A big theme in cyber security at the moment, featuring regularly in this list, is the mission to abolish the password.
Passwords are of course a fairly weak security measure for several reasons. For one thing, due to the difficulties in remembering a password, people often use a relatively obvious password, such as their own name, and they may also use the same password for multiple accounts.
Perhaps most concerning, any password can eventually be cracked through brute force, if a bot simply attempts every single combination of characters.
Some of the innovations on the list focus on using new forms of input as security measures, such as sound or biometrics.
Multi-factor authentication also features in some of the products. Multi-factor authentication means two or more different ‘factors’ being used simultaneously in an authentication. These factors can be something the user has (a smartphone), knows (a PIN code or password) or is (a fingerprint or other biometric.)
CBR rounds up some of the most innovative products out this year.
Content from our partners
1. SiliconSAFE
Could the attacks on Ashley Madison, Vtech, Time Warner and Sony have been prevented? SiliconSAFE, launching a digital safe in April, claims that this could have done so.
The product stores bulk data (users’ passwords, credit-card details, biometrics etc) in hardware. This means that no conventional operating system, software or database exists and hence can’t be hacked.
Currently, customer identities are stored in high-level systems which can be accessed via vulnerabilities or by using administrative rights.
When logins are sent to the appliance for authentication, it simply replies whether the details are valid and no user data is revealed. The passwords can never be retrieved from the appliance, with the firm’s No-read technology allowing only verification results to leave the device.
SiliconSAFE has a ‘major high street bank and telecoms firm’ as early customers.
2. Intercede
The UK-based Intercede’s RapID, according to CEO Richard Parris, "kills the need for passwords" in mobile applications.
The solution provides password and token-free access to the cloud services that business and consumer mobile apps need to access.
RapID incorporates PKI-based authentication and encryption, which Intercede claims provides "military-grade security." It can be integrated within new or existing mobile apps using two or three API calls.
The user is guided through an initial identification and verification by the service provider before the smartphone is issued with a unique digital credential.
From then on all apps using RapID can access the application through a PIN code or fingerprint scan, meaning that only the user possessing the smartphone and the PIN or fingerprint can access the application.
The solution is available for iOS and Android-based devices and is built on the MyID platform.
3. Darktrace
Another UK-based company, Darktrace was founded in 2013 with the backing of Mike Lynch and Invoke Capital.
Antigena is a machine-learning product which detects a threat and build on Darktrace’s Enterprise Immune System product to fight against it.
Darktrace says that the product replicates the function of antibodies in the human body.
"Antigena modules act as an additional defense capability that automatically neutralize live threats, without requiring human intervention," said a statement from the company.
Darktrace says that the solution can directly inoculate against potential threats without rules or signatures. It also says that it can prevent, slow or disrupt activity in real time and provides no false alerts to administrators.
4. Kaspersky
According to Kaspersky, businesses have the conventional software able to deal with 99 percent of generic cyber attacks but it is the 1 percent of attacks that are targeted that have the most significant impact on businesses.
The firm says that this requires not only advanced technology but also intelligence that has either been accumulated within the company or requested from a security vendor.
The Kaspersky Anti Targeted Attack Platform allows businesses to detect targeted attacks by carefully monitoring network activity including communications such as web and email.
It utilises network and endpoint sensors and sandbox technology to detect abnormal activity within the system. All necessary modules are available within the solution itself, meaning it has full compatibility with existing corporate security infrastructure.
5. Netskope
Netskope Active Threat Protection is a protection solution for the cloud access security broker industry.
The company cites statistics suggesting that 4.1 percent of sanctioned cloud apps are laced with malware and total cloud app usage extends into the thousands per enterprise. It claims that traditional perimeter security providers fail to protect this attack surface.
It provides IT with threat intelligence, static and dynamic analysis and anomaly detection so that they can manage usage of cloud apps.
The solution includes a granular policy enforcement engine and can trigger workflows such as quarantining. Customers can also integrate it with their existing remediation tool set.
Active Threat Protection also helps IT understand the context of the usage, such as who is uploading, downloading and sharing data.
