Updated: Mar 23
I have never done this before; I have always tried to stay away from making lists and naming companies etc.… however, always during Q&A and live feeds I am asked about what new technologies or companies I am excited about. These questions led me to put this blog post up and make the video you may or may not have seen yet. If you want to watch the video click here
I will share the ground rules to making this list by saying the following:
1. None of these companies paid to be included in this list, neither directly nor indirectly. This is my simple and humble opinion as a practitioner.
2. In the process of creating this list, I went through 30-35 companies and went through several demos from a diverse group of startups.
3. The list is geared towards enterprise sized security teams.
4. You don’t have to agree with me and that’s ok, in fact I hope these solutions spark debate and helps us avoid buzzwords and pay to play.
I selected these companies based on each of these criteria’s below:
1. Product idea
2. Severity of the problem they solve
3. Leadership team & its experience
4. Time in market
5. Market potential and size
The order of the companies listed below isn’t based on anything and they are randomly listed, it doesn’t mean one is better than the other, in fact each of these startups don’t compete with the other and are in different disciplines of cybersecurity.
I focused on some critical areas to me within the practice of cybersecurity like IAM, vulnerability management and patching, API security and APPSec.
1. Transmit Security: https://www.transmitsecurity.com/
Those who watch my podcast know how much I believe that threat actors are after identity and that identity is the new endpoint. The team at Transmit Security is building a multi-use CIAM product that goes beyond the traditional active directory. They are building an A-to-Z CIAM dashboard that helps manage identities and their behavior across all platforms.
They are the definition of a unicorn after raising over $700 Million in the latest round. I think it’s safe to say investors, customers and industry see them as the next real threat to the traditional identity providers and the future of the industry.
Why I like them: it’s simple, a smart group of people building a product by thinking of every challenge, blind spot, and inefficiency in managing identities for the CIO, CISO and IT teams, helpdesk and more by providing a real solution to it. The product still needs more maturity but overall, I see them becoming the industry standard very quickly.
2. Arnica: https://www.arnica.io/
The recent trends of cybersecurity events show the threat across the software supply chain. These attacks have shown how threat actors target development teams. This also happens to be where most practitioners encounter the most resistance in deploying security products that are effective in addressing the security challenges within the SLDC. The founders at Arnica are former practitioners & understood this issue on their own, therefore they built a product to address the entire software supply chain without having to slow down development.
This is truly an A-to-Z solution for the development side of the house. The latest Whitehouse National Cybersecurity strategy talks about the need to secure the entire software supply chain and the responsibilities by the companies behind the software to secure the whole process and lifecycle. With this standard coming to place this product would be a leader to solve this requirement for companies.
What I like: Having implemented security tools within the devops, application and engineering teams, you need something that’s seamless and doesn’t slow down the development team, a product that supports the teams and doesn’t set them back and that’s what Arnica does today.
3. Cloud Defense: https://www.clouddefense.io/
Can cloud security and data security be in separate silos? the answer is a resounding no
Many practitioners myself included want one platform that can do everything since data is stored in the cloud and you need both to be managed at the same time. The platform is in Beta, but the current delivery integrates cloud and data security and gives the visibility, and security you need to manage what three or four other tools give you. The team behind it has years of experience in this space and the more you learn about the platform and its direction the more you love it.
What I like: Simple to use and easy to manage, Clouddefense is a great tool to identify risks and vulnerabilities across your entire cloud infrastructure, manage and govern your data effectively. Another use case is to comply with GDPR and CCPA requests and ensuring you are dotting all your I’s and crossing all your T’s.
4. Wib: https://wib.com/
Our current state of the tech world is driven by API’s and we know that since so many organizations use them, threat actors spend a lot of time and resources targeting them. Managing, monitoring, and testing API’s is a tough job and often disjointed by several teams. The team at Wib is building an end-to-end API management tool that includes the entire API lifecycle within one platform. This elevates the responsibility and the effectiveness of writing and deploying APIs.
What I like: One tool to pen test, deploy, monitor, and manage my APIs. Security Engineering, API engineering and development team are using the same tool and all on the same page. This streamlines the entire cycle and helps speedup business and give everyone what they need.
5. Automox: https://www.automox.com/
The Achilles heel of every security program starts at vulnerability management and patching and here comes Automox with the right combination of automation for patching to help fill serious gaps that many security programs struggle with.
Is it perfect? No
It addresses most endpoints and helps reduce risk across a more complex SaaS eco system. It can automate and eliminate a lot of the small patches across the entire org and replaces many tools used in the current tech stack for this that create a disjointed and disheveled process and puts them under one simple tool to manage it all.
What I like: Orchestration is a theme for me, I want one tool that can help reduce m most common risks when it pertains to vulnerability management and patching and this tool does it. I hire and work with smart people so they can do smart work and Automox helps them solve the more complex challenges while streamlining simplicity.
It was hard to boil down 35 companies to 5. Every company I researched and checked out was passionate, excited, and motivated to make the life of cybersecurity practitioners better. I ended up picking these 5 based on my opinion. I could have honestly picked 10 or 15. I may reserve the right to come back and update this list later or create another one in the future.
Again, none of these companies paid anything or sponsored anything to be in the list.
I simply wanted to put something together for my peers. Your feedback is welcome to this list. Comment below, send an email or let your voice be heard.
You can checkout cyberhubpodcast.com for the latest and tune in daily Monday through Thursday for the latest #cybernews live at 9am EST on Linkedin, Youtube, Twitter, Twitch and Facebook and catch our weekly episodes of CISO Talk on your favorite podcast listening platform.