If you want to know what’s new in cyber security, watch what the start-up vendors are doing. They typically begin with an innovative idea and are unfettered by an installed base and its mainstream approach. Start-ups often tackle problems no one else is addressing.
The downside, of course, is that start-ups often lack resources and maturity. It’s a risk for a company to commit to a start-up’s product or platform, and it requires a different kind of customer/vendor relationship. The rewards, however, can be huge if it gives that company a competitive advantage or reduces stress on security resources.
The vendors below represent some of the most interesting start-ups (defined here as a company founded or emerging from stealth mode in the past two years).
Founded in 2019, Abnormal Security offers a cloud-native email security platform that uses behavioural data science to identify and prevent email attacks. Its AI-based approach analyses data user behaviour, organisational structure, and relationships, and business processes to help identify anomalous activity that could indicate a cyber attack.
Abnormal’s email protection platform promises to prevent business email compromise, supply chain attacks, invoice fraud, credential phishing, and email account compromise. It also provides tools to help automate incident response, and the platform provides a cloud-native API to integrate with enterprise platforms such as Microsoft Office 365, G Suite, and Slack.
Apiiro emerged from stealth mode in 2020. Its devsecops platform aims to shift the secure development lifecycle “from a manual and periodic ‘developers-last’ to an automatic risk-based ‘developers-first’ approach,” according to co-founder and CEO Idan Plotnik in a blog post.
The Apiiro platform works by connecting all on-premises and cloud source control and ticketing systems through an API. It also provides customisable predefined code governance rules. Over time, the platform builds an inventory by “learning” all products, projects, and repositories. That data allows it to better identify risky code changes.
The Axis Security Application Access Cloud is a cloud-based application access solution that’s built on a zero-trust approach. It does not rely on having agents installed on user devices, so that organisations can connect users—on premises and remote—on any device to private apps, without touching the network or the apps themselves. Axis emerged from stealth mode in 2020.
Deduce, founded in 2019, offers two products for what it calls “identity intelligence.” Customer Alerts sends notifications to customers of potential account compromise, and Identity Risk Score uses aggregated data to assess the risk of account compromise.
The company uses cognitive algorithms to analyse privacy-compliant data from more than 150,000 sites and applications to identify possible fraud. Deduce claims an over 90 per cent reduction in account takeover damage.
Open Raven’s cloud-native data security platform is designed to provide greater visibility into cloud resources. It maps all cloud data stores, including shadow cloud accounts, and identifies the data they hold. Open Raven then monitors in real time for data leaks and policy violations and alerts teams to fix them. It can also monitor log files for sensitive information that should be removed. The company emerged from stealth mode in 2020.
Founded in 2019, Satori refers to its data access service as “DataSecOps,” and its purpose is to separate security and privacy controls from the architecture.
The service monitors, classifies, and controls access to sensitive data. You can configure policies based on criteria such as groups, users, data types, or schema to prevent unauthorised access, mask sensitive data or trigger a workflow. The service offers pre-configured policies for common regulations such as GDPR, CCPA and HIPAA.
Strata’s main product is the Maverics Identity Orchestration Platform. It’s a distributed, multicloud identity management platform. Strata’s stated goal is to bring consistency across distributed cloud environments for user identity for apps deployed across multiple clouds and on-premises.
Features include a Secure Hybrid Access solution to extend zero-trust access to on-premises apps for cloud users, an Identity Abstraction layer to better manage identity in a multi-cloud setting, and a Connector Catalog to integrate identity systems from popular cloud and identity management systems. Strata was founded in 2019.
Founded by the team that led Microsoft's Cloud Security Group, Wiz provides a multi-cloud security solution designed to work at scale.
The company claims its product can analyse all layers of the cloud stack to identify high-risk attack vectors and provide insight that allows for better prioritisation. Wiz takes an agentless approach and can scan all virtual machines and containers. Wiz emerged from stealth mode in 2020.