Young vendors of identity and access management, application security, and third-party risk solutions dominate the list of startups exhibiting at RSA. Credit: Pettycon / Pixabay This year’s RSA Conference showcases promising startups from all over the world, many of which are making their first public appearance. Most will be exhibiting in the Early Stage Expo, which features 50 new security solution providers. Other startup exhibitors are finalists in RSA’s Innovation Sandbox competition.Perhaps the most interesting aspect about startups is that they target needs not addressed by established vendors. Those needs are often the result of changing trends in threat actors’ objectives and how they target and exploit victims.Three areas in which the threat landscape is changing are identity and access management (IAM), application security, and third-party risk. Cybercriminals are getting better at bypassing and compromising user authentication and access controls. The number of cloud-connected and on-premises devices that require access controls is growing, too. Threat actors are targeting vulnerabilities in open-source code and APIs to gain access. Finding those vulnerabilities is often a challenge as security teams struggle to gain visibility of the software running across hybrid networks. The trend toward applications that rely on machine learning and artificial intelligence creates new challenges to protecting the data and models they use. Third-party products and services continue to present access to networks in otherwise well-protected organizations. The process of assessing third-party risk is time-consuming and often not accurate.The companies below making their debut at RSA attempt to address these three challenges. Identity and access management/access controlsCrosswireCrosswire claims to be the “next generation of identity-first access management. Its identity and access management (IAM) platform is designed to minimize the risk of account takeover and lateral movement across SaaS apps. It uses AI to assess risk and make recommendations to better protect accounts. It can also trigger additional authentication at SAML sign-on. Crosswire claims its IAM solution’s automated provisioning gives users fast access at a lower cost. Founded in 2021, Crosswire will be at RSA booth ESE-21IDmelonCanadian company IDmelon claims to make the transition to passwordless authentication easier. Its IDmelon Passwordless Orchestration Platform (IPOP) allows organizations to use their existing devices as FIDO2 security keys in place of usernames and passwords. It also has features to manage the credential lifecycle and automate security key onboarding. The company claims it has simplified the single sign-on (SSO) process with a single tap on a device. IDmelon was founded in 2020 and will be at RSA booth ESE-50.Inside-Out Defense Inside-Out Defense claims to be the first platform to provide real-time detection and remediation of privilege access abuse across an organization’s perimeter. The company also promises its solution can assess user intent and provide forensic privilege access intelligence. The platform provides connectors to many of the significant infrastructure services and applications. Founded in 2022, Inside-Out Defense will be at RSA booth ESE-11.ProcyonProcyon offers a multi-cloud privilege access management (PAM) solution that the company claims simplifies access management. It works across all the major cloud platforms to provide passwordless access using Trusted Platform Module (TPM) technology. A self-service portal gives DevOps users access with only the privileges they need based on configurable approval policies, according to Procyon. Founded in 2020, Procyon will be at RSA booth ESE-15.SessionGuardianSessionGuardian offers solutions that use “Continuous Identity Verification” technology to protect data assets from theft. According to the company, its technology permits only authorized users in approved locations and on healthy devices to view data an organization deems sensitive. SessionGuardian claims it will prevent unauthorized viewers from seeing sensitive data with features like continuous identity verification and screen blurring when a second party is present. Founded in 2017, SessionGuardian will be at RSA booth ESE-12.Sonet.ioSonet.io is a zero-trust cloud service that provides agentless access control for remote users to SaaS and web applications and servers. Access is controlled through configurable policies, and allows for analysis of behavioral indicators of risk to enable real-time policy updates. Sonet.io claims a setup time of 15 minutes. Founded in 2020, Sonet.io will be at RSA booth ESE-44. Veza Technologies, Inc.The Veza Technologies authorization platform is centered on data. The company claims it enables organizations to visualize, remediate, and control who has access to and what actions they can take on data. The agentless platform integrates with enterprise resources and translates their authorization structures into a “common language” of permissions. Founded in 2020, Veza will be at RSA booth ESE-23.Application security / DevSecOpsArmorCodeThe ArmorCode AppSecOps platform is an ASPM solution that integrates with an organization’s existing security stack to provide a unified view of application risks and coverage. It works to manage vulnerabilities across the DevSecOps pipeline, cloud, and on-premises. Orchestration features help to ensure that issues are sent to the correct teams within their workflows. Founded in 2020, ArmorCode will be at RSA booth ESE-10.Bright SecurityBright Security’s Dynamic Application Security Testing (DAST) platform is designed to help find and fix vulnerabilities throughout the SDLC process. The company claims the platform can scan all common APIs and web apps for vulnerabilities. It then runs two tests on each vulnerability to confirm accuracy and minimize false positives. Bright then provides remediation instructions. Founded in 2019, Bright will be at RSA booth ESE-28.DazzDazz provides security tools for automated root cause analysis and developer-led remediation. They connect to an organization’s existing security tools to map the CI/CD pipelines, identify root causes that generate alerts, and auto-generate code-based fixes. An RSA Innovation Sandbox finalist, Dazz was founded in 2021 and will be at booth 1661. Endor LabsEndor Labs’ Dependency Lifecycle Management platform is designed to help developers identify and analyze open-source software used within their organizations. The company claims the platform will provide insight into dependencies within their software supply chain, allowing them to block malicious or poor-quality code or software with orphaned dependencies. Founded in 2021, Endor Labs will be at RSA booth ESE-16. Enso SecurityEnso Security offers its Application Security Posture Management (ASPM) solution that the company claims provides a “complete and unified” inventory of an organization’s application environment. It is designed to help security teams enforce and manage application security programs by prioritizing assets, identifying coverage gaps, and automating and orchestrating workflows. Founded in 2020, Enso will be at RSA booth ESE-37.KonduktoThe Kondukto AppSec orchestration and correlation platform gathers vulnerability data from sources such as security testing tools, penetration tests, and manual reviews to provide a single application vulnerability management view. The company claims the platform allows AppSec teams to prioritize and fix vulnerabilities faster. Kondukto integrates with many popular security tools. Founded in 2019, Kondukto will be at RSA booth ESE-46.OperantOperant offers a runtime application protection platform for cloud-native environments. It allows DevSecOps teams to set up security enforcement policies for interactions across multiple cloud instances. The company claims its platform can automatically discover and analyze all API endpoints, service interactions, and security gaps. Founded in 2020, Operant will be at RSA booth ESE-17. OxeyeOxeye’s application security platform combines SAST, DAST, SCA, ASOC, and ASPM functions to provide a single unified view of cloud-native applications for both AppSec and development teams. It automatically prioritizes vulnerabilities and provides remediation information for developers. Oxeye filters out vulnerable open-source and third-party software that is not loaded and used, as well as vulnerabilities that cannot be accessed from the internet. Founded in 2020, Oxeye will be at RSA booth ESE-13.Scribe SecurityThe Scribe platform provides continuous code assurance using a zero-trust approach. The company claims its goal is to build trust for both software producers and consumers. Its platform can automatically generate software bills of materials (SBOMs) that can be shared within the organization and with partners. It also enables compliance with supply chain standards and practices as well as defining and monitoring software development lifecycle (SDLC) processes and policies. Founded in 2021, Scribe will be at RSA booth ESE-47.TromzoTromzo offers a software supply chain risk remediation platform. It takes a prioritized, context-based approach to risk remediation, and claims to be able to discover all software assets and identify their owners. Tromzo automates vulnerability management and provides KPIs for risk remediation accountability. Founded in 2021, Tromzo will be at RSA booth ESE-41.Third-party riskCyberVadisThe CyberVadis third-party cybersecurity risk assessment service provides analyst-validated audits and maps to major international compliance standards like NIST, ISO 27001, and GDPR. The company claims it can cover the entire supply chain including providers of legal, HR and recruiting, marketing, manufacturing, and logistics services. Founded in 2016, CyberVadis will be at RSA booth ESE-6. VISO TrustVISO Trust claims to offer the first AI-based third-party cyber risk due diligence platform. It provides risk intelligence to security teams, augmented by third-party risk experts. VISO can carry out its assessments in compliance with many regulations such as NIST, PCI DSS, GDPR, and CCPA. It uses AI to analyze vendor documents to help determine their security posture. Founded in 2020, VISO Trust will be at RSA booth ESE-7. Related content news Cycode rolls out ASPM connector marketplace, analysts see it as bare minimum Application Security Posture Management tools need to integrate with other security tools to do their job. By Evan Schuman May 16, 2024 4 mins Application Security news BreachForums seized by law enforcement, admin Baphomet arrested Official telegram channels operated by BreachForums members confirm law enforcement seizures and arrest. By Shweta Sharma May 16, 2024 4 mins Data Breach Cybercrime feature Cyber resilience: A business imperative CISOs must get right With ransomware at an all-time high, companies need to understand that being cyber resilient means going beyond compliance to considering all aspects of a business, from operational continuity to software supply chain security. By Andrada Fiscutean May 16, 2024 12 mins Regulation Incident Response Supply Chain news analysis Microsoft fixes three zero-day vulnerabilities, two actively exploited The company’s Patch Tuesday includes fixes for flaws in Windows Desktop Window Manager, Windows MSHTML, and Visual Studio, among others, that IT security orgs should prioritize. By Lucian Constantin May 15, 2024 6 mins Windows Security Zero-day vulnerability PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe