10 Innovative Security Startups To Watch In 2014

Latest Startups Address Advanced Threats, Mobile Security, Click Fraud

Companies that detect advanced threats, weed out fraudulent activity and address mobile security risks are vying for the title of "Most Innovative Company" during the Innovation sandbox program at the 2014 RSA Conference. The vendors are using a variety of techniques including threat modeling and behavioral analytics to detect suspicious signs that could signal a potential threat. Judges include Asheem Chandna, partner at Greylock Partners; Gerhard Eschelbeck, CTO and senior vice president of Sophos; Alastair Goldfisher, editor of the Venture Capital Journal; George Hoyem, investment partner at In-Q-Tel; Paul Kocher, president of Cryptography Research; and Katie Moussouris, senior security strategist lead at Microsoft.

White Ops


White Ops uses JavaScript to detect attempted click fraud on Web advertisements. The technology uses behavioral analysis to take fingerprints of known advertisement click fraud techniques and then uses the fingerprints to detect whether an ad impression is human or not. White Ops executives say the new technology is a step forward from current anticlick fraud technologies that rely on predictive analysis or whitelists and blacklists to provide protection.

One of the New York company's co-founders is network security expert Dan Kaminsky (pictured), an industry luminary who discovered a serious domain name system vulnerability in 2008.

Bluebox Security


Bluebox Security is emerging from stealth mode this week and is focusing on mobile security with its scanning platform. The company made headlines last summer when it discovered a serious flaw in the Android security model that enabled attackers to modify Android applications without being reviewed by Google.

The San Francisco-based company was founded by Caleb Sima (pictured), an application security expert and founder of SPI Dynamics, which was acquired by Hewlett-Packard in 2007, and Adam Ely, who served in security leadership roles at the Heroku business unit at Salesforce.com, TiVo and The Walt Disney Company with a core focus on application security.



Cylance says its enterprise endpoint security platform uses mathematical analysis and machine learning to detect threats, rather than signatures and blacklists. The platform uses an agent that integrates with existing software management systems such as McAfee ePO and IBM Endpoint Manager. The agent analyzes and classifies file characteristics on each endpoint system to discern whether an object is good or bad. After it identifies a threat, it will stop execution of the malware.

The Irvine, Calif.-based company was founded and is led by two former McAfee executives. Cylance CEO Stuart McClure (pictured) was executive vice president, CTO and general manager of the Security Management Business Unit at McAfee. Cylance Chief Scientist Ryan Permeh served as chief scientist at McAfee where he built out its TRACE research team.

Co3 Systems


Cambridge, Mass.-based Co3 Systems is focusing on an automated incident response toolkit. The company said its software can instantly generate detailed incident response plans and provides a platform for threat investigations. In addition to generating an incident response plan, the software provides management workflow for incident entry and assessment, with customizable dashboards and reporting capabilities.

In January, Co3 Systems announced that security industry luminary Bruce Schneier (pictured) was joining the firm as its CTO



ThreatStream's SaaS-based Optic threat intelligence platform uses machine learning algorithms to deliver actionable threat intelligence that can be fed into security information event management systems. The New York-based company, led by CEO Greg Martin (pictured), tries to match threat actors with the severity level of system vulnerabilities and configuration weaknesses to determine the relevance of specific threats to the business. It also can integrate with intrusion prevention systems, network monitoring appliances and next-generation firewalls. The platform can be deployed in a public cloud, private cloud or on-premise.



Skycure, Tel Aviv, provides agent-based security software for iOS and Android devices that it claims will not impede device performance. The agents interact with Skycure's cloud security service to provide intrusion prevention and detection capabilities for employee mobile devices. The software uses behavioral analysis to detect threats and is designed to take action if it detects suspicious activity.

Both Skycure co-founders are software experts. Skycure CEO Adi Sharabani (pictured) previously served at IBM Software. Yair Amit, co-founder and CTO of Skycure, was a researcher at Watchfire, which was acquired by IBM in 2007.

RedOwl Analytics


RedOwl Reveal examines email, texts, phone calls, financial trades and other interactions to provide situational awareness, or visibility into employee behavior, for customers. The software's analytics engine can show when and how human behavior patterns have changed and identity communication patterns that are not normal behavior. The platform can let businesses explore suspicious communication that could signal internal threats.

The Baltimore-based company said its product can be applied to bolster e-discovery platforms by mining stored electronic data to "identify relevant people, communications, and events in ways that were not possible in the past." The company's president is Guy Filippelli (pictured).



Defense.Net was founded in December 2012 by Barrett Lyon (pictured) to come to market with new ways to defend against denial of service attacks. Lyon, founder of anti-DDoS firm Prolexic and co-founder of content delivery network BitGravity, helped the online gaming industry defend against extortionists.

Belmont, Calif.-based Denfese.Net sells Frontline, a cloud-based DDoS mitigation service that scrubs traffic, sending only legitimate traffic to a website. The company's DDoS SWAT service uses additional tactics against cybercriminals when primary DDoS protection is overwhelmed.

Light Cyber


Light Cyber uses behavioral analytics to detect and alert on malicious activity early in an attack life cycle. The company analyzes network and endpoint information and profiles normal behavior of network users and their devices to spot suspicious behavior. Its Magna network monitoring appliance uses deep packet inspection to profile users and their behavior on the corporate network and alerts on subtle behavior deviations. The Santa Clara, Calif.-based company claims to have low false positives. Light Cyber's Pathfinder scanner then inspects suspected endpoints and uses administrative credentials to gain the required access to the suspected computer.

In December, the company used its approach to detect breaches from Bitcoin mining malware that was distributed through Yahoo Ad servers four days before the campaign became widely known. The company's CEO is Gonen Fink (pictured).



Cyphort, which came out of stealth mode this week, uses a multimethod detection engine to detect malware that has been designed to evade file analysis in a virtual sandbox. The San Jose, Calif.-based company's Advanced Threat Defense Platform uses a variety of techniques to detect exploits containing multiple payloads, encryption and code obfuscation. The software can be deployed off a network tap, a SPAN port or connected to a physical or virtual switch.

Cyphort President and CEO Manoj Leelanivas (pictured) is a networking industry veteran, having previously served as executive vice president of worldwide sales for advanced technologies at Juniper. He also was president and general manager of Cisco's Edge Routing Business Unit. He holds more than holds more than 10 patents for his work at Cisco and at Juniper.