RSA CONFERENCE 2022 – RSAC's Innovation Sandbox is a Shark Tank-like competition, bringing 10 startup finalists to present onstage before judges.

Talon Security seized the first-place prize with a bold vision for the corporate Web browser of the future. For those thinking the browser is too competitive a market to take on, Talon's pitch makes intriguing arguments.

Deploying any kind of traditional security controls or software across operating systems, and into third-party contractors or personal devices, is logistically difficult or impossible. Yet Web browsers can be deployed by any user without admin privileges. In 2019, Microsoft consolidated under Google's open source Chromium code base, so Talon's Chromium browser should enjoy broad device and Web compatibility.

After requiring users to have Talon's browser to access their clouds, corporations then gain centralized management to control access levels. Talon ensures privileged data stays contained within the browser, as it can block saving, screen capture, or cut and paste.

Talon is not the only startup stretching our understanding of security's future. With these nine other innovative finalists, three trends have emerged.

Core Security Still Being Reimagined

Many of these entrepreneurs proposed bold visions for reimagining cloud security. Zero trust has been a popular approach, centralizing continuous authorization, device attestation, and taking the least-privilege approach in the cloud. Sharon Goldberg, CEO of the second-place finisher, BastionZero, takes issue with even calling today's solutions zero trust, "when really they create a single point of compromise."

BastionZero's founders came out of the cryptography world, where decentralized encryption, such as that in Bitcoin, and Transport Layer Security (TLS) are common. BastionZero enables engineers and build processes to authenticate to the cloud using multiple roots of trust. With this differentiator, if one root is compromised, organizations still maintain control.

Attack surface management company SevCo is the brainchild of JJ Guy and Greg Fitzgerald, the founders of Carbon Black and Cylance, respectively. Attempts at device inventories have always been an industry failure, and the problem has become worse with our remote and rapidly churning workforce.

SevCo's real-time streaming platform continuously correlates inventory from many sources through APIs. They record suspicious changes over time and are expecting to tame the problem of unmanaged and malicious devices reaching into clouds.

Risk Management for Data, Privacy, and DevOps

Unlike past years at Innovation Sandbox, the majority of 2022 finalists sell to users who do not report to the CISO. Talon's Web browser, SevCo's IT inventory, and BastionZero's authentication are more likely to fall under the CIO. Judges are surely sensitive to the demand for securing post-cloud IT infrastructure and defending digitization across organizations.

Another trio of startups in the competition emphasized working across these departments. Dasera frees data security that's been siloed within data, IT, and privacy teams. It visualizes data context, automates workflows, and coordinates policy and actions. Dasera ends up being a single pane of glass to visualize and manage data security across multiple departments and throughout its life cycle.

Torq is using a no-code approach that's seen recent success in automating cloud operations. It allows security professionals to visually build automation without the help of programmers, reducing costs. In addition to automating incident response, Torq can seamlessly coordinate with IT on the growing backlog of account provisioning, caused by identity attacks.

SecDevOps startup Cycode reaches across the organization to defend DevOps' entire pipeline: from application code to open source libraries and deployment paths. Cycode also automates remediation workflows to reduce costs.

Cloud Security Focuses on APIs, Over-Permissioning

Malware is still big on endpoints but receives less emphasis in cloud security. It's difficult for hackers to ensure their malware runs in the cloud near the data they target, especially with technologies like "serverless" containers and lambda functions. From what we know today, hackers are more likely to make API calls into or across the cloud, often sitting at their own devices behind anonymized IPs.

The cloud's crown jewels are applications and APIs that are exposed to the outside by design, said Neosec founder Giora Engel. Attackers can access them directly with credentials — whether legitimate or stolen. Hence the cloud security adage, "Hackers don’t break in, they log in." Neosec leverages API gateways, like Google Apigee. It discovers an organization's APIs, detects their vulnerabilities, and monitors use and abuse. Neosec wields behavioral analytics and offers a managed detection and response service on top.

Lightspin also doesn't focus on malware detection but manages cloud posture and protects workloads through a unique graph technology. Less-experienced analysts can visualize the most critical attack paths where vulnerabilities and configurations need closing. It's one of the easier products to use in its space.

Meanwhile, Cado Security brings forensics and incident response to cloud workloads. Instead of placing agents inside these workloads, Cado obtains cloned images of their disk, memory, and surrounding logfiles. Since offline forensic analysis has zero impact on high-availability workloads, cloud forensics has exciting potential.

Cado is one of the few examining binary files and processes inside workloads. It doesn't tout specific malware detection, yet allows searching for malware indicators and visualizing timelines.

Araali Networks is bucking the trend and places agents into the private cloud, leveraging Kubernetes DaemonSets and Linux's extended Berkeley Packet Filter (eBPF). Araali examines network traffic, enforces policies, and blocks malicious code.

Innovation Sandbox 2022 was a barometer for the rapid industry changes that are underway to secure the cloud. Cybersecurity must defend digitization across IT, data, privacy, and DevOps. It's a different world, where threats are a lot bigger than just malware.