The problems that cybersecurity start-ups try to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovate faster because they are not hampered by an installed base.
The downside, of course, is that start-ups often lack resources and maturity. It is a risk for a company to engage in the product or platform of a start-up, and it requires a different types of customer/supplier relationships. The rewards, however, can be huge if it gives that company a competitive advantage or reduces stress on security resources.
The vendors below represent some of the most interesting start-ups (defined here as a company founded or coming out of stealth mode within the last two years).
As organizations increasingly use software-as-a-service (SaaS) platforms, security teams can struggle to monitor and guard against the risks they present. Safety handle The product promises to provide greater visibility across all SaaS platforms used in an organization. According to the company, this helps to better enforce security policies and identify security blind spots. The Grip platform can work standalone or with a Cloud Access Security Broker (CASB).
The cloud native JupiterOne The cyber-asset attack surface management platform promises to bring more context to a range of security processes, including vulnerability management, compliance, and identity and access management (IAM). The company also says its platform can better enable organizations to comply with security regulations. This is made possible by JupiterOne’s integration capabilities, which allow it to operate within the existing security environment.
tower of light
tower of light offers a cloud-native application protection platform (CNAPP) that the company claims can identify, prioritize, and remediate attack paths within the cloud stack.
The platform will work in any cloud hosting environment, including Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP). The Lightspin platform works in all phases of DevOps. For example, it can perform IaC and API scans during build, identify misconfigurations and exposed secrets during production, and provide malware and execution protection during runtime.
Cyber Noetic sells what it calls a “continuous cyber-asset management and control platform.” The company claims that this platform can provide greater network visibility, better monitoring of controls, and better understanding of relational network entities. On the last point, Noetic’s platform can map relationships between assets to help identify security vulnerabilities. Noetic also offers integration with orchestration and automation workflows.
track what Polar Safety “ghost data” calls through the cloud can be a challenge. The company is trying to address this challenge with its Data Security Posture Management (DSPM) solution, which it says is the first automated data security and compliance platform.
According to Polar Security, its platform will automatically map and track data and data workflows of cloud-native data to better prevent vulnerabilities and meet regulatory compliance. Once the platform has identified the data, an automated labeling function helps classify sensitive data.
Revelstoke offers what it claims to be the premier low-code security orchestration, automation, and response (SOAR) platform. The company’s goal is to simplify the implementation and management of SOAR. It does this by offering low-code playbooks to automate security processes, prebuilt integrations based on a unified data layer, case management through what it calls “guided surveys,” and a user interface based on a dashboard.