RSA Conference Crowns Its 'Most Innovative' Company: Waratek Wins With New Take On Security

The RSA Conference brings together some of the latest and greatest security technologies under one roof, but only one startup is chosen each year as the "most innovative company" in the Innovation Sandbox competition.

This year, Dublin, Ireland-based Waratek took home the prize for its runtime application protection offering, dubbed AppSecurity for Java. With the win, it joins the company of previous honorees RedOwl Analytics, which recently received a strategic investment from the Blackstone Group; Sourcefire, which was acquired by Cisco in 2013 for $2.7 billion; and Imperva, which went public in 2011 to raise $90 million.

"I think the RSA recognition is fantastic," Waratek CEO Brian Maccaba said in an interview with CRN after the win. "I think it will accelerate the company's progress. We hope we'll be seeing the same success [as past winners]."

[Related: 25 Security Innovations Unveiled At RSA 2015]

Sponsored post

Waratek went first in the competition, pitting its offering against nine other startups that had made it to the final round out of more than 150 candidates. Those finalists included Bugcrowd, Cybereason, Fortscale, NexDefense, SecurityDo, SentinelOne, Ticto, TrustInSoft and Vectra Networks.

"It was nail-biting, to be honest," Maccaba said. "We were unique in that we were the only people from this new category, a new category with a new breakthrough. ... When you create a new solution, it's a new kind of game."

The Waratek offering looks to provide large enterprises and institutions with runtime application protection using secure container technology in on-premise or cloud environments. The offering can protect new and legacy apps without changing any code, Co-CTO Anand Chavan said. The benefit to that "bulletproof vest" for applications is twofold, Maccaba said, as it protects against known and unknown flaws in software applications, but also helps alleviate the challenge of remediating live application vulnerabilities.

"As long as the code is running somewhere, we can protect it," CTO Chavan said.

The application-level protection is a new take on security that is garnering "a lot of interest," particularly in the financial and government sectors, as a complement to endpoint and network-level security solutions, Maccaba said. Waratek also offers virtual patching of third-party applications which, combined with AppSecurity for Java, is the company's "big sell," Chavan said.

The executives said the company is "absolutely" looking to work with the channel. Right now, Maccaba said the company works with some channel partners who are already engaged with the company's client base in the top 200 of the Fortune 500. However, he said Waratek will look to expand its channel partner base as it targets more of the Fortune 1000.

"In many cases, people have a prime relationship in place already [with a channel partner]," Maccaba said. "We're very happy working through those channels. In some cases we're working direct, but in some cases we're working with the appropriate channels."

That need to diversify solutions beyond the traditional perimeter defense measures was echoed during keynotes and by security experts throughout the RSA Conference last week. Maccaba said the fight between the security industry and the attackers is "asymmetric," with attackers taking a clear lead.

"There's a real need to up the quality of defenses," Maccaba said.

For that reason, Chavan said he predicts there will soon be a lot more demand for application-level security solutions such as Waratek's, especially as insider threats continue to rise and enterprises look to reduce the attack surface.

"When there's a technology leap and some of the older technology hasn't proven effective enough ... we really need to update our thinking. That can be a challenge," Chavan said. "I think we're looking at that kind of cusp here in the security industry. There will be a lot of people coming into security from application backgrounds."