Slide Show: 20 Security Startups To Watch
Cloud security, mobile security, advanced behavioral detection, and a few other surprises mark this latest crop of newcomers
February 1, 2014
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc94608acf452fd67/655cf371ab171e040a838b2a/329050_DR23_Graphics_Website_V5_Default_Image_v1.png?width=700&auto=webp&quality=80&disable=upscale)
It's boom times for security startups as experienced researchers, security entrepreneurs, and other industry players try to cash in while helping enterprises deal with the next generation of threats. With technology addressing everything from cloud and mobile security to advanced threat detection, this latest class of startups shows promise in offering a spate of new development in the year to come.
Bluebox
Founded: 2012
What it does: Mobile security
VC backing: $18M Series B in January 2014, $9.5M Series A in July 2012
Noteworthy players: Caleb Sima (CEO), Adam Ely (COO)
Still working in stealth mode, Bluebox just picked up another sizable chunk of change to continue its work developing technology to support enterprise data on employee-owned devices. As of right now, the company is still head-down, though it does have a nominal place in the market with a free security scanner in the Android app store that looks for a flaw its researchers disclosed last July that allow for APK code mods that could make it possible to turn legitimate apps malicious.
TaaSERA
Founded: 2011
What it does: Advanced malware behavior detection
VC backing: $4M in November 2013
Noteworthy players: Scott Hartz (CEO)
Spun out of a $10 million, five-year Army research project, TaaSERA's patented behavior detection engine is designed to detect malware infections by looking at network transaction sequences and picking up red flags that couldn't be detected by traditional IDS/IPS.
Risk I/O
Founded: 2011
What it does: Vulnerability threat intelligence
VC backing: $1M in venture round in February 11, $5.25M in Series A in November 2012
Noteworthy players: Ed Bellis (CEO)
Serving as a sort of big data repository for vulnerability information, Risk I/O aggregates vulnerability scan data alongside external feeds that offer attack data, threat data, and exploit data from across the Internet to prioritize vulnerabilities based on up-to-the-minute threat trends. The special sauce for the firm is its streamlined dashboard with easy-to-decipher charts and threat scores.
Trustlook
Founded: 2013
What it does: Mobile security
Noteworthy players: Allan Zhang (CTO)
Founded to fill the gap between mobile innovation and mobile security development, Trustlook is working on a next-gen platform for mobile malware APT protection. The fledgling startup has set its sights on detecting malware through deep application analysis of static and behavioral application data. The idea is to offer enterprises an engine to filter out high-risk applications from ever being deployed in the corporate environment.
Skyfence
Founded: 2012
What it does: Cloud security gateway
VC backing: $3.2 million in venture funds to date
Noteworthy players: Ofer Hendler (CEO), Michael Kantarovich (VP, R&D)
With founding and investing pedigree coming with experience from companies such as Imperva and Websense, Skyfence has focused its efforts on providing a cloud security gateway that will give enterprises better visibility and control over how users interact with all of their various SaaS applications in the corporate environment.
Aorato
Founded: 2012
What it does: Directory Services Application Firewall
VC backing: $1M Series A in January 2013, $10M Series B in January 2014
Noteworthy players: Michael Dolinsky (VP, R&D)
With so many breaches and security exposures today resulting from the compromise of user, device, and server accounts, Aorato's play cuts to the heart of the matter. Its introduction of a Directory Services Application Firewall (DAF) is meant to help enterprises protect Active Directory by learning, profiling and predicting account behavior in order to detect suspicious activity.
Confer
Founded: 2014
What it does: Threat detection
VC backing: $8M Series A in January 2014
After an incubation phase of two years under the direction of North Bridge Venture Partners, Confer hopes to bring to the market a sensor-based endpoint and server threat detection platform. In addition to behavioral detection, Confer hopes to leverage community-based, anonymized intelligence as it grows its network of customers.
White Ops
Founded: 2013
What it does: Advertising bot protection
VC backing: $5 million in venture round funding in November 2013
Noteworthy players: Michael Tiffany (CEO), Dan Kaminsky (chief scientist), Tamer Hassan (CTO)
Founded by heavy hitters in the security and big data analytics space, White Ops is targeting the bot-enabled click fraud plaguing the $36-billion-a-year online advertising market. Using side channel analysis to look at thousands of variables in the signals leaked during user sessions that make up click activity, the firm hopes to give advertisers something better than the traditional anomaly detection it uses today, which is highly dependent on historical, static data.
Mojave Networks
Founded: 2011
What it does: Cloud-based mobile security
VC backing: $5 million in venture round funding in November 2013
With a mix of leaders from the U.S. telco market and the security market, Mojave Networks built a cloud-based mobile platform designed to help organizations not only protect devices, but also apps and networks from mobile threats. Mojave's network security analyzer looks at data from the network, apps, and devices to spot malware, malicious apps, phishing attempts, and APTs. Meanwhile, its app security functionality offers better control over the corporate app ecosystem.
Pindrop Security
Founded: 2011
What it does: Phone-based fraud protection
VC backing: $1M seed funding in May 2012, $11M Series A funding in June 2013
Noteworthy players: Vijay Balasubramaniyan (CEO), Paul Judge (Executive Chairman)
http://www.pindropsecurity.com
Pindrop's cutting-edge technology takes into account audio analysis, caller ID, call path, and geographic information to help detect fraudulent calls into corporate call centers that can add up to millions of dollars in losses for enterprises.
Agari
Founded: 2010
What it does: Email threat protection
VC backing: $2.5M Series A in November 2011, $5M in venture round funding in February 2013
Noteworthy players: Patrick Peterson (CEO)
With heavy-hitting early customers such as JP Morgan Chase, PayPal, Facebook, Netflix, and LinkedIn on board, Agari helps big brands protect their reputations and consumers from fraud by helping them push out DMARC policies. It also analyzes billions of emails a day to help prevent rogue actors sending fraudulent email on a company's behalf.
Appthority
Founded: 2011
What it does: App risk management
VC backing: $6.25M Series A in May 2012
Noteworthy players: Anthony Bettini (CTO)
Appthority hopes to hand enterprises the power to take better control of their mobile app infrastructure by providing technology that uses static, dynamic, and behavioral analysis to ferret out hidden app behavior. Its tech then gives customers the ability to set custom policies that prevent unwanted app behavior.
Nok Nok Labs
Founded: 2011
What it does: Web authentication
VC backing: $15M Series A in February 2013, $4M in debt financing in June 2013
Noteworthy Players: Phillip Dunkelberger (President/CEO)
With authentication and encryption experts hailing from PGP, Netscape, and PayPal, Nok Nok Labs wants to give two-factor authentication a face-lift with a new unified platform designed to bring together the disparate array of today's authentication silos. By doing so, users can use the Internet-connected devices that work for them in order to prove their identities for online transactions.
Mobile System 7
Founded: 2011
What it does: Mobile security
This mobile platform is designed to deliver persistent monitoring of mobile devices without endpoint agents. It also feeds security with intelligence about mobile events, such as when unknown and suspicious apps are downloaded, when OS vulnerabilities are undermining device security, and how devices are accessing sensitive data.
ZanttZ
Founded: 2010
What it does: Threat detection and mitigation
Noteworthy players: Mike Lyons (CEO)
With a management team made up of former executives everywhere from Cisco and Symantec to EDS and DISA, Zanttz is working on next-generation threat detection and mitigation that takes advantage of software-defined networking and virtualization. The technology it is building is based on more than five years of government-funded research that has already yielded tech deployed in the U.S. DoD, and Department of Homeland Security.
PerspecSys
Founded: 2009
What it does: Cloud data control
VC backing: $8M Series A in May 2011, $12M Series B in May 2013
Noteworthy players: Mike Morrissey (CTO)
PerspecSys is trying to help enterprises balance the convenience of cloud deployments with its duty to secure data potentially pawned off into cloud systems. Its technology gives customers better visibility into how cloud applications are being used, and then enables them to set policies that will encrypt or mask sensitive data before it leaves corporate boundaries.
Cylance
Founded: 2012
What it does: Advanced threat detection
VC backing: $15M Series A in February 2013
Noteworthy players: Stuart McClure (CEO/President)
Using a machine-learning methodology that combs through files, applications, executables, services, drivers libraries, and other important factors and crunching relevant data through a predictive modeling algorithm, Cylance hopes to take APT detection to the next level. Its key goal is to help enterprises solve the problem of "greylist" threats occupying the gap between the known good and known bad.
Defense.Net
Founded: 2012
What it does: DDoS mitigation
VC backing: $9.5M Series A in August 2013
Noteworthy players: Barrett Lyon (CTO)
Founded by one of the first guys responsible for creating the distributed denial-of-service (DDoS) attack mitigation niche, Defense.Net has come up with a new cloud-based service that it claims can offer 10 times the defense bandwidth per customer than the rest of the market can offer.
Wickr
Founded: 2012
What it does: Ephemeral messaging and private communications
Designed to help everyday Joes protect their mobile communications, Wickr's Android and iOS apps offer a free means to encrypt text, picture, audio, and video messages with military-grade tech. The app gives the sender the control to decide who can read a message, where, and for how long. It also offers privacy, anonymity, and secure file shredding.
Shape Security
Founded:2011
What it does:Web security
VC backing:$6M Series A in April 2012, $20M Series B in January 2013
Noteworthy players:Shuman Ghosemajumder (VP of strategy)
Shape security hopes to reinvent Web security by inverting the concept of code polymorphism and using it against malware. The idea is to using polymorphism in real time on websites, so that sites are constantly rewriting their code while preserving Web app functionality, making them moving targets to thwart attackers, who count on their usual static nature to pick them apart at will.
Shape Security
Founded:2011
What it does:Web security
VC backing:$6M Series A in April 2012, $20M Series B in January 2013
Noteworthy players:Shuman Ghosemajumder (VP of strategy)
Shape security hopes to reinvent Web security by inverting the concept of code polymorphism and using it against malware. The idea is to using polymorphism in real time on websites, so that sites are constantly rewriting their code while preserving Web app functionality, making them moving targets to thwart attackers, who count on their usual static nature to pick them apart at will.
Shape Security
Founded:2011
What it does:Web security
VC backing:$6M Series A in April 2012, $20M Series B in January 2013
Noteworthy players:Shuman Ghosemajumder (VP of strategy)
Shape security hopes to reinvent Web security by inverting the concept of code polymorphism and using it against malware. The idea is to using polymorphism in real time on websites, so that sites are constantly rewriting their code while preserving Web app functionality, making them moving targets to thwart attackers, who count on their usual static nature to pick them apart at will.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024