Maybe I don't understand the meaning of the word "innovation." Every year I walk through RSA's "Innovation Sandbox," and every year I reach teh same conclusion: if this is "innovation," then no wonder we're so far behind the opposition! This year's assortment of vendors was no better than the previous years, with a couple exceptions.
"Science Fair" competitors:
* CipherCloud (Trustosphere): Similar to an entry from last year, this is a gateway appliance that sits on the edge of your enterprise and intercepts a variety of fields, tokenizing or encrypting data before it goes into the cloud. Interesting? Sure. Innovative? Not so much (we saw this last year). I'm sure they have key differentiators, but - as was true last year - I'm not sure I see much need or demand for this today. Another case of a solution being used to kludge human behavior.
* ENTERSECT: Another 2-factor solution (definitely not a new idea), particularly oriented to mobile devices, but without simply being a one-time-password (OTP) method. I didn't get more details beyond this as I just couldn't bring myself to hear the pitch.
* Gazzang: Though not what I would consider "innovative," this was nonetheless a potentially useful product. They're essentially an on-system middleware product (just above the kernel) for doing inline transparent encryption for MySQL databases. I question their market strategy, though, with Oracle having purchased Sun, the owner of MySQL.
* HyTrust: Just another configuration appliance, this one geared to virtual environments. What I don't get is that it was listed as v2.1. Ummm... if you've released 2.1 full versions in the last year, then I have some concerns...
* Incapsula: Oh, look, a WAF. Is this innovative? Incapsula is a spin-off from Imperva, with a focus on distribute WAF for the cloud. You know, like what Art of Defence has been successfully deploying for a couple years now. Heck, AOD is on the expo floor at RSA for at least it's 2nd year this year. Ummm... so, note to RSA Conferences: This is not the definition of "innovation."
* Invincea: One of two interesting products in the same space, attacking problems in slightly different ways. Basically, this is a sandboxed browser environment (Quaresso calls theirs an "emphemeral browser"). It's an interesting idea, and very much inline with what companies like beCrypt are doing in their autonomous environments.
* Pawaa Software: I didn't get a chance to dig into this solution very far, though it sounds interesting and mildly untenable. From the description and literature, it looks to be a wrapper file format for asserting and enforcing security controls. An interesting idea, but probably not as a standalone product. *IF* it's any good, then I have to believe they'll be snarfed up by a bigger vendor sooner than later.
* Quaresso: Their "ephemeral browser" is an interesting idea. Basically, again, a sandboxed environment. Nothing too crazy, but definitely a better approach than the norm. I expect this to become SOP for all browsers in the future.
* Silver Tail Systems: This product helps limit attack success by using statistics-based heuristical inline analysis to make a quick determination of "good" or "bad" and then action it accordingly. In many ways it reminds me of Trustifier (which I still barely understand), though instead of using algebras with compiler theory, they're instead using the AV heuristics model (which has had limited success historically). A nice idea, but one that I think will have limited legs. I'd be surprised if Symantec or McAfee didn't acquire them in the next couple years.
* Symplified: I have no idea what this product does. I couldn't get through the marketing buzzwords, nor did I get a chance to speak with their reps (they were fairly busy). To me, it seems that if you can't clearly state what you do in a sentence, but rather waste that space on marketing garbage, well, then you probably don't deserve much real attention.
Overall, I'm disappointed again with the lack of truly innovative solutions. I have to believe there is better stuff out there, though the rules for getting into the exhibit are a bit wonky. Will any of these products revolutionize the industry? Nope. Oh, well...
