Spirits were high at the return of the in-person contest, which kicked off by bringing last year's virtual event winner on stage.
"You will not be able to walk out of this place today without being so excited about the kinds of innovation that are happening in security today," Thompson said.
At the in-person 2022 Innovation Sandbox, representatives from 10 cybersecurity startups made their case for having the most innovative technology in the sector. Each finalist had three minutes to pitch their tech to a panel of experienced judges. The judges were Dorit Dor, chief product officer of Check Point Software; Paul Kocher, independent researcher and founder of Cryptography Research (who Thompson called the "Simon Cowell of the judging panel"); Niloo Razi Howe, senior operating partner at Energy Impact Partners; Shlomo Kramer, co-founder and CEO of Cato Networks; and Christopher Young, executive VP of business development, strategy, and ventures at Microsoft.
Thompson brought Dor and Howe to the stage to discuss the judges' deliberations and announce the winner. He tried to gin up some good-natured drama by asking about altercations and pointing out the judges' lack of obvious injuries.
"There was a big dispute," Dor acknowledged, but Howe assured him, "We're not bloodied or bruised."
Both Howe and Dor had high praise for all 10 companies. "There are many good technologies out there, and it was not an easy selection," Dor said.
Added Howe: "There was conversation about every single company. The top 10 are really fantastic, solving really important problems."
First Thompson announced the top two: Talon Cyber Security and BastionZero. Ofer Ben Noon, co-founder and CEO of Talon, and Shannon Goldberg, CEO of BastionZero, shook hands with everyone. Goldberg even hugged Noon.
Dor called Talon's custom browser portal a "legit alternative that brings simplicity and manageability" for organizations with distributed workforces. Howe praised BastionZero for tackling the "really important problem of management of sessions connecting into the infrastructure."
But in the end, there could be only one winner — and it was Talon.
Here's how the presentations went down.
The 10 Contestants
The first judge question was from Kocher, who asked, "If someone isn't technical enough to write code, how are they going to understand what they're going to screw up with their automation?" Kramer asked about departments that don't want to collaborate with security teams, while Howe pointed out that in the crowded no-code sector, Torq would need to displace an existing contender.
Next up was Ben Noon, whose company's tagline is "solving security for hybrid work and unmanaged devices." He made a compelling case, saying, "Your browser is your front door," and it's been left open. The company built a secure corporate portal in Chromium with a user experience like Google Chrome and a backend that provides visibility and malware protection.
Then Sevco Security co-founder and CEO J.J. Guy presented for his company, "the starting point for all of your security activities." The company's tech aims to make a complete inventory of all devices connected to an organization to improve asset management.
The fourth contestant was Giora Engel, CEO and founder of Neosec, which is "reinventing API security by bringing XDR techniques and true behavioral analytics." His company addresses what he calls "the API blindspot" — B2B APIs, which are overlooked while people address B2C concerns.
Vladi Sandler represented Lightspin, which sells "graph-based cloud security built by and for cloud engineers." Refreshingly, the CEO mentioned 50% female representation on staff as a differentiating factor. Kocher tried to earn his Simon Cowell rep by saying, "So on Amazon's website I had to turn off One-Click ordering because I kept getting the wrong stuff. You claim on your website that in one click, you can remediate problems. Should I be scared by that?" Sandler rejoined that he trusts his team's skills, and Thompson gently ribbed Kocher about his Amazon problem afterward.
David McCaw co-founded Dasera, which is "helping cloud-first organizations operationalize data governance," according to its tagline. "We think DataGovOps is going to be the next revolution and finally solve the data challenges we've been facing for a long time," he asserted.
Cycode, which provides "complete software supply chain security," was represented by CEO and co-founder Lior Levy. Dor dropped a judge's question that brought laughs to the room: "How do you convince developers to fix their code?" Levy responded that his company helps developers implement bug fixes within their existing workflows and adds in automation "so they don't get frustrated."
"Bringing incident response into the cloud era" is Cado Security. CEO and co-founder James Campbell compared the manual process of investigating and responding to cloud incidents to the tedious procedure for creating a mix tape (Gen X represent).
"Is data collection happening before an attack or after an attack?" Kramer asked. "Is it part of the investigation, or is it part of the ongoing process?" The answer was that it depends on which services a customer uses.
Goldberg showed up to talk about her company BastionZero, which says it is "redefining zero trust for access to cloud infrastructure." Thompson asked Kocher, who co-created the SSL protocol, to ask a question. He obliged by asking whether organizations should use BastionZero or the strong encryption of a YubiKey to replace passwords.
Goldberg answered, "You should use us, for sure, absolutely," which again brought laughs, but she continued by saying that the separate authentication path could include things like YubiKeys.
Araali Networks, whose tagline was "surviving intrusions in cloud-native environments," closed out the contest with co-founder and CEO Abhishek Singh. The judges asked several technical questions about how the system handles various situations and configurations, which Singh handled ably.
"It works out of the box for Google, Amazon, and Azure," he assured Microsoft's Young. "Any system that works with Linux ... is ready to work with us."
In-Person Do-Over for Apiiro
One of the most poignant moments came at the beginning of the show: Thompson brought up the winner of the 2021 Innovation Sandbox, which was held virtually, so that he could have his in-person moment of glory. Idan Plotnik, co-founder of Apiiro, shook Thompson's hand and told him his company had increased its revenue by 398% in the past year.
"Everything changed," Plotnik said.
The 10 finalists, in alphabetical order, were:
- Araali Networks
- Cado Security
- Sevco Security
- Talon Cyber Security
Neosec is reinventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel. To learn more, visit Neosec.com.