RSA 2011: (dis)Innovation Sandbox

| 1 Comment | 1 TrackBack

Maybe I don't understand the meaning of the word "innovation." Every year I walk through RSA's "Innovation Sandbox," and every year I reach teh same conclusion: if this is "innovation," then no wonder we're so far behind the opposition! This year's assortment of vendors was no better than the previous years, with a couple exceptions.

"Science Fair" competitors:
* CipherCloud (Trustosphere): Similar to an entry from last year, this is a gateway appliance that sits on the edge of your enterprise and intercepts a variety of fields, tokenizing or encrypting data before it goes into the cloud. Interesting? Sure. Innovative? Not so much (we saw this last year). I'm sure they have key differentiators, but - as was true last year - I'm not sure I see much need or demand for this today. Another case of a solution being used to kludge human behavior.
* ENTERSECT: Another 2-factor solution (definitely not a new idea), particularly oriented to mobile devices, but without simply being a one-time-password (OTP) method. I didn't get more details beyond this as I just couldn't bring myself to hear the pitch.
* Gazzang: Though not what I would consider "innovative," this was nonetheless a potentially useful product. They're essentially an on-system middleware product (just above the kernel) for doing inline transparent encryption for MySQL databases. I question their market strategy, though, with Oracle having purchased Sun, the owner of MySQL.
* HyTrust: Just another configuration appliance, this one geared to virtual environments. What I don't get is that it was listed as v2.1. Ummm... if you've released 2.1 full versions in the last year, then I have some concerns...
* Incapsula: Oh, look, a WAF. Is this innovative? Incapsula is a spin-off from Imperva, with a focus on distribute WAF for the cloud. You know, like what Art of Defence has been successfully deploying for a couple years now. Heck, AOD is on the expo floor at RSA for at least it's 2nd year this year. Ummm... so, note to RSA Conferences: This is not the definition of "innovation."
* Invincea: One of two interesting products in the same space, attacking problems in slightly different ways. Basically, this is a sandboxed browser environment (Quaresso calls theirs an "emphemeral browser"). It's an interesting idea, and very much inline with what companies like beCrypt are doing in their autonomous environments.
* Pawaa Software: I didn't get a chance to dig into this solution very far, though it sounds interesting and mildly untenable. From the description and literature, it looks to be a wrapper file format for asserting and enforcing security controls. An interesting idea, but probably not as a standalone product. *IF* it's any good, then I have to believe they'll be snarfed up by a bigger vendor sooner than later.
* Quaresso: Their "ephemeral browser" is an interesting idea. Basically, again, a sandboxed environment. Nothing too crazy, but definitely a better approach than the norm. I expect this to become SOP for all browsers in the future.
* Silver Tail Systems: This product helps limit attack success by using statistics-based heuristical inline analysis to make a quick determination of "good" or "bad" and then action it accordingly. In many ways it reminds me of Trustifier (which I still barely understand), though instead of using algebras with compiler theory, they're instead using the AV heuristics model (which has had limited success historically). A nice idea, but one that I think will have limited legs. I'd be surprised if Symantec or McAfee didn't acquire them in the next couple years.
* Symplified: I have no idea what this product does. I couldn't get through the marketing buzzwords, nor did I get a chance to speak with their reps (they were fairly busy). To me, it seems that if you can't clearly state what you do in a sentence, but rather waste that space on marketing garbage, well, then you probably don't deserve much real attention.

Overall, I'm disappointed again with the lack of truly innovative solutions. I have to believe there is better stuff out there, though the rules for getting into the exhibit are a bit wonky. Will any of these products revolutionize the industry? Nope. Oh, well...

1 TrackBack

Another RSA Conference has come and gone, and boy, what a busy week it was! Maybe I'm just finally getting to "attendee vet" status, but it seems like every year my time becomes increasingly overbooked. Not that this is a... Read More

1 Comment

Where you really expecting "innovation"? Unless a fundamental change is made to the underlying infrastructure, security measures will always be just that - patches. Current security measures are predominantly software-based, hence, they can and will be broken (just a matter of time). People have to start thinking outside the box - alas, the security community is just not doing that. More specifically, they are not addressing the infrastructure itself which makes the pursuit of a "security solution" more elusive. And the move and interest to the cloud is more evidence to my previous point...I shudder at the thought of cloud. In RSA 2012, you will undoubtedly see 10 finalists that are no different from the finalists of 2011. My advice is to save your time and money, stay home, and wait for that list...

About this Entry

This page contains a single entry by Ben Tomhave published on February 15, 2011 2:26 PM.

Forget SmartGrid, Micro-Generation Is the Future was the previous entry in this blog.

RSA 2011: Imation Expands Offerings is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives


  • about
Powered by Movable Type 6.3.7