This is such a ubiquitous category that it is really a bit hard to define. Just about every tool in your security stack could fit in here if we defined the terms broadly enough. We have three innovators here this year and they are very different, both in how they defend the enterprise and how they approach the infrastructure.

The problem with defining a security infrastructure is that we start with a definition of the enterprise infrastructure because, after all, that is what we are trying to protect. But, it turns out, that is far easier to say than it is to do. There are almost as many enterprise infrastructures as there are enterprise architectures and there are almost as many of them as there are enterprises. Given that as an, admittedly weak, starting point we can see why we have several approaches to security infrastructure.

One of our innovators looks a bit like a deception network, but that is but a part of the tool. Another is very specific in that it addresses ERP systems, a specialized infrastructure and, therefore, very definable. The third takes a different approach yet. This one is a sort of an attack simulator. It looks at and learns your infrastructure and then figures out how to attack it so you can protect the infrastructure against – now-known – attacks.

One of these we have been watching for some time. For a while we feared that it was too narrow in its application but, with the company’s latest innovations, this innovator now has defined it’s piece of the marketspace instead of being merely an add-on to a very large vendor product. This was an example of where good business and marketing trumped technology. By the time – their time – this innovator introduced its next product, customers were clamoring for it. Nice spot to be in, but that’s part of what makes innovators.

Another interesting story is that one of these innovators took something that was obvious and pervasive and turned it around to be a completely new type of product. When you cannot define a category effectively, make your own. There was a time when, from a customer education point of view, that was a dangerous move. Today, the adversary is moving so fast that organizations are looking for creative and innovative solutions to bad problems now and upcoming. Well, step right up, folks; we’ve got your innovation right here. 

Onapsis Security Platform

Company Name

Onapsis Inc.

Flagship Product in this Category:

Onapsis Security Platform

Flagship Product cost

$45,000 per production SID

Web

https:// www.onapsis.com

Innovation

Full security for ERP systems

Greatest Strength

Excellent focus on where their market is and leveraging prior experience to move from platform to platform obviating the need for “1.0 release” of any new product.

Last year we started talking about Onapsis Security Platform (OSP) as a product intended just for the SAP market and, at the time, it was. As we said last year “The Onapsis Security Platform is an SAP security tool that combines vulnerability, compliance, detection and response capabilities that traditional security solutions do not provide in this environment. Through continuous monitoring, the (OSP) provides near real-time preventative, detective and corrective approach for securing SAP systems and applications.” It still does all of that but now it supports Oracle’s EBS (eBusiness Suite) product.

The issues being addressed by this new release are exactly those that OSP addressed for SAP users last year. Customers for EBS don’t have an easy way to know vulnerabilities so Onapsis leveraged its current SAP infrastructure and applied it specifically to EBS so the EBS support is not like a 1.0 product because the company has done a lot of research in this area already, engaging with lots of customers, especially early adopters.

Back in the SAP world, Many SAP customers are moving to cloud, so this innovator worked with its customers to help with the transition to cloud and hybrid (both on-premises and cloud deployments). Onapsis formed first ERP security group in the cloud security alliance.

The customer base is becoming more sophisticated and mature, moving to continuous assessment, so now the product has closed loop workflow. And the product is now able to integrate with third party systems to automate further (e.g., ticketing). Of course, Onapsis always is leveraging current knowledge to support new platforms as well as user behavior and analytics. Since they already have basics they now are expanding effort.

The company now has a dedicated innovation team addressing GDPR with new policies out of the box. Much of the company’s innovation includes helping customers perform the right kind of mitigation. To facilitate this their innovation team meets with customers to determine needs. We see a very bright future continuing for this innovator, especially since they are pretty much without competition in their chosen niche markets. 

SafeBreach


Company Name

SafeBreach

Flagship Product in this Category:

SafeBreach

Flagship Product cost

Varies, annual subscription based on amount of simulators

Web

https:// www.safebreach.com

Innovation

Attack simulation as a mechanism for protecting the network.

Greatest Strength

Vision and the ability to execute on it.

When we saw this during our regular review cycle we were really impressed. This is one of the most creative approaches to security infrastructure protection that we’ve seen in some time. We just had to invite them to the Innovators Class of ’17. SafeBreach simulates breach methods based on an attacker profile and assets being protected. It quantifies impact and calculates changing risk trends. Finally, it identifies remediation options. We were impressed that a system that simply learns everything it can about the enterprise and the possible attackers could be so effective at protecting the network. What it does after analysis is to run a series of simulated attacks taking into account everything it’s learned leaving you with the data you need to deploy countermeasures virtually and watch the results.

This innovator foresaw the market need and now are recognized by Gartner as a cool vendor in the new category. It ties risk to attack simulation results and over the past year it has added an endpoint simulator. The company monitors groups such as CERT and it can create attack simulation in 24 hours.

Marketing in a new or emerging category (“Breach and Attack Simulation”) can be difficult even if you have lots of resources. So, this innovator has learned how to educate the customers. The core of the message is that the tool can give assurance that your security controls are working as expected from the perspective of the attacker.

Minimally, the SafeBreach Management Console can be run fully hosted in the cloud, and a single endpoint simulator can be run on-premises. The on-premises simulator requires only a bootable mac, windows, or Linux machine. Typically, you would run multiple endpoint and network simulators, to validate endpoint security controls, as well as network segmentation, and protection against infiltration and exfiltration.

This is going to set the bar for this type of protection. Being able to predict what the impact of an attack against your enterprise would be is very powerful. It is especially powerful when the simulations are based upon actual vulnerabilities and attacks as constantly updated by the innovator. 

Bitdefender Hypervisor Introspection (HVI)


Company Name

Bitdefender

Flagship Product in this Category:

Bitdefender Hypervisor Introspection (HVI)

Flagship Product cost

Pricing starts at $1500 / physical CPU per year, and ranges down to $970 / CPU for over 500 CPUs

Web

https://www.bitdefender.com/hvi   

Innovation

System protection in virtual environments by monitoring memory access on the hypervisor.

Greatest Strength

A very high level of technical understand of the environment and its proper operation along with the ability to exploit that knowledge is a security tool.

Bitdefender Hypervisor Introspection uncovers memory violations by directly analyzing raw memory lines to ensure that they are not being altered by malware. The idea is that the hypervisor itself in a virtual environment is the only place in the software-defined data center where malicious activity can be seen and the monitoring cannot be removed maliciously. Since memory is a shared resource it is controlled on the hypervisor. When a malicious attack accesses memory – as it must – the access will be seen on the hypervisor where HVI also will see it. The key is the attack methodology, not the payload. HVI does not care what the malicious code is. It only cares that an unauthorized memory access is occurring.

This is a unique approach to securing a virtual system. Currently security usually (in physical systems) is provided on top of the operating system but in the virtual world it is below the operating system. This is where the hypervisor lives so it is the perfect location. It also is isolated from an attacker compromising the protection itself. Bitdefender layers behavior analytics on top of the normal security stack. The only way to defeat escalation of privilege, for example, is to isolate the attacker from the defense mechanism. However, you also need context. The hypervisor is the only thing that provides isolation and context.

Unique solutions to hard problems come from unique people driven by innovation. The founder’s background is research and pure mathematics. His research background is applied research so he has the mindset for addressing the problem practically with an eye to solving it. At the time Bitdefender was born, the security products were signature based so he looked for a different way to detect threats and came up with behavior-based threat detection residing on the hypervisor. Research is based in Romania, working with seven universities. They view the adversary as their competition, so this innovator always is looking for new ways to detect and prevent threats from having an impact on the system being protected.

What does the future hold for this innovator? The company is looking at the consumer side, IoT, and endpoint prevention/detection/response. Working at the hypervisor level opens many opportunities so Bitdefender is at the beginning of their innovation path.