The security industry is crowded with vendors offering a bewildering array of technologies to help enterprises address their constantly evolving security challenges.
One estimate, from 2018, pegged the number of active security vendors at around 1,200. And Web-based research platform CyberDB says it has a list of over 3,500 cybersecurity vendors — in the US alone.
Regardless of what the true number might be, it's clear that organizations have no dearth of choices when it comes to finding a vendor — or technology — to address their specific security requirements. Unlike many other sectors where a handful of companies dominate the market, the cybersecurity landscape has continued to spawn new companies and attract new investments at an unrelenting pace.
Even in 2020, when despite all the disruptions caused by the global COVID-19 pandemic, investors poured a record $7.8 billion into the cybersecurity industry globally, according to Crunchbase. That number represents a ninefold increase over 2011. In 2020 six companies achieved cybersecurity unicorn status — meaning they had a market valuation of over $1 billion. So far in 2021, nine companies already have achieved that status.
Here is a sampling of 11 vendors to watch this year — noteworthy because of the news they made, the dollars they raised, the technologies they offer, or the executives behind them. (Note: This list is not meant to be exhaustive or a top list of vendors in any category.)
Focus: Cloud security
Funding: Over $300 million
Orca helps organizations detect and defend against security risks in the cloud. The startup's secret sauce is a so-called SideScanning technology that uses a cloud provider's process snapshots — or read-only data — to assess risks to enterprise data. The company describes its technology as having zero impact on production workloads and being very different from tools that rely on data gathered from agents and network scanners to assess cloud security risks.
Orca has attracted massive investor attention since its launch. The company achieved unicorn status earlier this year with a massive $210 million Series C funding round in March, led by CapitalG, Google parent Alphabet's venture division. The company has so far raised a staggering $300 million in combined funding. Among the growing list of organizations using Orca to scan cloud environments for malware, vulnerabilities, misconfigurations, and other risks are Robinhood, Live Oak Bank, BeyondTrust, and Databricks.
"Orca has come to market with the perspective of offering numerous cloud security features with minimal impact or disruption to how teams work," says Fernando Montenegro, an analyst with S&P Global Market Intelligence. "It does this by a combination of techniques, including use of snapshots and by performing deeper analytics to derive context for security alerts."
Image: Orca Security
Funding: $332 million
Analysts consider Cato Networks to be among the leaders in the rapidly growing market for so-called Secure Access Service Edge (SASE) technologies, which integrate security capabilities such as cloud access security brokers (CASB), firewalls, virtual private networks (VPNs), and secure Web gateways into the wide area network itself. The broad adoption of remote and hybrid work environments because of the COVID-19 pandemic has heightened focus on SASE as an alternative to current approaches that rely on point products to protect widely distributed network endpoints and data. Gartner, which coined the term in 2019, describes SASE as a new packet of technologies designed to "support the dynamic secure access needs of organizations" using real-time context and security policies.
Cato positions its technologies as having a variety of use cases, including migrating from Multiprotocol Label Switching (MPLS) architectures to software-defined WAN, supporting work-from-home requirements, optimizing global network connectivity, and securing branch Internet access. Last November the Tel-Aviv-based company raised $130 million in an investment round led by Lightspeed Venture Partner. Cato Networks has raised over $330 million and is valued at over $1 billion.
Cato saw the opportunity for integrating security functionality with wide area networking before most other vendors, says Scott Crawford, an analyst with S&P Global Market Intelligence.
"Security architectures have historically depended on deploying in a traditional legacy setting within brick-and-mortar enterprise facilities," Crawford says "That same level of visibility and control may be challenging to maintain when workers and distributed locations are far removed from networks under direct enterprise control."
This has now become an even more significant issue with the broad shift toward work-from-anywhere, he says. The fact that Cato was founded by Shlomo Kramer — who also helped found Check Point and Imperva — gave Cato early recognition and positioning against incumbents such as Zscaler, Crawford adds.
Image: Cato Networks
Focus: Managed detection and response
Funding: $125 million
Red Canary is among the pioneers in the rapidly growing market for managed detection and response services. The company offers a range of services designed to help security operations teams detect and respond to threats at the endpoint, on the network, and in the cloud. Market research firm IndustryArc expects that demand for such services will grow at nearly 17% annually to reach $2.2 billion by 2025. Much of the momentum is being driven by organizations faced with a shortage of cybersecurity professionals and growing instances of cyberattacks.
In February, Red Canary secured $81 million in a Series C funding round, led by Summit Partners, which it will invest in product and team expansion efforts. Since its launch, the company has raised over $125 million from various investors.
"[Red Canary is] one of the original players in Managed Detection & Response (MDR)," says Scott Crawford, research director at S&P Global Market Intelligence.
The company entered the space when EDR was relatively new and few organizations had much experience dealing with the technology.
"Red Canary was among the first to make this into its own domain of services," adds Crawford, who expects Red Canary to continue to be a recognized player in the field as endpoint detection and response (EDR) technologies give way to more extended threat detection and response (XDR) capabilities in the next few years.
Image: Red Canary
Focus: SaaS application security
Funding: $53 million
The growing adoption of software-as-a-service (SaaS) apps in recent years — especially since the global COVID-19 outbreak — has heightened cyber-risks, such as those tied to misconfigurations, vulnerabilities, and inadvertent data leaks, for many organizations. AppOmni offers organizations technology for securely configuring, locking down, and monitoring enterprise data in SaaS environments such as Microsoft 365, Salesforce, ServiceNow, Slack, Github, and Box.
AppOmni was founded by Brendan O'Connor, a security veteran with previous stints as security CTO at ServiceNow and CSO at Salesforce, and by Brian Soby, previously partner at Freefly Security and director of security at Taulia. In April, AppOmni closed a $40 million Series B funding round, bringing to $53 million the total it has raised from investors so far. Its backers include the investment arms of organizations such as Salesforce and ServiceNow.
"SaaS apps can be quite complex, with a high number of settings that can be easily misconfigured," says Garrett Bekker, an analyst with S&P Global Market Intelligence. "AppOmni essentially does for SaaS apps what cloud security posture management (CSPM) did for public cloud environments – namely, prevent misconfigurations that unintentionally leave sensitive data exposed via continuous monitoring, detection, and compliance audits and reporting," he says.
Focus: Deep learning-enabled threat detection and response
Funding: $200 million
Deep Instinct has positioned itself as a vendor whose technology can help organizations predict, prevent, and analyze cyberthreats using an approach known as deep learning. Deep learning, according to the company, basically involves feeding a powerful computing system with millions of benign and malicious files, including macros and scripts, until the system autonomously learns to distinguish malicious code from benign code. Deep Instinct says its technology can help detect and respond to threats that other vendors cannot find. Use cases for the company's predictive threat platform include ransomware protection — backed by a $3 million warranty — endpoint security, mobile security, and automated threat analysis.
Deep Instinct has secured some $200 million in investments so far. Most recently it closed on a $100 million Series D funding round designed to fuel the company's growth.
Omdia's Eric Parizo says Deep Instinct is among several companies that have emerged from academic organizations.
"There are perhaps half a dozen universities around the world that have strong AI/ML departments with expertise in deep learning, and each of them has spawned a team in the market," he says. "Google has acquired one of them, Microsoft another, and this company is the result of the academic research in Israel."
The company is the first to apply deep learning to cybersecurity, though others such as Darktrace appear to now be doing the same thing, Parizo says.
Image: Deep Instinct
Focus: Cloud-native security tools
Funding: $265 million
Aqua Security's tools are designed to help organizations protect their cloud-native application stack across virtual machines (VMs), containers, Kubernetes, serverless, and hybrid cloud environments. Use cases for the technology include automation of DevSecOps, container security for cloud native apps, compliance, and enabling migration to hybrid and multicloud environments.
Analysts expect demand for technologies like these, which help organizations secure cloud-native apps during development, preproduction, and run-time, to increase as organizations shift more of their workload to the cloud. Accenture, for example, views cloud-native architectures as "the future of application development," with 2021 being the year when the cloud-native market will mature and consolidate.
Aqua cites several leading companies as its customers, including PayPal, Adobe, Nasdaq, NCR, and Microsoft. The company has secured a total of $265 million via multiple funding rounds, including one in March where it raised $135 million in Series E funding at a $1 billion valuation.
Aqua delivers security technology for the more modern cloud workload formats, such as container and serverless, says Omdia's Parizo.
"Competitor TwistLock was acquired by Palo Alto, heralding an era of large vendor competition [for Aqua]," Parizo says. "Nonetheless, Aqua seems to be holding its own."
Image: Aqua Security
Focus: Industrial cybersecurity
Funding: $158 million
Dragos is one of the pioneers in industrial cybersecurity. The company's technology is designed to help organizations in critical infrastructure sectors protect ICS/OT environments against cyberthreats. In addition, the company provides threat intelligence services that proactively warn organizations of new ICS/OT threats and guidance on how to combat them.
Multiple factors have heightened the need for such technology. One of them is the increasingly interconnected nature of once-isolated industrial control systems. The other is the growing targeting of these ICS networks by ransomware operators and nation-stated backed groups intent on sabotage and cyber-espionage. MarketsandMarkets research has pegged demand for ICS security technologies to grow from $15.8 billion in 2020 to $22.2 billion by 2025.
Dragos customers include six of the top 10 largest oil and gas companies in North America, Europe, and the Middle East and nine out of the 10 largest electric utilities in the same region. Last December the company secured $110 million in Series C funding from investors representing some of the largest companies in the energy, oil, gas, and manufacturing sector.
Scott Crawford, an analyst with S&P Global Market Intelligence, described Dragos as an early recognized player in the realm of OT and industrial IoT.
"[Founder] Robert Lee and his colleagues are respected practitioners with strong experience in this field, often early with analysis of ICS threats," he says. "They have developed a platform for visibility and management of security for these environments and continue to be recognized in this field.
Focus: Managed threat prevention service
Funding: $23 million
Trinity Cyber's technology — offered as a managed security service — is essentially an intrusion prevention system on steroids. It operates as a bidirectional man-in-the-middle proxy between an organization's network and the Internet. It works by inspecting incoming and outbound traffic for signs of malicious activity and offers organizations multiple options for responding to detected threats. For example, in addition to simply blocking malicious files, the service allows organizations to alter or replace them to impede adversaries or to fool them into thinking an attack is working.
Trinity's founder, Steve Ryan, is a former deputy director of the NSA's Threat Operations Center. Tom Bossert — former US Homeland Security advisor to the White House in the Trump administration and co-author of the "2007 National Strategy for Homeland Security" — is president of the startup. The company secured $23 million in a funding round led by Intel Capital in 2019. In September 2020, Gartner listed Trinity as a "cool vendor" in the network and endpoint security space for the way in which the company's managed service "sanitizes traffic in flight."
"Seemingly a hybrid between a scrubbing service and a 'man in the middle,' Trinity Cyber provides an internet-based service where network traffic invisibly transits high-throughput data centers where malicious content is actively replaced with benign content from full bidirectional network sessions," Gartner said.
Because the service only inspects traffic traversing the internal network boundary and the Internet, it is not a fit for use cases such as detecting insider threats or lateral movement, the analyst firm noted.
Image: Trinity Cyber
Focus: Identity in multicloud environments
Funding: $11 million
Organizations that have applications on different clouds, such as Amazon Web Services, Microsoft Azure, and Google Cloud often have a hard time managing identities across the different environments because each vendor has its own identity management system. The problem is exacerbated for organizations that also have to manage on-premises legacy applications. Strata Identity offers technology designed to address the issue.
According to the vendor, its Maverics technology is an abstraction layer that integrates multiple identity management systems in such a way that different policies and APIs work as one. Organizations can use the technology to orchestrate identities and access management for apps residing on multiple clouds or on-premises systems. The company says its technology allows companies to mix and match identity systems without having to rewrite apps or replace systems.
Strata has so far raised $11 million via a Series A funding round led by Menlo Partners. The company's three founders — Eric Olden, Topher Marie, and Erich Leah — are all veterans in the enterprise identity, management space. Olden, a former senior vice president and general manager at Oracle co-authored the SAML identity standard. Marie, also a former Oracle executive, was co-founder of JumpStart, an identity management company. Leah had an identity management role at multiple companies, including Oracle and Salesforce.
Gartner last year named Strata a "cool vendor" in the identity management space for giving organizations a way to lift-and-shift legacy apps to the cloud with minimal application re-engineering.
"Although many applications are now cloud-native, moving legacy to the cloud can present challenges," Gartner said, "The identity models expected by legacy are not necessarily those that are native to the cloud," so technologies such as Strata's are highly desirable, the analyst firm noted.
Focus: AI-powered threat detection and response
Funding: $230 million
U.K-based Darktrace is among the first vendors to apply artificial intelligence (AI) and machine learning (ML) approaches to detect and respond to cyberthreats across enterprise network, cloud, e-mail, and endpoint environments. The company has described its products as using unsupervised ML to essentially baseline normal behavior for every user and device in an organization and to monitor for anomalies potentially indicative of a cyberthreat.
Darktrace's technology portfolio includes an AI-enabled product for detecting known and unknown threats on enterprise and industrial networks, an autonomous response technology designed to respond to in-progress attacks, and an AI-powered investigative tool designed to automatically triage, interpret, and report on security incidents.
Darktrace, which says it has 4,700 enterprise customers, went public earlier this year with an IPO on the London Stock Exchange; it currently has a market cap of around $2.3 billion.
Omdia's Parizo says Darktrace stole a march on rivals by being among the first to employ AI/ML models to threat detection and response. The company has beefed up its response capabilities in recent years with its Antigena autonomous response technology for enterprise, SaaS, and email environments, Parizo says.
"Darktrace is said to be stronger in the midmarket than in high-end enterprises," he says. "Competitors such as Vectra and others have been catching up," he adds.
Focus: Cybersecurity asset management
Funding: $195 million
Axonius offers technology designed to let organizations inventory their assets, gain context on any device, identify gaps in security coverage, and automatically enforce policies on assets that don't adhere to enterprise security policies. Analysts have long considered such capabilities essential to good cybersecurity. But the growing complexity of IT networks and the widely distributed nature of enterprise assets — especially since the COVID-19 pandemic forced a shift to remote work — has heightened the need for cybersecurity asset management
Though it operates in a field that is by no means new, Axonius has managed to attract considerable investor attention. In March the company announced a $100 million Series D funding round at a unicorn valuation of more than $1 billion. That round was preceded by another investment of $58 million from multiple investors. Axonius has so far raised close to $200 million via multiple funding rounds.
Gartner last year put Axonius in its list of "cool vendors" in the security operations space for its innovative approach to helping organizations address cybersecurity asset management challenges. The technology is deployed as a virtual appliance in the cloud or on-premises and requires no agents to do asset discovery
"It integrates with over 270 vendor products to ingest, consolidate, normalize, and rationalize asset management inventories across products," Gartner said. "Axonius provides dashboard reports and Boolean-based query tools to help information security teams assess security coverage."
Image: AxoniusJai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio