12 hottest new cybersecurity startups at RSA 2020

Starting on February 24, the RSA Conference (RSAC) 2020 gives security vendors old and new a chance to demonstrate their capabilities. The event has become an attractive venue for startups to make their debut. This year’s crop will be demonstrating tools for DevSecOps, zero-trust networks, risk intelligence, access control, and more.

The RSAC Early Stage Expo gathers over 50 promising startups from all over the world, many of which have so far been in stealth mode. These are 12 of the most interesting, in alphabetical order:

1. Blu Bracket: Code Security Suite (Early Stage Expo 27)

Blu Bracket was founded in 2019 with a focus on providing security solutions for software code. At RSA, the company will demonstrate its Code Security Suite, which it claims will provide greater visibility into, and keep an audit of, an organization’s code. Companies have the ability to see where their code is located, who has access to it, and to classify sensitive code. The product can also identify if secret information such as passwords are present.

2. BotRx: DeTx and ProTx automated fraud protection (Early Stage Expo 35)

BotRX’s mission is to protect against automated attacks against IoT devices, mobile apps or websites. The DeTx and ProTx solutions shown at RSA provide automated bot detection and mitigation capabilities to prevent identity fraud. The company’s bot detection network aims to find anomalous behavior and prevent automated bots attempting to log in using harvested credentials, perform form jacking attacks or crawl for website vulnerabilities.

3. Concentric: Semantic Intelligence (Early Stage Expo 26)

Concentric came out of stealth mode in January 2020 with a focus on discovering and protecting important unstructured data. Its Semantic Intelligence offering automatically discovers and classifies business critical data. Concentric claims its Autonomous Data Risk Profiles can identify both structured and unstructured data such as intellectual property (IP), personally identifiable information (PII), financial information and source code, and then apply risk scores to it based on the sensitivity of the information and the controls and policies currently applied to it.

4. Cyber Armor: Identity-based zero-trust workload and data protection (South Expo 735F)

Israel-based Cyber Armor aims to bring together workload and data protection across environments by allowing DevOps teams to create zero-trust workloads. The company claims its service-to-service, identity-based control plane it will be showing at RSA is able to identify workloads based on application code analysis and create cryptographic signatures that only allow authorized workloads to run, access data, and use network resources.

5. CyCognito: The CyCognito platform (Early Stage Expo 43)

Launched in November 2019, Palo Alto-based CyCognito aims to help quantify an organization’s full attack surface by mapping its assets and attack surface on the internet. The CyCognito platform to be demonstrated at RSA uses a bot network to scan IP ranges, web applications, keyword and code fragments, deployed software and TLS configuration. It then applies risk scores to each potential attack vector based on ease of discovery and exploitation and the potential impact on the business.

6. Dasera: Safer data queries (RSAC Launch Pad event)

Part of RSA’s RSAC Launch Pad event, Dasera wants to enable safer internal use of sensitive data by employees. The Sunnyvale, California, company says its analysis engine can automatically find, flag and rewrite unsafe queries in data warehouses to help employees query data safely.

7. Gold Comet: Secure messaging (Early Stage Expo 08)

Gold Comet provides private communications solutions. The Virginia company launched last year and says the browser based encrypted Gold Comet Messaging system on display at RSA allows users to send and receive messages only from persons in their contacts list, and new contacts are added via a verification system that includes a challenge question.

8. LevelOps: Application Security Platform (Early Stage Expo 38)

Santa Clara startup LevelOps aims to improve security across the entire software development lifecycle. The DevSecOps tool it is presenting at RSA does this by discovering and tracking development and operational artifacts in one place. The company says it can track and map releases, products and services across teams and organizations including code, tickets and design documents. Security teams can them automate and disseminate security requirements for each artifact.

9. LUMU: Continuous compromise assessment (North Expo 4315)

LUMU aims to help organizations identify potential compromises on their network. The Lumu platform being shown at RSA collects and correlates network metadata from sources including DNS queries, Netflows, proxies, firewalls and spambox filters with threat intelligence, and can help organizations isolate confirmed instances of compromise.

10. OutThink: Human risk intelligence platform (South Expo 1647F)

Based in London and an alumnus of the UK LORCA and CyLon incubators, OutThink describes itself as a “human risk intelligence platform.” It claims the SaaS platform it’s showing at RSA provides real-time analysis and continuous risk scoring of employees based on factors such as knowledge level, willingness to comply and use of technology, and then provides advice on how to tailor security training to that user.

11. Soluble: DevOps security (RSAC Launch Pad event)

Soluble aims to help automate DevSecOps processes and ensure greater security at the outset of a project. The company says it can provide developers pre-configured access and policy controls to new services from a drop-down menu when creating new services. Kubernetes-based operators apply these controls across databases, buckets and third-party services and provides an audit trail and service map for visibility.

12. Zero Networks: Access orchestrator (North Expo 5358)

Part of the RSAC Launch Pad event, Zero Networks wants to automate zero-trust network security and access. The Israeli company says it can automate the creation and enforcement of network access rules to enable companies to configure their zero-trust architecture deployments. Remote APIs control users and machines, while its cloud-based service defines and enforces policy automatically.