One of the big events at RSA was the Innovation Sandbox. Ten finalists were invited to present demonstrations and short presentations of their sandbox technologies. The winner was Invincea. I had the chance to talk with Invincea's Anup Ghosh the day after his big win (and the smile he was beaming showed just how big a deal his win was).
"Sandbox" is one of the biggest buzz words in security right now, right up there with cloud computing and virtualization. In fact, Ghosh told me that the bulk of his competition had sandboxes based in the cloud and he thought that, with so many security conversations involving the cloud, one of those would be the winner. Instead, it was his vision outside the cloud that won.
Where the sandbox is located isn't as important as the vision of security overall. According to Ghosh, security continues along the same path, but we keep expecting a different outcome. He called it the "wash, rinse, repeat" cycle of security. (He's not alone. It was a theme I've encountered a few times here at RSA.) He said:
Look at the state of security we're in. It's not okay for us to be ceding to the adversaries.
One of the biggest problems, as Ghosh explained it to me, is that security solutions put too much responsibility on the end user, and it shouldn't be that way. Will the sandbox help shift the blame from the end user to the security protection solution? Possibly. Rather than penalizing users for making mistakes, Invincea's sandbox instead infects a virtual machine. The virtual machine is like a temporary file-it is discarded as soon as it is corrupted, and it is done quickly and seamlessly, so the user never knows. Ghosh said:
... security is ready for disruption, and that change may be moving in the direction of sandbox techniques.