In an arena of thousands of cybersecurity vendors, there is a decent share of incremental innovation and products that are features. But innovation that enables a leap and an advantage in cybersecurity to address challenges differently or address new challenges is elusive. RSA Conference (RSAC) gives security startups two structured opportunities to distinguish themselves, and Forrester always finds it revealing to see which startups make the cut.

Innovation Sandbox: There Was One Clear Winner

In 2024, Aembit, Antimatter, Bedrock Security, Dropzone AI, Harmonic Security, Mitiga, P0 Security, RAD Security, Reality Defender, and VulnCheck competed in Innovation Sandbox. This was the first year that we can remember RSAC including an enterprise CISO in the judging panel of veteran VCs, vendor CTOs, and startup founders, and she was an excellent addition, asking the questions that prospective customers might. The winner: Reality Defender. The runner-up: Aembit.

But wait — there is another friendly competition happening in the audience. As attendees, Forrester research directors and analysts make our top picks to guess the winner. And this year, we both guessed the judges’ top pick correctly, although we missed on the runner-up. Here were our top five:

Laura’s Top 5 Heidi’s Top 5
1. Reality Defender 1. Reality Defender
2. Dropzone AI 2. Antimatter
3. Antimatter 3. Harmonic Security
4. Aembit 4. Mitiga
5. Harmonic Security 5. RAD Security


And here’s why:

  • Deepfakes are a growing threat with costly consequences. Forrester calls out deepfakes as one of the five top cybersecurity threats of 2024. Enterprises face a variety of harmful outcomes from fraud, ransomware execution, data and IP loss, stock-price manipulation, reputation and brand damage, amplification of misinformation, and more. Tools for detecting deepfakes are few and still in their early stages today. Reality Defender is already tackling this pressing issue for television networks (to scan media before they use it on air) and banks (to detect AI voice fraud in call centers).
  • Generative AI use changes how we need to think about data controls and protection. Antimatter and Harmonic Security tackled imposing controls on how large language models can interact with data and how people can interact with genAI apps. It also includes use of genAI in ways that fundamentally change the approach to data protection. Beyond data protection, use of genAI in security tooling overall is heating up; proceed with caution and don’t get caught up in the hype, as with some visions such as an autonomous security operations center (SOC).
  • Enabling least privilege access with less friction offers clear, direct value. Four out of the 10 finalists had innovations here. Enterprises face many challenges with identity governance and access for both humans and machines across systems and data environments today. The top 2024 trends shaping identity and access management include the technical debt of sustaining old on-premises solutions, as well as increasing demand for fine-grained authorization.
  • We need efficiency gains to accelerate response. Cybersecurity practitioners still lack impactful automation to execute workflows confidently and consistently. But we know that shortening the time it takes to detect, investigate, respond, and remediate reduces the impact of breaches. The “need for speed” that permeates the industry was a recurring theme for these early-stage vendors. These innovators are trying to increase our contextual understanding of our tech stack instead of adding “more layers of tooling.” Improving our understanding of our tech stack will result in better analyst experience for the SOC and other members of the security team.

Launch Pad: Tamnoon Is Our Pick

Launch Pad was like the encouraging, almost-too-nice cousin of Innovation Sandbox. In 2024, Culminate, Knostic, and Tamnoon pitched their ideas to a panel of seasoned VC judges moonlighting as cheerleaders. The judges don’t pick a winner; instead, each of them says whether they’re “in” on the startup’s proposal or not. This year, all three judges gave all three startups their seal of approval. Launch Pad finalists had a few things in common with their Innovation Sandbox counterparts: the use of AI in security, enabling least privilege, and detection and response. Our take:

  • Culminate offered a version of the ubiquitous AI “assistant” or “investigator” for SOC analysts. The vendor-agnostic alert investigation tool reduces vendor lock-in and promises to speed detection and response through contextualization and prioritization. There’s a possibility that Culminate could find demand in the small to midsize business segment that sometimes gets ignored, but it might be a hard sell for enterprises currently attempting to shed tools from their tech stacks.
  • Knostic pitched itself as “Okta for authorization.” Rather than blocking responses from generative AI tools and confusing users who don’t understand how or what they did wrong, Knostic safeguards sensitive information, suggests alternative approaches, and recommends alternative prompts that preserve the confidentiality of data without creating a poor user experience.
  • Tamnoon won our votes because of its remediation simulation capabilities and as-a-service model. It simulates remediations to understand potential impact to your cloud environments. If adopted by both security and IT, this could cut the back-and-forth between the two groups and lead to faster decision-making, resulting in rapid mitigation and remediation. The provider is also launching as a service right out of the gate, which is smart because: 1) Everything eventually becomes a service and 2) this should help facilitate adoption, leading to faster growth.

So You’re Interested In Working With A Startup, But … Can You Really Do That?

Yes, you can. Great startups offer agility and flexibility, and you get to be a design partner in many cases, but you must be able to invest time in engaging with the startup. If you’re an experienced CISO in an organization with a vision, strategy, and baseline security, you can go for it. Here’s what you should keep in mind:

  • You need to give to get. Pay into the ecosystem by giving startups proof-of-concept opportunities. For example, this could involve participating in a customer advisory board and being vocal with your feedback and constructive criticisms.
  • Use your authority to allocate funding and resources for using this innovation. For example, this can include building the capability within your team to actively scan the market to evaluate and assess cybersecurity startups. In addition, you can celebrate successes by demonstrating how investment brings business value and assists in delivery of core security objectives.
  • The startup gets enterprise knowledge and credibility, and you get influence on the early roadmap. Being the large client of an early-stage vendor gives you immense influence on the overall roadmap for the solution. The insights you share about how this works in enterprise environments, use cases, and how to navigate procurement and third-party risk management hurdles are invaluable for the vendor. Use this power responsibly, but recognize it for the opportunity that it is.
  • They’ll prioritize your due diligence. Spend the time to assess feasibility in production and check existing customer references. They should be open about gaps in their solution. Whether you’re the first major organization to use their product or the 20th, you’ll want to probe into details, including: 1) how it’s funded; 2) the track record of its investors; 3) the credentials of the startup team; and 4) which formal certifications it has (or hasn’t!) achieved for its own internal security practices.

Want to hear more about our experiences at RSAC this year? Forrester clients can join us for a webinar on June 18 at 1 p.m. ET.