The Disrupt 8 are a group of early stage (that is, pre-B-round) startups, all of whom show considerable promise of introducing disruptive innovation to the cybersecurity sector. On May 1st each of the companies received eight minutes to present a problem and explain the solution they offered. Seven of the presentations are described briefly below. (The eighth was off the record.)
ENVEIL: homomorphic encryption for data in use.
ENVEIL, represented by CEO Ellison Anne Williams, holds that securing data-in-use represents the last gap in data security. Williams explained that two of pillars of the "data security triad," data-at-rest and data-in-transit, are well-understood and can be addressed by readily available commodity solutions. Data-in-use, however, remain poorly understood, and has hitherto not been addressed. ENVEIL has developed a solution, however, whose core technologies are homomorphic encryption, secure enclaves, and secure multi-party computation. ENVEIL is based in Fulton, Maryland. Its founders are US Intelligence Community alumni; its core technology has its roots in NSA.
Source Defense: defense against formjacking.
Represented by CEO Hadar Blutrich, Source Defense extends website security to the client side. The company works against website compromise by preventing formjacking. The company's solution both prevents attacks and alerts the enterprise of attempted attacks in real time. Blutrich stressed that the solution stays aligned with the customer's business objectives, and that it's effective against breaches that originate with third-parties. Source Defense has created virtual pages, essentially real-time sandboxes that isolate scripts. The company maintains offices in Stamford, Connecticut, and Beer-Sheva and Rosh-ha’ayin, Israel.
Prevailion: stopping third-party contagion.
Prevailion, represented by CEO Karim Hijazi, began by comparing compromise of third-party ecosystems to the outbreak of an epidemic. At present, Hijazi said, there's no high-fidelity visibility into the "compromise status" of trusted partners. Instead, current approaches tend to generate an overabundance of false positives. Prevailion's approach is to identify victimology at scale and deliver insight via an actionable interface and API. They focus on malicious signal, not noise, to enhance existing security investments and protocols. Infection via third-parties is, Hijazi argued, rampant, and coupling data about partner hygiene with active compromise status will limit contagion. The company is based in Houston, Texas.
Inrupt: pioneering the decentralized web.
CEO John Bruce represented Inrupt, whose open-source platform Solid offers to restore the Internet to its original, decentralized roots. Users have been conditioned, Bruce argued, to expect that they will give data to a service provider, who will then process it. Inrupt's alternative approach is to give each human being a unique identification and a personal online data store. Inrupt is headquartered in Boston, and has operations in Ireland, Norway, and the Netherlands.
Quantum Xchange: secure quantum key distribution made possible and practical.
CEO John Prisco presented the work of Quantum Xchange. The company sees itself as taking on the defensive possibilities of the impending revolution in quatntum computing. It creates, Prisco explained, a quantum key out of light, and has extended the range of quantum key distribution beyond 100 kilometers. Their first-of-a-kind quantum-secured network, Phio, enables secure key-sharing over a wide network. Quantum Xchange is based in Bethesda, Maryland.
Panaseer: a platform for Continuous Controls Monitoring.
Panaseer's CEO Nik Whitfield opened with a Nicholsonian question: "Can you handle the truth?" He argued that "there is no truth in our enterprises about our security posture." Panaseer addresses this problem with entity resolution that enables an enterprise to build and maintain a device inventory. The company is headquartered in London, with a significant presence in New York.
Immersive Labs: understanding risk through challenge-based learning.
Founder James Hadley spoke for Immersive Labs. The company offers an alternative to classroom-based training, whose deficiencies Hadley saw first-hand when he delivered GCHQ's cyber summer school. The legacy approaches to training are difficult to scale, cannot readily keep pace with organizational needs, and deliver outcomes that can be fatally difficult to measure. Immersive Labs' challenge-based approach to learning addresses these shortfalls in a way that enables them to identify and retain elusive cybersecurity talent. Immersive Labs is based in Bristol, England.