25 Security Vendors To Watch
A wave of security companies are armed with technologies to help businesses mitigate the next generation of cyberattacks. Who are these vendors and what can they offer?
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltec674a9ac07bc2b1/64f0d9f85bee988c9bc9b8d9/Top25_Slide1.jpg?width=700&auto=webp&quality=80&disable=upscale)
{EDITOR'S NOTE: This story has been updated to clarify that this list encompasses both emerging and established security companies.}
As cyberattacks become more complex and dangerous, security pros will be on the hunt for new technologies to protect their networks and information.
A wave of emerging and established security companies are bringing next-generation security technologies to enterprise users. These organizations have captured the industry's attention and are generating a lot of interest within the security community.
Their technologies span all aspects of the modern cybersecurity space, from mobile app security to cloud security. Their tools are aimed at helping organizations spot previously unknown cyber threats, detect attacks in real-time, and mitigate damage as soon as possible.
There are three key themes driving the cybersecurity market, says Scott Crawford, research director of the Information Security practice at 451 Research. They are: new approaches to endpoint threat prevention, security analytics, and the continued transition to the cloud.
These three trends will have a broader affect on the types of technologies offered by security vendors, as well as the tools businesses will implement and use to protect themselves from attack.
Here are some of these security companies and the technologies they offer. Some of these businesses are fairly new, but all are established and building interesting, game-changing technologies. This list is not scientific and by no means comprehensive; it's simply a sampling of vendors to watch.
FireEye is concentrating on new approaches to endpoint security, says Crawford, and was early to market with its concept of network sandboxing. Specifically, the company is focusing on advanced threat tactics.
In 2014, FireEye acquired Mandiant, provider of advanced endpoint security tech and security incident response management products. At the time of the merger, FireEye reported it was intended to drive its ability to discover and prevent risk at any stage of a cyberattack.
FireEye was founded in 2004 by Ashar Aziz and is headquartered in Milpitas, Calif.
Palo Alto Networks is another company taking on the endpoint security challenge, says Crawford. It was at the forefront of next-gen firewalls, he continues, broadening firewall concepts to include protection of Web and app traffic.
"No protection is going to be absolute unless organizations are going to practice defense in-depth," he explains. "[Palo Alto Networks] is expected to continue to make investments that keep this focus."
Palo Alto Networks was founded in 2005 by Nir Zuk and is headquartered in Santa Clara, Calif.
CrowdStrike is another business specializing in endpoint security, with threat intelligence as another key area of focus.
CrowdStrike started in the intelligence space as a competitor to Mandiant, says Crawford. It continues to investigate threat actors and now has greater visibility into endpoint security. He explains how CrowdStrike's approach to threat intelligence aligns with a key theme in the future of cybersecurity: breaking down silos and integrating data across security tools so it's more actionable.
CrowdStrike was co-founded in 2011 by CTO Dmitri Alperovitch and CEO George Kurtz, and is based in Irvine, Calif.
"Zscaler is one of the early high achievers in terms of the move toward security as a SaaS model," says Crawford. It was founded amid the evolution of mobile and cloud to address the increasingly serious risk of cyberthreats.
Zscaler built an internet security and compliance platform built to act as a "series of checkposts" between the enterprise and public Internet. It scans all incoming and outgoing traffic between devices and the Internet to detect potential threats. Crawford anticipates Zscaler will continue to have an impact on security implementation in the future.
Zscaler was founded in 2008 by CEO Jay Chaudhry and is based in San Jose, Calif.
Several companies use technology from Splunk, which aims to help businesses detect, prevent, and respond to complex threats.
Splunk is another business working to break down silos and integrate data across security tools so actionable information is visible and accessible, says Crawford, and he anticipates this will be a key focus in the future. It's also at the forefront of automation. However, he also notes Splunk is a pricey investment and requires expertise to maximize use of the Splunk language.
Splunk was founded in 2003 by Erik Swan and Rob Das. It's headquartered in San Francisco, Calif.
Veracode was founded on the idea that traditional security defenses are not enough to secure the Web and mobile apps powering today's organizations. The company has made investments across the spectrum of application security, says Crawford.
Their work is not limited to app testing, however, he explains. It extends to DevOps trends and bringing security as close to the app as possible by integrating protection at the level of parsing input that goes into the app.
Veracode was founded in 2006 by Chris Wysopal and Christien Rioux. It's based in Burlington, Mass.
Nok Nok Labs was built to join the silos currently impeding the online authentication process and aims to provide strong authentication without a painful user experience.
Nok Nok's Unified Authentication Infrastructure was created as a means of disrupting the framework for today's authentication solutions. This infrastructure relies on the FIDO Universal Authentication Framework, an authentication protocol designed to meet requirements for modern computers and the IoT.
Nok Nok Labs was founded by Ramesh Kesanupalli in November 2011 and is based in Palo Alto, Calif.
IBM is not an emerging security vendor but has taken steps to advance the industry by applying its Watson supercomputer technology to cybersecurity. IBM Security is working to develop cognitive security, which is built on security intelligence and can provide answers, evidence-based reasoning, and recommendations for improving decision-making in real time.
"There's a lot of potential in applying cognitive computing concepts to the security challenge," says Crawford.
Understanding the meaning behind security data requires expertise, he explains. There are several questions security teams need human experts to answer: What is the evidence telling us? Has someone penetrated the organization? Does this behavior relate to other behavior we've seen?
"If Watson can help with these tasks and digest large volumes of data, that would really help with the load," Crawford continues. However, he notes IBM's technology has a long way to go. Watson is only starting to prove itself in the cybersecurity space, and it's too early to tell how the technology will unfold.
IBM was founded in 1911 by Charles Ranlett Flint and is headquartered in Armonk, NY.
Rapid7's products and services alert businesses to hidden network and app vulnerabilities, harmful user behavior, cloud service usage, and IT operational issues, among other dangers. Rapid7 also provides analytics so security, IT, and operations teams can analyze risk, detect attacks, and respond as needed. It relies on automation as well.
Rapid7 was founded in 2000 by Alan Matthews, Tas Giakouminakis, and Chad Loder. It's headquartered in Boston, Mass.
RSA is not a new company; it was acquired in 2006 and has since been a division of what is now Dell EMC. It's best known for two-factor authentication but has also focused on SIEM, online fraud defense, and other areas of security. RSA acquired NetWitness in 2011, boosting its focus on data access. "Security organizations are increasingly short on expertise and overwhelmed with data," says Crawford.
He also notes time will tell how the recent Dell/EMC merger will affect RSA in the long run, which is why the organization is worth watching. RSA president Amit Yoran foresees the security division will remain unchanged following EMC's acquisition by Dell, as he described in a blog post.
"RSA will continue to focus on delivering solutions that help enable our customers worldwide to create business-driven security strategies that connect business context with threat activities to more quickly and efficiently defend against cyber risk," he wrote.
RSA was founded in 1982 by Ronald Rivest, Leonard Adleman, and Adi Shamir. It's headquartered in Bedford, Mass.
Optiv works with organizations to plan and launch security programs with a combination of products and services related to their strategy. It works with enterprise risk and consulting, security program strategy, enterprise incident management, threat and vulnerability management, identity and access management, security architecture and implementation, training, and managed security.
The company also has an active research division, says Crawford, and it has well-known experts working on advanced vulnerability detection.
Optiv was created in 2015 as a result of the merger between Accuvant and FishNet Security. It's based in Denver, Colo.
Okta is an identity and access management (IAM) vendor working to improve security in the cloud space. It's one to watch as more organizations transition to the cloud and need to provide users with secure access to cloud-based apps.
In order to manage policy and assert control over cloud services, knowing who can access cloud resources is key, says Crawford. Okta's products use identity information to grant users access to applications on any device while maintaining strong security practices.
Okta was founded in 2009 by Todd McKinnon and Frederic Kerrest. It's based in San Francisco, Calif.
Vectra provides automated threat management to discover attackers inside corporate networks. It's powered by behavioral models that are always learning, and issue alerts about threats before they cause extensive damage.
Vectra analyzes network traffic to learn more about activity on all devices, the company explains. Its automated tool eliminates manual threat hunting with the goal of bringing relevant information straight to users.
Vectra Networks was founded in 2011 by Mark Abene and James Harlacher. It's headquartered in San Jose, Calif.
CloudFlare routes Web traffic through its global network for faster page-loading and better performance, according to the Web performance and security company. Its security mandate is to blocks threats and limit abusive bots from wasting bandwidth and resources.
If you have a website and your own domain, you can use CloudFlare regardless of platform choice. Its core service is free of charge, and it offers enhanced services for websites that need additional features like real-time reporting or SSL.
CloudFlare was founded in 2009 by Matthew Prince, Lee Holloway, and Michelle Zatlyn. It's headquartered in San Francisco, Calif.
Kaspersky Lab's enterprise defense lineup includes antivirus, anti-malware, and anti-APT technologies. The organization has one of the world's leading security research groups, which is one reason why we have our eye on it. About one-third of Kaspersky's employees are R&D specialists.
Endpoint security is a core focus at Kaspersky, especially for small- to midsized businesses. However, it anticipates its main growth driver will be the non-endpoint security segment of the enterprise market as customer needs change along with trends in cybercrime.
Kaspersky Lab North America was founded in 2004 and is headquartered in Woburn, Mass. Kaspersky's global headquarters is in Moscow, Russia.
IOActive analyzes software/hardware architecture, information systems, and source code using security frameworks, information risk management, and focused threat models.
Crawford notes IOActive has a growing focus on IoT security, especially connected cars, making it an interesting company to watch as these areas continue to evolve. Not all IT solutions can be purposed to handle IoT security, he says. IOActive has a strong team of security researchers and is exploring the challenges of the IoT space.
IOActive was founded in 1998 by Joshua Pennell and is based in Seattle, Wash.
Deep Instict was the first company to apply deep learning to cybersecurity. Its focus on artificial intelligence and security makes Deep Instinct a key company to watch. Its research could prove valuable in solving problems and reducing organization's dependence on human security experts, Crawford says. Given that businesses are suffering from a cybersecurity skill shortage, that's a big plus.
Deep Instinct was founded in 2014 and has headquarters in San Francisco, Calif. and Tel Aviv, Israel.
Intel acquired McAfee in 2010 and recently spun out the company in partnership with TPG. This will cause Intel's security strategy to undergo major change, says Crawford. The spinout means Intel will turn its focus back to its core processor business, where security pros have been anticipating it will capitalize on acquisitions like that of Wind River.
Crawford anticipates McAfee will continue to compete with major security vendors, but it remains to be seen what will become of Intel and McAfee initatives in the years to come.
Intel was founded in 1968 by Robert Noyce and Gordon Moore, and is headquartered in Santa Clara, Calif. It acquired McAfee in 2010.
Bay Dynamics is focused on security and risk management. It aims to leverage businesses' existing security investments to provide a cyber-risk analytics platform for insight into an organization's actual risk.
Bay Dynamics was founded in 2001 by Feris Rifai and Ryan Stolte. It's based in San Francisco, Calif., and New York, N.Y.
Cymmetria is focused on cyber deception, a new category of technology used to deceive cybercriminals so they are the ones left vulnerable in a cyberattack.
The company's MazeRunner tool creates realistic environments to look for attackers. It intercepts cybercriminals when they have no knowledge of the corporate network, and leads them to a specific location. When they believe the target is real, hackers are revealed and their tools are taken away. Deception elements are created through virtualization and are designed to have a minimal impact on the business.
Cymmetria was founded in 2014 by Gadi Evron, Dean Sysman, Imri Goldberg, and Irene Abezgauz. It's headquartered in Tel Aviv, Israel.
Symantec and Blue Coat officially merged in August 2016. Symantec was a seasoned member of the security industry, particularly with its focus on endpoint security, and the acquisition of Blue Coat gives it a leg up in the cloud security space, says Crawford.
It's an interesting alignment, he continues, because Blue Coat has a distinct vantage point in terms of visibility into cloud resources. As more businesses adopt cloud services and security threats become more complex, Symantec/Blue Coat will be a key entity to watch.
Symantec was founded in 1982 by Gary Hendrix and is based in Mountain View, Calif. Blue Coat was founded in 1996 and was based in Sunnyvale, Calif.
Accenture acquired FusionX in August 2015 to help clients evaluate and respond to advanced cyberthreats. The merger brought together an older systems integrator with a new company focused on penetration testing and architecture auditing.
It will be interesting to see how joining with FusionX affects Accenture's approach to security. FusionX's expertise in pinpointing security flaws, along with Accenture's portfolio of security and operations offerings, could help clients discover and defend against increasingly complex cyberthreats. Most recently, Accenture expanded its IR efforts via FusionX.
Accenture was founded in 1989 and is based in Dublin, Ireland. FusionX was founded in 2010 and headquartered in Arlington, Va.
Onapsis was among the first vendors to address the issue of security in SAP, a platform core to many large businesses. It's working to change how organizations protect apps that handle critical data and processes with a tool that employs a preventative and corrective approach to secure SAP systems and apps.
"It's a neglected area of security," says Crawford. "And yet, if you ask organizations what they consider their crown jewels, most of that information is managed in ERP systems like SAP and Oracle Business Suite."
Onapsis was founded by Mariano Nunez and Victor Hugo Montero in 2009. It's based in Boston, Mass.
Lookout Security was founded on a mobile-first, cloud-first approach to cybersecurity. Its predictive mobile security tool leverages a network of 100 million mobile sensors, which provide increasingly precise threat data as more are connected.
Lookout also employs machine intelligence for threat detection because it gets smarter over time as it works with more data. Its mobile-first approach will become more critical for businesses as mobile devices become the primary devices for both work and personal use.
Lookout was founded in 2009 by John Hering and Kevin Mahaffey. It's based in San Francisco, Calif.
White Ops aims to prevent digital advertisement fraud and ad bots in the digital advertising space. It focuses on detecting and preventing advanced bot and malware fraud. White Ops differentiates between human and robotic interaction within enterprise business networks, online advertising and publishing, e-commerce transactions, and financial systems.
White Ops was founded in 2013 by Michael Tiffany, Dan Kaminsky, and Tamer Hassan. It's headquartered in New York, NY.
White Ops aims to prevent digital advertisement fraud and ad bots in the digital advertising space. It focuses on detecting and preventing advanced bot and malware fraud. White Ops differentiates between human and robotic interaction within enterprise business networks, online advertising and publishing, e-commerce transactions, and financial systems.
White Ops was founded in 2013 by Michael Tiffany, Dan Kaminsky, and Tamer Hassan. It's headquartered in New York, NY.
{EDITOR'S NOTE: This story has been updated to clarify that this list encompasses both emerging and established security companies.}
As cyberattacks become more complex and dangerous, security pros will be on the hunt for new technologies to protect their networks and information.
A wave of emerging and established security companies are bringing next-generation security technologies to enterprise users. These organizations have captured the industry's attention and are generating a lot of interest within the security community.
Their technologies span all aspects of the modern cybersecurity space, from mobile app security to cloud security. Their tools are aimed at helping organizations spot previously unknown cyber threats, detect attacks in real-time, and mitigate damage as soon as possible.
There are three key themes driving the cybersecurity market, says Scott Crawford, research director of the Information Security practice at 451 Research. They are: new approaches to endpoint threat prevention, security analytics, and the continued transition to the cloud.
These three trends will have a broader affect on the types of technologies offered by security vendors, as well as the tools businesses will implement and use to protect themselves from attack.
Here are some of these security companies and the technologies they offer. Some of these businesses are fairly new, but all are established and building interesting, game-changing technologies. This list is not scientific and by no means comprehensive; it's simply a sampling of vendors to watch.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024