The SINET 16's Class of 2017.
By The CyberWire Staff
Nov 16, 2017

The SINET 16's Class of 2017.

Recognition of the SINET 16, innovative companies who've drawn attention for new solutions and new approaches to the sector's challenges and trends, is always the highlight of the SINET Showcase's second day. SINET CEO Robert Rodriguez introduced this year's winners. Their selection and their presentation at the showcase, he suggested, expressed SINET's chosen role: superconnector for the cybersecurity community.

This year one-hundred-eighty companies began applications for the SINET 16. One-hundred-twenty completed the process, and the winners were those who passed a rigorous, independent review. It's an international group: companies from ten countries competed. The firms who entered were "quite young, on average," Rodriguez noted, and they're participating in a market that "remains robust."

This year's winners were (in alphabetical order) Centripetal Networks, Fireglass (now a unit of Symantec), Haystax TechnologyInfosec Global, iProov, Menlo Security, PatternEx, Phantom, Prevoty, ProtectWise, ThreatQuotientTwistlock, vArmour, Verodin, Versive, and Virtru. The challenges they address extend from automation to augment human capability to secure biometric identification, to artificial intelligence, to browser isolation.

Centripetal Networks: firewalls informed by threat intelligence.

Centripetal Networks' CEO Steven Rogers explains that their solution does network threat enforcement with "scale, speed, and precision," a firewall that works on threat intelligence. It correlates threat intelligence feeds, prevents advanced threats, and automatically enforces more than five-million individual complex rules. In every big breach, Rogers argued, "the threat intelligence has been there, but it hasn't been possible to deploy it with precision, or to scale." Centripetal offers to change that.

Fireglass: web isolation that blocks the unknown bad.

Fireglass, a company recently acquired by Symantec, addresses the unknown. Legacy security solutions are good at blocking known bad and admitting known good, Fireglass Vice President of Marketing and Business Development Zach Beiser said. The Fireglass approach to web isolation prevents initial infection by the unknown bad. Their web isolation technology prevents anything from reaching the endpoint. They're agentless, with a seamless user experience, and they can be offered in the cloud or through other models. They offer an email gateway that also blocks phishing through the same isolation approach.

Haystax Technology: assessing trustworthiness at scale.

Haystax works against the insider threat, and they do it with a new approach to trust. CEO Bryan Ware explained that they use a modeling system to evaluate "trustworthiness" at scale. They do the sort of thing human security analysts do, but proactively and not forensically. Any one of a number of indicators (performance reviews, unusual working hours, layoff rumors, etc.) can now be considered in holistic context. Applying thousands of anomalies can find low-trustworthy individuals, identifying those for whom action is required. Haystax works from a portfolio of patented risk-management technologies, many of which go back to the 1990s. Their solutions have been proven at mission-critical scale in government and commercial organizations.

Infosec Global: sustainable data protection through agile cryptographic management.

Claire Trimble, Chief Strategy Officer, represented Infosec Global. They offer sustainable data protection in a way designed to enable interoperability. Their solution remotely manages crypto and identity for critical systems and smart devices. "Cryptography management needs to change," Trimble said. Infosec Global works to address sovereign trends, crypto threats, IoT longevity, and preparation for future requirements. Their Agilesec Platform enables discovery of vulnerabilities, updating, network protection, and trust management. Its goal is to give the enterprise flexibility and control, reducing time-to-market and increasing productivity.

iProov: one-time use biometrics.

iProov aims to provide usable, secure trust in the identity of remote users, and it does so by using biometrics in ways that are convincingly resistant to spoofing. CEO Andrew Bud explained that they chose a new form of face verification as its identity solution. The face is typically the one biometric that's on every ID, but this modality relies on the uniqueness of the genuine article That's increasingly susceptible to spoofing, replication, recording, or corruption. iProov's anti-spoofing secures the human face uniquely with a unique, one-time color code, looking at how the light interacts with the face, and providing sequence of colors. It amounts to a one-time biometric credential, and Bud hopes that "iProov" will one day become a verb in the identity management space.

Menlo Security: unlocking the power of browser isolation.

Gautam Altekar of Menlo Security pointed out the many risks that attend our daily routines. Phishing, malvertising, and similar attacks remain the principal ways enterprises are compromised. Legacy defenses inspect content, but this no longer works: attacks evolve too quickly. Menlo Security thinks the solution lies in isolation. Assume everything on the web is bad, and let nothing reach the endpoint. Menlo Security's ISOLATE-ALL unlocks the power of browser isolation. It isolates every website, and it does so with a transparent user experience, a highly available global cloud, and scalability to millions of users.

PatternEx: artificial intelligence for information security.

PatternEx argues that familiar rules-based approaches to recognizing threats in real-time have failed, and will continue to fail. What they offer with their threat prediction platform is artificially intelligent technology that analyzes logs with the "inductive power and intuitive insight" a human analyst would bring to them. They call their approach "Active Contextual Modeling," and it incorporates a human-in-the-loop who can train the AI with feedback that enables it to adapt to the shifting attack environment. It identifies users and entities, and it characterizes their behaviors in ways that reduce false positives and enhance analyst performance.

Phantom: digital playbooks that run at machine speed.

Phantom, a two-time SINET 16 winner, was represented by its CEO, Eric Baumgartner, who spoke to the importance of automating the OODA loop (observe, orient, decide, and act) familiar from conflict theory. "Security automation and orchestration are the only way to scale effectively." Phantom enables you to make digital playbooks you can run at machine speed. 156 apps and 800 APIs connect the security products you already own for an effective and affordable defense that works at the scale and speed enterprises require.

Prevoty: teaching applications to take care of themselves.

Prevoty CTO Kunal Anand started by recognizing some of the realities of application security. In particular, developers are busy, and software supply chains are complex. Prevoty wants applications to be able to monitor and protect themselves. They offer an agent that attaches to the underlying virtual machine, and that agent travels everywhere the application goes. The company's solution is based on formal language theory, using an evaluation-based technique as opposed to pattern-matching. Their aim is to make you "secure by default." "You gain time and deploy with confidence. You get faster incident response."

ProtectWise: a time machine for threat detection.

David Gold of ProtectWise explained how the company is working to move network security to the cloud. They've built an automated detection and response system that can be used by any network, on-demand and delivered from the cloud. ProtectWise users can turn their protection on in a matter of minutes, providing visibility, detection, and response. Gold called the company's solution a "time machine for threat detection." He also teasing, quickly but interestingly, some of the future developments they're working on, in particular "immersive security," a new approach to network visibility.

ThreatQuotient: helping you achieve clarity.

Another multiple SINET 16 winner, ThreatQuotient, was represented by Jonathan Couch. ThreatQuotient offers a platform that enables an enterprise to consume and use threat intelligence. Their goal is to enable the enterprise user to focus on external forces, helping them achieve clarity about two questions in particular: Do we know what's out there? And are we affected? They offer both relevance and the ability to share information. ThreatQ can aggregate internal and external threat intelligence into a threat library, and enable two-way communication. ThreatQuotient wants users to be able to learn from their environment, and to achieve a shared threat understanding.

Twistlock: how not to be eaten when software eats the world.

John Morello, CTO of Twistlock, quoted the familiar maxim, "software is eating the world," and he pointed out that the world it's consuming is a dangerous one. In the old world of security, "as the app evolves, the [manually communicated] rules rot." Twistlock applies machine learning to understand behavior and prevent rules from rotting. Containers improve security. Their container is minimal, declarative, and predictable. Autonomous defense will enable you to secure an app as it's developed, yielding a map of known-good activities. In sum, Twistlock offers modeling integrated with development and deployment, custom-tailored policy, and security scaling with the apps being deployed.

vArmour: stop free lateral movement within your environment.

vArmour's Faraz Aladin spoke about policy creation and enforcement. vArmour's goal is to stop free lateral access within the enterprise user's environment. Their customers want to understand who's using data and applications, and to ensure that the right people have access and the wrong people don't. The first step is to discover what's actually happening in your environment. The second step is to determine what should be happening. And the third step is to protect your environment against what could happen there. They offer two solutions that discover the environment, optimize that environment, and enforce policies in that environment: vArmour Policy Architect for getting the rules right, and vArmour Fabric for enforcing them.

Verodin: getting the assumptions out of the security space.

Verodin's Greg Kruck argued that, too often in security, we're still forced to manage assumptions. This is not a continuous validation of effectiveness, and it goes far toward explaining why security investments so often fail to add up to actual security. Verodin's solution safely executes real attacks within production environments. It proves effectiveness with quantifiable, evidence-based data. And it helps communicate efficacy and return-on-investment, as well as continuously validating security. In this way the enterprise user deals with reality, not the guesswork of security assumptions.

Versive: the rise of the (good) machines.

Versive offers artificial intelligence for cybersecurity, what their CEO, Joe Polverari, called "the rise of the (good) machines." The real battle is being fought inside your network, he said. Defending right of hack involves focusing on reconnaissance, collection, and either exfiltration or destruction of data. They offer a complicated technology but a simple methodology that enables you to slow down the accident, the crash, in ways that enable you to win. "The old SOC can't win in the new world. Instead, put your analysts in a position to see what're really bad (as opposed to just weird) and then deal with that."

Virtru: why must security exact a price in usability?

Virtru seeks to protect data by eliminating the familiar, lamentable trade-off between security and convenience. Brett Dorr (Vice President, Solutions Engineering) described how their solution protects and controls sensitive data in ways that enable the data to be shared inside and outside your network. Data protection is easy, but then sharing it becomes a very hard problem. Virtru provides persistent protection at the object level across your entire environment. They offer end-to-end encryption. Their solution has had success with the Department of Veterans Affairs, for example, in the hard case of sharing sensitive data for patient care. Their goal is to make securing and sharing work seamlessly, the way you work.