The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base.
The downside, of course, is that startups often lack resources and maturity. It’s a risk for a company to commit to a startup’s product or platform, and it requires a different kind of customer/vendor relationship. The rewards, however, can be huge if it gives that company a competitive advantage or reduces stress on security resources.
The vendors below represent some of the most interesting startups (defined here as a company founded or emerging from stealth mode in the past two years).
[Editor’s note: This article, originally published November 11, 2022, is periodically updated as new startups emerge.]
Founded in 2021, Akto focuses on API security. The company claims its platform, run locally or in the cloud, discovers and tests internal, external, and third-party APIs. It then finds vulnerabilities quickly during runtime. It supports key API data sources such as AWS, Google Cloud, and Kubernetes. The platform can be deployed in about a minute, according to Akto.
BreachQuest’s Priori incident response platform promises to collect and analyze security event data quickly to scope and contain attacks as well as speed recovery. Priori continuously monitors systems for malicious activity. When a breach occurs, it immediately sends an alert with information on which endpoints have been compromised. The company was founded in 2021. As of this writing in November 2022, BreachQuest had not released Priori.
Conveyor, founded in 2021, offers a way to make filling out customer security questionnaires easier. It is an online service where vendors can upload relevant security documents and answers to common questions in Conveyor’s Customer Trust Platform. Customers can then access that content through the company’s Vendor Trust Platform, which is gated and requires a non-disclosure agreement for access, or customers can compare the security posture of multiple vendors.
Hush offers AI-based digital privacy services for individuals and families, but it also has an enterprise-grade product to protect workforce privacy. Once businesses deploy the Hush service, their employees are able to manage their own Hush profiles. This allows them to monitor for and report privacy issues and remediate issues that put their privacy at risk. Hush also makes a “privacy advocate” available by phone or online. The company was founded in 2021.
Naxo Labs was founded in 2022 by a group of noted experts and former FBI special agents to provide forensic and investigation services. The company works on cases involving cybercrimes such as insider threats or intellectual property theft and packages the facts for referral to law enforcement or for litigation. Naxo is also capable of performing blockchain and cryptocurrency analysis as well as data recovery.
Nudge Security offers a solution aimed at managing the security of software as a service (SaaS) for distributed workforces. Its platform allows for the discovery of cloud SaaS assets created without the need for network changes, endpoint agents, or browser extensions. The company claims it provides visibility into the entire SaaS attack surface, including managed and unmanaged accounts, OAuth connections, and resources. It also notifies when new SaaS accounts are created. Nudge was founded in 2022.
SnapAttack provides a purple-teaming platform that the company claims to address the entire threat detection process. The platform includes an Attack Signal Library that catalogs attack threats and simulations. Red and blue teams can create their own attack sessions. SnapAttack allows purple teams to identify gaps against the MITRE [email protected] matrix and to create detection logic with a no-code detection builder. The company was founded in 2021.
Valence Security, founded in 2021, offers a platform to remediate SaaS security risks around third-party integration, identity, misconfiguration, and data sharing. The platform provides its own cross-SaaS data and permissions model to help maintain access control. It also comes with a set of automated SaaS security remediation workflows to minimize the need for specialized knowledge to set them up.