11 Hot Startups to Watch at Black Hat USA
A sneak peek at the up-and-coming organizations to check out on the Black Hat USA virtual show floor.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt832fbabefa284c1f/64f0d408d70b2e782a830eff/BHUSAstartupintro.jpg?width=700&auto=webp&quality=80&disable=upscale)
Black Hat USA 2020 will look very different than it has in years past. Instead of boarding flights to Las Vegas, the infosec community is going online to attend from home: This year's briefings, show floor, Arsenal, breakout sessions, and meetings will all be virtual.
This year's digital show floor will feature Startup City, where a range of up-and-coming security companies will be exhibiting their newest technologies. Many of these organizations focus on tools that have become essential as businesses secure a growing number of remote employees.
Many businesses paused on spending during the COVID-19 pandemic, and cybersecurity was no exception. Security budgets and market growth froze as spending came under intense scrutiny. Organizations spent slightly less on endpoint security and more on cloud-based services, some cloud security tools, and some remote access technologies and automated security offerings.
"As for startups generally, there seems to be a fairly healthy crop of new companies in a range of areas within security," says Rik Turner, principal analyst with Omdia's IT Security and Technology team. "Endpoint security went through a busy period a few years back but seems to have calmed down of late," he adds, noting the acquisitions could be linked to consolidation.
Still, 2020 has been a rough year for the security startup market. Early stage investment fell by more than 37% in the first half of 2020; however, some new companies are generating interest with tools that help secure employees working from home. Investors are eyeing technologies that protect workers from threats that may target them outside traditional corporate offices.
"We're all working remotely for the most part, saving money on real estate but also relying on the security infrastructure of a lot of individuals' homes, which is outside the purview of control of organizations," says Omdia senior cybersecurity analyst Tanner Johnson.
Many of the startups exhibiting in Black Hat's Startup City are building technologies that will become increasingly relevant as more employees swap their corporate offices for home offices. Read on to learn more about which startups to watch on this year's virtual show floor.
Focus: Secure application access
Funding: $17M (Series A)
Founded in: 2018
Axis Security was founded by CEO Dor Knafo and CTO Gil Azrieland, both of whom spent time in the Israeli Defense Forces' Unit 8200 for cyber warfare. The startup has raised a total of $17 million in venture funding since its 2018 founding; most recently, it announced a $14 million Series A when it emerged from stealth in March of this year.
The company has created a cloud-based platform for secure remote access to private apps, including custom or legacy applications that run on-premises or in the cloud. Its App Access Cloud grants access to a specific app rather than a full corporate infrastructure and it's delivered as a service, meaning admins won't have to install agents on employees' devices.
"Because VPN technology is struggling to meet the need for access to cloud-based applications, there is an opportunity for vendors like Axis to take market share with secure and easy-to-use alternatives," Omdia's Turner writes in a profile on Axis Security.
Focus: Zero-trust remote access
Funding: $17M (Series A)
Founded in: 2015
The global shift to remote work means the perimeter is "truly being lost," Omdia's Johnson says, driving the need for greater visibility, monitoring, and management. Banyan Security aims to secure remote access for users and apps in a single platform that aims to provide least privileged access in on-premises, hybrid cloud, and multicloud deployments.
Zero trust is a "relatively newer capability" that serves as an evolution of the VPN, he explains. Zero trust connectivity provides more granular control over employees' file access and perpetuates the principle of least privilege, which he calls the "foundation of cybersecurity."
"You only give someone access to the amount of information that they truly need to do their job and nothing more," Johnson says.
Banyan's Zero Trust Remote Access platform relies on the Trust Scoring Engine," which quantifies the user, device, and applications based on integrations with existing single sign-on, mobile device management, and endpoint detection and response tools. It continuously enforces access policies based on the combination of user, device, and application requesting it.
"They value and recognize the need for effective remote management, not only for the individual employee to have access to remote resources and infrastructure to do their job, but that same demand can be turned around and used by the organization to effectively manage and control access from the end user," Johnson says. "It's more of a two-way street."
Focus: Securing enterprise code
Funding: $6.5M (Seed)
Founded: 2019
BluBracket was founded last year by Prakash Linga and Ajay Arora, both security entrepreneurs who saw the need for a technology that helped businesses better secure the code on which they run.
The company's technology helps organizations better understand their code's location and accessibility; detect potential risks in their code; protect the code with visibility, alerting, and remediation; and enforce security policies across security, development, and DevOps teams. It integrates with existing tools, including GitHub, GitLab, Slack, Bitbucket, Jira, and ServiceNow.
"We were told that cybersecurity had become so critical to what these customers do and that they quickly needed to figure out: Who has access to their platform? What's going on with it? Are hackers trying to gain access? Is the business' intellectual property getting stolen? Is there a new vector of attack?" says Arora in an interview.
Focus: Penetration testing management
Founded: 2011
CheckSec was founded by longtime security pros who noticed a constant in each of their roles: lack of an effective reporting tool. They built Canopy, a platform that security teams can use to coordinate, manage, and report security assessments.
In creating Canopy, they developed a template system that builds on users' familiarity with Microsoft Word. Report templates can be adapted to deliver executive summaries or complex vulnerability assessments; some users have templates for each major assessment type. Report templates can store content so it's easier to write updates and final reports; the Knowledge Base lets testers pull from past write-ups so they don't have to start fresh on each engagement.
The multiuser system was created to simplify information sharing among team members and ensure results are updated. Users can import pen-testing tool data, add evidence, remove false positives, group common issues, and generate the report. A built-in scheduler helps assign team members to different pen-testing assessments.
Focus: Cybersecurity training, code development
Founded: 2017
HackEDU offers interactive security training and code development for software engineers. Its idea is to lower the barriers for learning security and provide a safe environment to practice.
Courses are designed for software engineers learning to code more securely, as well as people new to the industry. Its Secure Development Training, which aims to teach developers how attackers look at code, covers 115+ different topics and several languages and frameworks. An Introduction to Web Application Security covers the OWASP Top 10 Vulnerabilities.
HackEDU's platform aims to help developers learn in a hands-on environment to keep them engaged. It lets developers spread their training out over the course of a year, and the training is self-paced depending on the student and lesson.
Focus: Cloud application security
Founded: 2018
California-based Mesh7 was created to provide cloud application security observability (CASO) across clouds and address security challenges in cloud-native application environments.
Applications have evolved from running on self-contained, static workloads to distributed workloads running over layer 7. This change has complicated application layer visibility and created security and compliance blind spots, which attackers target in ways that are hard to detect. Blind spots include location of sensitive data, changes in application behavior that violate policy, and API interactions between workloads, cloud services, and third-party services.
Mesh7 provides "Contextual Application Behavior Security" that considers application API URLs and headers but goes beyond this to include contextual information about cloud access logs, host monitoring data, and third-party reputation data sources. The idea is this contextual understanding will help organizations more safely and efficiently run cloud-native apps.
The platform has multiplatform support and integration with VMware, Kubernetes, AWS, Microsoft Azure, Google Cloud Platform, and Swagger.
Focus: Intelligence analysis
Funding: $11.6M (Series A)
Founded: 2014
Data analytics company Polarity was founded by former intelligence officers and incident responders who wanted to bring a memory augmentation platform to market. Its goal is to help businesses improve decision-making by capturing and sharing intelligence across workflows.
How it works: Users can capture notes from their analyses or business intelligence, or connect to external data sources. Polarity goes through this data and their notes, recognizes relevant text, and integrates the team's notes ("collective memory") into a desktop display. Users see contextual information related to what they're working on; over time, they can choose data channels to subscribe to.
IT and security pros can use the platform to send intelligence to the right team members when it's relevant to their current projects. For example, if an analyst is investigating a spear-phishing email and flags a malicious URL, Polarity will automatically notify another analyst who is reverse-engineering malware that uses the same URL. The tool also combats alert fatigue by automating repetitive components of an analyst's daily workflow.
Focus: Security tool evaluation
rThreat was founded to help businesses evaluate the effectiveness of their existing security tools against possible attacks and breaches. Its platform provides a testing environment that helps companies identify security gaps and see which tools and controls are more valuable.
To do this, rThreat uses two types of artifacts. The first are "known" artifacts that correspond to the life cycle of a typical advanced threat, from initial reconnaissance to establishing a foothold to privilege escalation. The second type includes "unknown," or zero-day, artifacts developed by the rThreat team. This unknown malware is written to behave like tactics, techniques, and procedures used by attack groups.
The goal is to simulate attacks and validate a company's security protocols. These artifacts let rThreat evaluate the effectiveness of security solutions and learn how they execute under attack, so businesses can identify their strengths and weaknesses.
Focus: Elasticsearch Security & Alerting
Founded in: 2012
Search Guard wants to give businesses full security control over their Elasticsearch environment. The open source security and alerting plug-in encrypts and protects information and data flows throughout the entire Elastic Stack, including Kibana, Logstash, and Beats.
Signals Alerting, which is integrated with Search Guard, detects anomalies within data stored in Elasticsearch and other IT systems. If an anomaly is detected, admins can use a range of connectors to trigger an action: create a message on Slack, send an email, open a JIRA issue. An escalation model lets admins tailor notifications and actions as needed.
Search Guard is used in a variety of organizations and industries including finance, healthcare, big data, telecommunications, legal, aerospace, and government. The security tool comes with features to help businesses meet the technical requirements of compliance regulations such as GDPR, HIPAA, PCI-DSS, and SOX.
Focus: Passwordless authentication
Funding: $22.5M (Series B)
Founded in: 2015
Secret Double Octopus is on a mission to replace the password with tools that enable easy multifactor authentication. Its Octopus Authenticator aims to provide a simple, passwordless login experience for workstations, domains, network, cloud, and legacy applications.
"They're focusing more on the identity and access management controls that are so vital in this time frame, in this new environment," says Omdia's Johnson. Now more than ever, companies are in need of tools that can help employees securely access applications and information.
"Passwords are becoming phone numbers nowadays," he continues. Most people enter a phone number into their device once and never need to look at it. Passwords, he says, should require a similar approach in that they should be complex and stored in a technological tool, password management app, or authentication service.
"You remove the human error element as much as possible from that equation," Johnson adds.
Secret Double Octopus offers passwordless single sign-on, passwordless multifactor authentication (MFA), remote access MFA, and admin MFA protection, as well as phishing prevention and shared account protection. Tools integrate with platforms including AWS, Active Directory, Azure AD, G Suite, CloudFlare, Box, Citrix, Okta, Cisco WebEx, and Fortinet.
Focus: Web security
Funding: $14.6M (Series A)
Founded in: 2016
Tala Security offers security tools to protect enterprise websites against client-side web threats, including formjacking, fraud, data loss, and other abuse that could lead to business disruption. The company is focused on web app security in runtime, rather than the development pipeline.
"This is quite a busy space at the moment, not only because a number of industry heavyweights are rolling up multiple capabilities into broad cloud-based security services (DDoS, WAF, API, and bot security, for instance), but also because there are a proliferation of new startups appearing with clever approaches to some of the problems involved in securing web apps," says Omdia's Turner. Some of these startups include 42Crunch and BotRx, among others.
Tala combines standards-based security with analytics and automation to help companies gain insight into their website code and protect it from attacks like Magecart. Its analysis is used to build a behavioral model of the Web app and pinpoint where it may be vulnerable to advanced attacks, data loss, or disruptions in customer experience.
Focus: Web security
Funding: $14.6M (Series A)
Founded in: 2016
Tala Security offers security tools to protect enterprise websites against client-side web threats, including formjacking, fraud, data loss, and other abuse that could lead to business disruption. The company is focused on web app security in runtime, rather than the development pipeline.
"This is quite a busy space at the moment, not only because a number of industry heavyweights are rolling up multiple capabilities into broad cloud-based security services (DDoS, WAF, API, and bot security, for instance), but also because there are a proliferation of new startups appearing with clever approaches to some of the problems involved in securing web apps," says Omdia's Turner. Some of these startups include 42Crunch and BotRx, among others.
Tala combines standards-based security with analytics and automation to help companies gain insight into their website code and protect it from attacks like Magecart. Its analysis is used to build a behavioral model of the Web app and pinpoint where it may be vulnerable to advanced attacks, data loss, or disruptions in customer experience.
Black Hat USA 2020 will look very different than it has in years past. Instead of boarding flights to Las Vegas, the infosec community is going online to attend from home: This year's briefings, show floor, Arsenal, breakout sessions, and meetings will all be virtual.
This year's digital show floor will feature Startup City, where a range of up-and-coming security companies will be exhibiting their newest technologies. Many of these organizations focus on tools that have become essential as businesses secure a growing number of remote employees.
Many businesses paused on spending during the COVID-19 pandemic, and cybersecurity was no exception. Security budgets and market growth froze as spending came under intense scrutiny. Organizations spent slightly less on endpoint security and more on cloud-based services, some cloud security tools, and some remote access technologies and automated security offerings.
"As for startups generally, there seems to be a fairly healthy crop of new companies in a range of areas within security," says Rik Turner, principal analyst with Omdia's IT Security and Technology team. "Endpoint security went through a busy period a few years back but seems to have calmed down of late," he adds, noting the acquisitions could be linked to consolidation.
Still, 2020 has been a rough year for the security startup market. Early stage investment fell by more than 37% in the first half of 2020; however, some new companies are generating interest with tools that help secure employees working from home. Investors are eyeing technologies that protect workers from threats that may target them outside traditional corporate offices.
"We're all working remotely for the most part, saving money on real estate but also relying on the security infrastructure of a lot of individuals' homes, which is outside the purview of control of organizations," says Omdia senior cybersecurity analyst Tanner Johnson.
Many of the startups exhibiting in Black Hat's Startup City are building technologies that will become increasingly relevant as more employees swap their corporate offices for home offices. Read on to learn more about which startups to watch on this year's virtual show floor.
Read more about:
Black Hat NewsAbout the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024