Gold Optis: Most Innovative and Socially Conscious Technologies at Black Hat

By Olivia Gallucci, Cybersecurity Reporter, Cyber Defense Magazine

I interviewed approximately sixty industry leaders from over forty companies who attended Black Hat. Although this article series—The Optis—can be read as a traditional Black Hat recap, I specifically highlight twenty-one companies that stand out and whose growth I recommend watching.

Rochester Institute of Technology’s Cybersecurity Club, RITSEC, inspired the metrics I used to analyze and rank companies. Specifically, I adopted RITSEC’s motto, “Security Through Community,” while examining each company’s ability to promote social good, inclusion, and innovation inside and outside of the company. Furthermore, I referenced materials—public demos, open-source code, and publications—to determine the accuracy of the company’s claims and the span of its communal reach, public contributions, and social good.

Given Cyber Defense Magazine’s awarding of unicorns (“a private company with a valuation of over $1 billion”) and that Olympic sailing occurred during Black Hat, I created a conceptual framework—The Optis Series—to highlight innovative and socially conscious companies at Black Hat USA 2021 (UserGuiding). The Optis Series contains three articles: bronze, silver, and gold. You can learn about the judging criteria I used for the Optis Series here or scroll to the end of this article.

Coalfire

Mark Carney, COO of Coalfire

Coalfire is known for its abilities in security compliance, but that is not all it offers. Over the past two years, Coalfire’s front-end security and pen-testing teams grew significantly and continue to grow in funding, hiring, and expertise. At present, Coalfire is an organically grown company employing approximately one thousand security professionals globally and plans to hire around three hundred people by the end of 2021.

Coalfire specializes in cloud infrastructure services, working with almost every international enterprise cloud infrastructure company. As a result, its products and services—pen-testing, architecture, design, management, compliance, and multi-cloud support—are influenced by how enterprises use the cloud. Furthermore, Coalfire continues to develop these areas; its teams in attack strategy, privacy and risk compliance, and cloud-focused services (i.e., pen-testing, engineering, and management) are expanding.

Used with permission from Coalfire.

Coalfire recently acquired two companies: Neuralys and Denim Group. Neuralys created pen-testing management platforms into an attack service management framework by utilizing active and passive scanning, which helped clients identify new and existing vulnerabilities on their networks in an outgoing manner. In other words, Neuralys invented a way to continuously pentest networks. Furthermore, Coalfire acquired Denim Group, a consulting firm specializing in pen-testing and application security; their platform, ThreadFix, applies application-specific vulnerability aggregation from over fifty databases and tools. ThreadFix consolidates test results and prioritizes vulnerable clients, reducing the remediation time up to forty percent.

Learn more: By reading Coalfire’s 3 Annual Penetration Risk Report and by exploring its Reddit page.

College students and faculty may be particularly interested in Coalfire because of its Richard E. Dakin Fund. The fund was created in honor of the late co-founder of Coalfire, Richard E. Dakin. It supports scholarship programs at several universities for promising college students studying cybersecurity and related fields.

Epiphany Systems

Rob Bathurst, Co-Founder and CTO at Epiphany Systems

Epiphany Systems is an offensive security company providing red team attack paths and solutions for clients’ critical IT assets and users. Its platform is the first offensive cybersecurity program designed to reduce Time-to-Context. Epiphany Systems spun out from Digitalware at the beginning of 2021. At present, Epiphany Systems has 22 employees and expects to hire approximately twelve people by 2022.

Epiphany Systems’ platform works by analyzing clients’ preexisting security data to create attack paths. Then, the platform analyzes each attack path, the likelihood of exploitation, and the consequences if exploited to provide clients’ security professionals a surface-level view of vulnerabilities on the network. Furthermore, it integrates with clients’ existing security tools.

Used with permission from Epiphany Systems.

Its innovativeness stems from its Time-to-Context approach, which finds solutions for clients’ needs within a specific context. For example, if an administrator can only access a document from one IP address, Epiphany Systems creates attack paths using that knowledge for how that document could be definitively accessed. Bathurst explains, “It is difficult to automate generalized red teaming efficiently. Generalized human red teaming creates attack paths that tend to be sporadic and unique to a point in time. We find a target (i.e., an administrator) and work backward to create our attack path that is more precise.”

Epiphany Systems intently integrates open-source software (OSS). Even better, Epiphany Systems contributes to OSS; Bloodhound is one of its favorites. Bathurst adds, “We contribute to OSS wherever we can. Much of what runs the internet started as small projects that never developed procedures to pass on development; This is not sustainable. Thus, Epiphany Systems assists OSS projects to ensure smooth transitions in new and pre-existing legacy projects.”

Given that the company is young, it is imperative to examine its future goals and developments. To answer this, Bathurst explains that “We have shown that we can analyze data in nonobvious ways. However, that does not mean there are not more possibilities. We want to discover even greater ways of analyzing data and explaining the impact of that data, especially to leaders outside of tech.”

Learn more by reading Epiphany Systems Launches into the Cybersecurity Market with Industry’s First Offensive Context-Aware Platform

Lightspin

Vladi Sandler, Co-founder and CEO of Lightspin

Lightspin is a cloud security company using an offensive approach to detect cloud misconfigurations; it designed a platform to secure cloud and Kubernetes environments throughout the development cycle, simplifying cloud security for IT and DevOps teams. Dell and Ibex granted Lightspin $16 million in series A funding bringing total funding to date to $20 million.

Lightspin’s platform detects all security risks on the network, and its innovativeness stems from its ability to prioritize the most critical issues and remediate them from build to run time. For example, Lightspin creates the Attack Path, an interactive diagram displaying clients’ vulnerabilities and how each vulnerability affects other parts of their network. These charts were developed with the C-suite in mind, providing a simple and usable interface suitable for presentations and reports. Furthermore, Lightspin’s platform uses data from previous attacks to correlate vulnerabilities with the repercussions if exploited.

Used with permission from Lightspin.

However, the company itself has notable qualities too. It demonstrates a thoughtful and inclusive workplace. Sandler stated that “Our goal is to build a healthy company. We promote diversity and inclusion, which is why we have been a gender-balanced company from the beginning. We found that our company growth, employee happiness, client satisfaction, and community involvement are all tightly linked, which is why we only promote growth from a healthy and ethical perspective.” Most of all, Lightspin’s open-source contributions and support of public initiatives are some of the most impressive in the Opti series.

Lightspin’s GitHub repositories are well-documented and shared. Some of its notable projects include Red Kube, a red ream K8S adversary emulation based on kubectl, and Red Shadow, an AWS IAM vulnerability scanner. Lightspin also developed Red Detector, which scans EC2 instances for vulnerabilities using Vuls. Furthermore, Lightspin’s blog provides tutorials on how to use and contribute to its projects. These tutorials are great for any skill level and receive enthusiasm from users and contributions. Overall, Lightspin demonstrates technological innovation, creativity, professional excellence, and social responsibility. As a clear trendsetter and innovator in cybersecurity, I cannot wait to see how Lightspin’s technology develops by the next Black Hat.

Learn more: CISO Talks: Choosing the Right Solution for Your Organization as a CISO, ft. Vladi Sandler, CEO at Lightspin

Syxsense

Ashley Leonard, CEO of Syxsense

Headquartered in southern California, Syxsense is a software as a service endpoint management and security software company. Syxsense specializes in combining IT and patch management with security vulnerability scanning, and now a full remediation capability using Syxsense Cortex, the company’s workflow builder.

Syxsense’s cloud-based platform allows clients to manage all of their endpoints and devices through drag-and-drop (DnD) workflow technology. Example actions include almost everything: patches, asset management, vulnerability scanning, software installations, and more. Clients can use and edit pre-built blocks and create new ones. Furthermore, clients can deploy actions to individual devices, sets of devices, or all devices. For example, a client could update all of the odd-numbered computers on their network or change the background to display a cat for all employees named “John.”

Syxsense Cortex is a drag-and-drop workflow builder for building remediations to configuration errors and security vulnerabilities. Used with permission from Syxsense.

As a WordPress blogger, Syxsense’s product resonated with me because of its simplistic workflow and customization. Its DnD security workflow reminds me of how bloggers use DnD blocks to create a website or post. Furthermore, Syxsense’s ability to support any skill level is similar to how WordPress sicks with bloggers throughout their careers.

For example, new WordPress bloggers almost exclusively use DnD blocks. Over time, they learn how to customize blocks and how parts of the website interact (i.e., CSS and hosting configurations). Eventually, bloggers can create new blocks, build websites, fix bugs, and teach others. Skilled bloggers often publish custom blocks as code, add-ons, and templates, which creates an app-store atmosphere in WordPress.

Syxsense demonstrates similar possibilities in the security industry. Using Syxsense Cortex, clients can implement Syxsense’s platform using premade blocks. Once employees learn how each block’s settings interact with the network, they can customize blocks to fit their exact needs. Moreover, the transferring of skills from senior techies to new employees is seamless in this environment. I would not be surprised if its clients use its platform to teach security skills to employees or if security professionals make tutorials on custom blocks.

Watch Syxsense’s demo on Vimeo.

Lastly, Syxsense scans clients’ networks, proposes solutions, and displays potential exploit outcomes. In other words, Syxsense can fix vulnerabilities its platform detects, and best of all, clients can use DnD to resolve each issue.

Learn more: Syxsense Releases Two New Solutions for Remediating Endpoint Security Vulnerabilities

ThreatQuotient

Chris Jacob, Global VP of Threat Intelligence Engineers at ThreatQuotient

Another company I would look out for this year is ThreatQuotient, a modern data-driven security operations platform. The company has a rich history in problem-solving and social networking, arguably the two best things an organization could have. The company founders–developer Wane Chiang and security operations officer Ryan Trost–noticed while working in a large security operations center (SOC) that data was not being shared and accessed efficiently. For example, workers on the 8 AM shift were not effectively collaborating with other shifts at their company, which led to unnecessary security testing. Chiang and Trost set out to fix this problem globally by creating a pure-play threat intelligence platform and an API that could be utilized across departments and organizations; this led to the founding of ThreatQuotient in 2013.

Used with permission from ThreatQuotient.

However, ThreatQuotient’s intriguing history is not why I selected them as a Gold Opti. ThreatQuotient is a leading security company in extended detection and response (XDR) that examines intelligence and information security events to create a holistic picture of threats. The company’s innovativeness comes from its APIs integration with external products. Its mission is to integrate its API with as many platforms, products, and technologies as possible to promote long-term growth and diversification. Jacob explains that “If companies share knowledge of adversaries’ attacks, techniques, and other intelligence, they could detect more hacks; although, not necessarily prevent them. We created a data-driven automation and data-sharing tool that can show what is happening with threats.”

ThreatQuotient’s founders and many of its employees have an open-source background. As a result, its platform integrates with clients’ preexisting technologies, so they were not locked into a vendor. Furthermore, its MSSP and intelligence community encourage sharing and collaboration. Jacob stated, “We believe companies should share to advance the cybersecurity and intelligence community,” which is illustrated by its membership in the Open Cybersecurity Alliance and contributions to OpenDXL.

I am looking forward to learning about the company’s future developments, too. Jacob adds, “currently, we are expanding in XDR, but we have always been in that sphere. What is interesting is that the security industry is pivoting to where ThreatQuotient has been and calling it XDR. As a result, we are a frontrunner in XDR technologies, and we are creating new technologies to improve our platform every day.”

Learn more at ThreatQuotient’s website.

Trend Micro

Jon Clay, VP of Threat Intelligence at Trend Micro

Since its founding in 1988, Trend Micro evolved from a family-run antivirus company to an international security organization. Trend Micro was the first company to implement internet and virtual machine scanning technologies. Its specialty is defending against zero-day and zero-hour threats.

I interviewed Jon Clay on Trend Micro’s Cyber Risk Index (CRI) and on Trend Micro’s latest products and publications that have impacted the security sphere. After four years of deployment through the Ponemon Institute, Trend Micro’s CRI has mastered calculating clients’ preparedness to defend against attacks. Its index spans from -10 (bad) to +10 (good) and helps C-level executives understand risks within their organization. In its 2021 distribution, CRI demonstrates that the preparedness to defend from cybersecurity risks has decreased globally.

Used with the permission of Trend Micro.

Trend Micro also progressed in the open-source sphere. One of their most famous open-source tools, Trend Micro Locality Sensitive Hashing (TLSH), has been publicly adopted by multiple antivirus firms. TLSH uses machine learning to identify files that are similar in nature. For example, if a file contains the text “oliviagallucci.com” and another file contains “oliviagalucci.com” (missing an l), then TLSH would generate two very similar hashes. Furthermore, Trend Micro partnered with Synk, an open-source security company, to develop Cloud One, a scanner that detects malicious or vulnerable code in open-source repositories.

Unlike many companies, it is clear that Trend Micro fosters a culture of openness and collaboration. Readers interested in learning about Trend Micro—open-source contributions, product development, or otherwise—have ample resources to explore its professionals’ expertise and outlook at any point in its history.

Further reading: Trend Micro Demonstrates Threat Expertise at Virtual Black Hat USA 2021

For those interested in assisting with Trend Micro’s open-source programs, Clay recommends contributing to its Zero Day Initiative, which consists of approximately ten thousand researchers globally to find vulnerabilities and bugs. The Zero Day Initiative helps clients develop intrusion prevention systems with an eighty-day protection period.

vArmour

Tim Eades, CEO of vArmour

vArmour is an Application Relationship Management company focusing on operational risk, application resiliency, and securing hybrid cloud environments. The company was founded in 2011 and created due to many enterprises lacking the skills or resources necessary to analyze company networks. vArmour is backed by Highland Capital Partners, AllegisCyber, Redline Capital, Citi Ventures, and Telstra. vArmour’s products help clients determine which security relationships are working and which are failing and helps clients then analyze those failing relationships and execute solutions.

vArmour is innovative in its technology and culture. It has experience with every industry, making its solutions very diverse. However, banks, telecommunications, and critical infrastructure companies are its primary clients. Eades describes vArmour’s innovative culture well: “We are a very kind, humble, and smart company [that is] solving enterprise security problems from the inside out, as opposed to the outside in. vArmour is not just a detective. You find the problem, decide what you want to have happen, then control for those things with programming.” In the Los Altos office, there is a mural with “Shoulder to Shoulder,” symbolizing the golden rule with vArmour’s twist. In Eades’ words, “We do it together, and we do it as one.”

Used with permission from vArmour.

vArmour also contributes to public forums, growing a supportive community around its projects. Eades states that “Thinking in public and sharing our ideas with the work and receiving feedback allows us to ensure our company is heading in the right direction morally and technologically.” Moreover, vArmour assists clients using multiple licenses from legal, technical, and social perspectives.

Diana Nicholas, Marketing Engagement and Partner Associate at vArmour, performing at vArmour’s live show. Used with permission from vArmour.

Lastly, vArmour shined at Black Hat this year. vArmour joined 13 other cybersecurity companies to create the live Security Leaders concert, with the Social Animals headlining and featuring performances including the band of Diana Nicholas, a Marketing Engagement and Partner Associate at vArmour. However, this is a common practice at vArmour. The company loves promoting “breakout moments” for its employees and up-and-coming musicians. For example, vArmour has an annual tradition of hiring up-and-coming musicians for a live show. Eades is very proud to note that they even hired Royal Blood before they were famous. Overall, I was blown away by the enthusiasm and support of this team, and I look forward to following vArmour technical and cultural growth.

Learn more at vArmour’s website.

Judging Criteria

Sailing is similar to cybersecurity in that social, technical, and economic barriers often prevent beginners from joining. However, some companies and leaders strive to alleviate these barriers.

For example, Clark Mills and Major Clifford McKay created the Optimist Dinghy (Opti) to ease financial and age barriers to sailing (The Optimist Dinghy 1947-2007, 2013). The Opti design was so successful that it became one of the most popular sailboats globally and has introduced millions to sailing.

Similar to Mills and McKay’s progress in sailing, the companies recognized by the Optis Series have significantly improved their community and industry. The Optis Series highlights cybersecurity companies’ innovation and ability to address social, technical, and economic barriers. Furthermore, the definition of an optimist, “a person who is inclined to be hopeful and to expect good outcomes,” represents the outlook of cybersecurity if these trends continue (Merriam-Webster, 2021).

Here are the judging criteria:

• Highly differentiated and innovative by offering a unique product, technology, or technique.
• Demonstrates company growth, ideally supported by numerical data like funding and sponsorship, acquisitions, and hiring trends.
• Active external enthusiasm and press.
• Practices embodied by “Security Through Community,” such as inclusion initiatives and a supportive company culture.
• Socially conscious contributions that are easily proved or demonstrated (i.e., open-source code, publications, blogs, events, and licensing choices).

Bronze companies fit into one or two categories, while silver companies demonstrated three or four; gold companies exemplified all five. All companies, however, epitomized their awarded categories enough to deserve substantial recognition for their efforts.

I was very flexible with my interviews, and I did my best to create a holistic picture of each companies’ values and technologies. I also cited evidence whenever possible through public numerical data, blog posts, reports, publications, and product demos. Read the full criteria here.

About the Author

Olivia Gallucci is a Cybersecurity Reporter for Cyber Defense Magazine and the winner of CDM’s 2021 Women in Cybersecurity scholarship. She is studying Computing Security and Computer Science at Rochester Institute of Technology.

She is a Free and Open Source Software advocate and Linux enthusiast. Olivia can be reached online here at CDM and at https://oliviagallucci.com/ and @ivyhac and https://www.linkedin.com/in/olivia-gallucci/