “appsec guardian angel,” Wabbi gives structure to code development workflows to maximize application security through the DevOps pipeline. Wabbi is the only company to make this year’s finalists without public funding information, but no doubt their product shined through this fact.
Wabbi Presenter: Brittany Greenfield, Founder and CEO
Also Read: Application Security Vendor List for 2021
The youngest of startups featured, Wiz was launched earlier this year and is already featured on the big stage at RSAC. Despite that, the third Tel Aviv-based finalist tops the list in funding at a whopping $230 million for its Series B round. With experience in cloud security at Microsoft, Wiz co-founder Yinon Costica argued that cloud security doesn’t come down to one single misconfiguration. Organizations moving to the cloud have a web of potential vulnerabilities, and companies don’t have proper visibility. In an agentless solution, Wiz’s innovation addresses a growing awareness of insecurity in the public cloud.
Wiz Presenter: Yinon Costica, Co-Founder and Vice President of Product
RSAC 2021: Another year of innovation
The 2021 Innovation Sandbox Contest was a success thanks to innovators’ creative pitches and judges’ probing questions and considerations. This year’s judges included:
- Dorit Dor, VP Products, Check Point Software Technologies
- Niloofar Howe, Senior Operating Partner, Energy Impact Partners
- Paul Kocher, Security Entrepreneur and Researcher
- Shlomo Kramer, Co-founder and CEO, Cato Networks
- Christopher Young, SVP Business Development, Microsoft
If you missed the chance to see this year’s competition, RSAC has you covered. Find all ten pitches here.
See eSecurityPlanet’s Innovation Sandbox coverage from RSAC years past below: