« Forget SmartGrid, Micro-Generation Is the Future | Main | RSA 2011: Imation Expands Offerings »

RSA 2011: (dis)Innovation Sandbox

Maybe I don't understand the meaning of the word "innovation." Every year I walk through RSA's "Innovation Sandbox," and every year I reach teh same conclusion: if this is "innovation," then no wonder we're so far behind the opposition! This year's assortment of vendors was no better than the previous years, with a couple exceptions.

"Science Fair" competitors:
* CipherCloud (Trustosphere): Similar to an entry from last year, this is a gateway appliance that sits on the edge of your enterprise and intercepts a variety of fields, tokenizing or encrypting data before it goes into the cloud. Interesting? Sure. Innovative? Not so much (we saw this last year). I'm sure they have key differentiators, but - as was true last year - I'm not sure I see much need or demand for this today. Another case of a solution being used to kludge human behavior.
* ENTERSECT: Another 2-factor solution (definitely not a new idea), particularly oriented to mobile devices, but without simply being a one-time-password (OTP) method. I didn't get more details beyond this as I just couldn't bring myself to hear the pitch.
* Gazzang: Though not what I would consider "innovative," this was nonetheless a potentially useful product. They're essentially an on-system middleware product (just above the kernel) for doing inline transparent encryption for MySQL databases. I question their market strategy, though, with Oracle having purchased Sun, the owner of MySQL.
* HyTrust: Just another configuration appliance, this one geared to virtual environments. What I don't get is that it was listed as v2.1. Ummm... if you've released 2.1 full versions in the last year, then I have some concerns...
* Incapsula: Oh, look, a WAF. Is this innovative? Incapsula is a spin-off from Imperva, with a focus on distribute WAF for the cloud. You know, like what Art of Defence has been successfully deploying for a couple years now. Heck, AOD is on the expo floor at RSA for at least it's 2nd year this year. Ummm... so, note to RSA Conferences: This is not the definition of "innovation."
* Invincea: One of two interesting products in the same space, attacking problems in slightly different ways. Basically, this is a sandboxed browser environment (Quaresso calls theirs an "emphemeral browser"). It's an interesting idea, and very much inline with what companies like beCrypt are doing in their autonomous environments.
* Pawaa Software: I didn't get a chance to dig into this solution very far, though it sounds interesting and mildly untenable. From the description and literature, it looks to be a wrapper file format for asserting and enforcing security controls. An interesting idea, but probably not as a standalone product. *IF* it's any good, then I have to believe they'll be snarfed up by a bigger vendor sooner than later.
* Quaresso: Their "ephemeral browser" is an interesting idea. Basically, again, a sandboxed environment. Nothing too crazy, but definitely a better approach than the norm. I expect this to become SOP for all browsers in the future.
* Silver Tail Systems: This product helps limit attack success by using statistics-based heuristical inline analysis to make a quick determination of "good" or "bad" and then action it accordingly. In many ways it reminds me of Trustifier (which I still barely understand), though instead of using algebras with compiler theory, they're instead using the AV heuristics model (which has had limited success historically). A nice idea, but one that I think will have limited legs. I'd be surprised if Symantec or McAfee didn't acquire them in the next couple years.
* Symplified: I have no idea what this product does. I couldn't get through the marketing buzzwords, nor did I get a chance to speak with their reps (they were fairly busy). To me, it seems that if you can't clearly state what you do in a sentence, but rather waste that space on marketing garbage, well, then you probably don't deserve much real attention.

Overall, I'm disappointed again with the lack of truly innovative solutions. I have to believe there is better stuff out there, though the rules for getting into the exhibit are a bit wonky. Will any of these products revolutionize the industry? Nope. Oh, well...

TrackBack

TrackBack URL for this entry:
http://www.secureconsulting.net/MT/mt-tb.cgi/1096

Listed below are links to weblogs that reference RSA 2011: (dis)Innovation Sandbox:

» RSA 2011: In Summary from The Falcon's View
Another RSA Conference has come and gone, and boy, what a busy week it was! Maybe I'm just finally getting to "attendee vet" status, but it seems like every year my time becomes increasingly overbooked. Not that this is a... [Read More]

Post a comment

About

This page contains a single entry from the blog posted on February 15, 2011 2:26 PM.

The previous post in this blog was Forget SmartGrid, Micro-Generation Is the Future .

The next post in this blog is RSA 2011: Imation Expands Offerings .

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.