April 16, 2024

The issues cybersecurity startups try to unravel are sometimes a bit forward of the mainstream. They’ll transfer sooner than most established corporations to fill gaps or rising wants. Startups can usually modern sooner as a result of they’re unfettered by an put in base.

The draw back, in fact, is that startups usually lack assets and maturity. It’s a threat for a corporation to decide to a startup’s product or platform, and it requires a completely different type of buyer/vendor relationship. The rewards, nevertheless, will be enormous if it provides that firm a aggressive benefit or reduces stress on safety assets.

The distributors beneath characterize among the most fascinating startups (outlined right here as an organization based or rising from stealth mode prior to now two years).

[Editor’s note: This article, originally published November 11, 2022, is periodically updated as new startups emerge.]


Based in 2021, Akto focuses on API safety. The corporate claims its platform, run domestically or within the cloud, discovers and checks inner, exterior, and third-party APIs. It then finds vulnerabilities shortly throughout runtime. It helps key API knowledge sources reminiscent of AWS, Google Cloud, and Kubernetes. The platform will be deployed in a couple of minute, based on Akto.


The Binarly SaaS Analytics Platform is designed to seek out safety flaws on the {hardware} and firmware degree. It does so via what the corporate calls “deep-code inspection expertise on the binary degree.” The platform identifies, assesses, and prioritizes potential issues by inspecting gadget snapshots for malicious code patterns, anomalies and vulnerabilities, and misconfigurations. It then generates a report with actionable recommendation. Binarly was based in 2021.


BoostSecurity presents a DevSecOps automation platform that it claims may also help detect and remediate vulnerabilities whereas permitting DevOps to work at its personal tempo. It additionally facilitates the creation and governing of insurance policies throughout code, cloud, and CI/CD flows. A single management airplane offers visibility into software program provide chain dangers. BoostSecurity got here out of stealth mode in 2022.


BreachQuest’s Priori incident response platform guarantees to gather and analyze safety occasion knowledge shortly to scope and comprise assaults in addition to velocity restoration. Priori constantly screens programs for malicious exercise. When a breach happens, it instantly sends an alert with data on which endpoints have been compromised. The corporate was based in 2021. As of this writing in November 2022, BreachQuest had not launched Priori.

Camelot Safe

Risk identification and mitigation firm Camelot Secure presents “an offensive method” to cybersecurity providing vulnerability assessments, threat assessments, purple teaming, cyber menace looking, and cyber menace intelligence evaluation using synthetic intelligence and machine studying. The corporate employs specialists from the army, intelligence neighborhood, and personal sector.


Based in 2022, CommandK presents administration options for the end-to-end lifecycle of delicate knowledge inside an organization’s digital personal cloud. Its platform goals to make sure zero developer dependency in managing delicate knowledge, permitting safety groups to achieve a excessive order of safety whereas letting builders deal with constructing options. CommandK is deployed as a managed answer inside an organization’s digital personal cloud, making certain that delicate knowledge stays inside the corporate’s community.


Conveyor, based in 2021, presents a solution to make filling out buyer safety questionnaires simpler. It’s an internet service the place distributors can add related safety paperwork and solutions to frequent questions in Conveyor’s Buyer Belief Platform. Prospects can then entry that content material via the corporate’s Vendor Belief Platform, which is gated and requires a non-disclosure settlement for entry, or clients can evaluate the safety posture of a number of distributors.


Descope is an authentication and person administration platform for passwordless authentication. It presents instruments for builders to simply add authentication, person administration, and authorization capabilities to apps. The platform protects in opposition to bot assaults on login pages, account takeover fraud, and session theft by figuring out dangerous person alerts to enact step-up authentication. The corporate was based in 2022.


The DoControl platform offers automated, self-service instruments for knowledge entry monitoring, orchestration, and remediation of SaaS purposes. It has the power to determine delicate data and forestall it from leaving a company’s cloud occasion. DoControl is an agentless, event-driven platform. The corporate was based in 2020.  


Hush presents AI-based digital privateness providers for people and households, but it surely additionally has an enterprise-grade product to guard workforce privateness. As soon as companies deploy the Hush service, their staff are in a position to handle their very own Hush profiles. This enables them to observe for and report privateness points and remediate points that put their privateness in danger. Hush additionally makes a “privateness advocate” out there by cellphone or on-line. The corporate was based in 2021.

Interpres Safety

Rising from stealth mode in December 2022, Interpres Security presents a platform  that permits organizations to raised handle their “protection floor.” It’ll present what their present safety software set can detect and defend in opposition to. The platform additionally helps determine gaps and inefficiencies in cyber defenses, permitting safety groups to make use of a data-driven method to enhancing safety posture.


Kintent’s Trust Cloud platform is meant to assist corporations cross audits, handle threat, and full safety evaluations. It makes use of programmatic API-based management and threat verification, which might automate workflows and proof assortment. Belief Cloud can analyze a compliance program and map it to a number of requirements. It additionally has an AI-based function that helps fill out safety questionnaires. Kintent was based in 2020.

Naxo Labs

Naxo Labs was based in 2022 by a gaggle of famous specialists and former FBI particular brokers to supply forensic and investigation providers. The corporate works on circumstances involving cybercrimes reminiscent of insider threats or mental property theft and packages the info for referral to legislation enforcement or for litigation. Naxo can be able to performing blockchain and cryptocurrency evaluation in addition to knowledge restoration.

Nudge Safety

Nudge Security presents an answer aimed toward managing the safety of software program as a service (SaaS) for distributed workforces. Its platform permits for the invention of cloud SaaS belongings created with out the necessity for community adjustments, endpoint brokers, or browser extensions. The corporate claims it offers visibility into the whole SaaS assault floor, together with managed and unmanaged accounts, OAuth connections, and assets. It additionally notifies when new SaaS accounts are created. Nudge was based in 2022.

Oligo Safety

Based in 2022, Oligo presents an open-source safety platform that detects and prevents assaults reminiscent of Log4Shell by monitoring malicious exercise on the library degree. The corporate claims that its runtime monitoring of open-source libraries focuses solely on vulnerabilities which might be related. The platform works with most trendy improvement languages reminiscent of Python, Go, Java, and Node and all cloud service suppliers reminiscent of GCP, Azure and AWS.


Piiano presents two merchandise: Piiano Scanner scans supply code for references to personally identifiable data (PII), and Piiano Vault secures delicate knowledge whereas permitting it for use. Scanner can scan any Java or Python GitHub initiatives on a single click on, and is meant to enhance collaboration between improvement and privateness groups. Vault’s API-based infrastructure permits protected storage of delicate knowledge and offers compliance with GDPR and CCPA. Piiano was based in 2021.


Based in 2021, Privya’s platform offers a cloud-native method to knowledge privateness by design. The corporate claims it can permit organizations to raised allow privateness and knowledge safety inside the improvement lifecycle course of. The Privya platform is ready to uncover and determine private knowledge throughout a number of knowledge sources and map the info move and enterprise logic. It additionally offers an automatic structure to raised meet compliance necessities.


Based in 2020, Sharepass offers a way to share confidential data securely throughout platforms. The corporate claims its web-based product doesn’t go away a digital path when knowledge is shared. Sharepass first encrypts the data being shared and sends a hyperlink to the recipient. That hyperlink turns into inactive as soon as the recipient opens it. Senders can specify e mail addresses, set cut-off dates for the way lengthy the hyperlink is legitimate, or require a PIN code. 


SnapAttack offers a purple-teaming platform that the corporate claims to deal with the whole menace detection course of. The platform consists of an Assault Sign Library that catalogs assault threats and simulations. Purple and blue groups can create their very own assault periods. SnapAttack permits purple groups to determine gaps in opposition to the MITRE ATT@CK matrix and to create detection logic with a no-code detection builder. The corporate was based in 2021.

Valence Safety

Valence Security, based in 2021, presents a platform to remediate SaaS safety dangers round third-party integration, id, misconfiguration, and knowledge sharing. The platform offers its personal cross-SaaS knowledge and permissions mannequin to assist preserve entry management. It additionally comes with a set of automated SaaS safety remediation workflows to attenuate the necessity for specialised information to set them up.


Vaultree, based in 2020, has developed what it claims is the primary “totally useful” data-in-use encryption software program improvement equipment (SDK). The product is designed to eradicate the chance of knowledge being leaked or stolen in plaintext type. In line with Vaultree, can course of, search, and compute knowledge at scale with out surrendering encryption keys or decrypting on the server aspect.


Veza offers an authorization platform for knowledge to be used in hybrid, multi-cloud environments. The corporate claims it allows organizations to raised perceive, handle, and management who can and will take actions on knowledge. It focuses on streamlining knowledge entry governance, implementing knowledge lake safety, managing cloud entitlements, and modernizing privileged entry. Veza was based in 2020. 

Wing Safety

Wing’s platform is designed to detect and robotically remediate SaaS utility threats. It constantly screens utilization for each person, app and file. The platform can shut down what it considers dangerous app-to-app connections, prohibit and govern knowledge shared with exterior customers over SaaS apps, and handle vulnerabilities round dangerous person habits. It might probably additionally handle tokens and permissions of SaaS purposes. Wing was based in 2020.

Copyright © 2023 IDG Communications, Inc.