20 Coolest Cloud Security Vendors

No doubt, the last few years have been pivotal in driving the cloud security phenomenon. And there doesn't seem to be any sign of a slowdown in 2010. Driven in part by the tough economy, cloud solutions took off over the last 16 months with an onslaught of SaaS acquisitions by some of world's largest security players. Symantec was one of the first to get the ball rolling with its acquisition of MessageLabs in October of 2008, followed by acquisitions by players such as WatchGuard, McAfee, Barracuda, M86 and Cisco. In addition to cloud-based antivirus, spam filters and Web scanning engines, security companies are now launching cloud-based DLP and authentication and log management technologies. Here are our picks for the coolest cloud security vendors helping to foster the SaaS phenomenon and drive it forward in 2010.

Founded in April of 2002, AppRiver has entered the SaaS space with an array of spam and virus services, including its SecureTide Spam and Virus Protection, Archiving and Compliance, and CipherPost Email Encryption. The company offers 24/7 support, no contracts, no cancellation penalties and a free, 30-day trial. Specifically, SecureTide, a fully managed e-mail protection service, eliminates up to 99 percent of unwanted e-mail, while its CipherPost service helps users achieve and maintain regulatory compliance by providing encryption for all e-mail and mobile messaging.

Barracuda recently emerged as a stronger player in the Software-as-a-Service space with the acquisition of Purewire, a SaaS-based secure Web gateway provider, putting the company on par with many established SaaS providers. Down the road, Barracuda plans to offer an array of SaaS and hybrid security services that will eventually integrate Purewire's Web Security Services into Barracuda's SaaS portfolio and existing product line, with a special emphasis on remote user support.

HP's Cloud Assure, launched in March 2009, was designed as a way to drive adoption of cloud services and also expanded HP's SaaS partner program to enable its resellers to provide more cloud-based services. HP Cloud Assure incorporates HP Application Security Center, HP Performance Center and HP Business Availability Center. HP also provides customers with a team of expert engineers that performs security scans, executes performance tests and deploys availability monitoring.

Through the acquisitions of Marshal and Finjan, M86 has built out its cloud security offerings. In November, it launched MailMarshal SMTP 6.7, one of the first cloud-based offerings that protects against both malware and blended threat attacks. The Finjan acquisition enhanced M86's existing Web and e-mail security technologies with real-time content inspection and code analysis technology, along with malware detection capabilities designed to address Web threats not recognized by traditional signature-based technologies.

In September, McAfee completed the acquisition of Security-as-a-Service e-mail and Web security company MX Logic, giving the second largest security company a huge leg up in the Security-as-a-Service market. McAfee launched a cloud-based e-mail gateway in October following the acquisition, which expanded its cloud portfolio with e-mail and Web security offerings, e-mail archiving and e-mail continuity services, along with the addition of 40,000 new customers and 1,800 channel partners.

Panda has further immersed itself in the cloud computing arena after it unveiled cloud-based antimalware services for SMBs -- Panda Cloud Antivirus and Panda Cloud Protection, in November. Panda Cloud Protection, a fully hosted, managed security service for SMBs, provides hands-off protection of endpoints and e-mail. Specifically, the service, which relies on Panda's Collective Intelligence cloud-scanning system, incorporates endpoint cloud-based antimalware and firewall protection.

Ping Identity's PingConnect resolves one of the biggest problems in just about every organization -- multiple passwords. PingConnect's single sign-on service exponentially improves customers' security posture by eliminating passwords for virtually every major SaaS application, including Salesforce.com, Google Apps, Concur, SuccessFactors and Workday, among others. The company recently expanded its SaaS partner program by partnering with two SaaS providers: sales performance management company Callidus Software and sales enablement vendor Kadient.

Proofpoint offers its comprehensive Enterprise service, based on the same platform powering its Messaging Security Gateway appliances and incorporates DLP, spam filtering and e-mail archiving services. Its hosted e-mail service, Proofpoint Protect, is also an easy-to-use, low-cost inbound e-mail security product designed for organizations that don't require outbound data privacy and e-mail encryption features. The company distinguishes itself with its single management and policy console powered by Proofpoint MLX technology, an advanced machine learning system.

SaaS security risk and compliance management company Qualys offers a full range of on-demand services, with a specialty in customer adherence to a wide array of regulatory compliance mandates, such as PCI. The company serves thousands of subscribers around the world with its QualysGuard service, including 200 of the Forbes Global 2000, with real-time vulnerability management, policy compliance, PCI compliance and Web application scanning.

Founded in 2004, SaaS-based Web filtering company ScanSafe has recently been turning heads in the industry for its ability to detect and block malicious and inappropriate Web sites in real time. The services are powered by its multilayered Outbreak Intelligence threat detection technology, which processes more than 20 billion Web requests and blocks more than 200 million sites per month. The company was acquired by networking giant Cisco in December.

StillSecure's flagship ProtectPoint is a fully managed security service targeting SMBs and midsize companies, offering a wide range of SaaS services, including managed firewall, vulnerability scanning, managed VPN, intrusion detection, Web security and hosted e-mail security. In November, the company joined the HP ProCurve One Alliance as a partner to deliver managed security services, which allows HP ProCurve partners to earn recurring revenue without additional investments in their infrastructure.

In October 2008, Symantec's acquisition of MessageLabs gave the security giant a leg up over many of its competitors in the online messaging security market and a hefty boost to its existing SaaS portfolio. The acquisition and the growing popularity of SaaS-based Web security offerings also opened up some new markets for channel partners, who had hoped to expand their service offerings in the SMB and midmarket.

Touting breakthrough technology, Symplified has found its niche in SaaS security by integrating enterprise security policies and administration with cloud application management services, targeting financial services, health care, high tech, utilities and life sciences. In December, Symplified unveiled a new user provisioning service -- SinglePoint Cloud Identity Manager, which allows organizations to centralize the management of user accounts for multiple applications from within their firewall or by using the Salesforce.com platform.

SyferLock, a SaaS authentication company founded in 2007, discovered a way to provide unique passwords while users only have to remember one. With SyferLock's GridOne, users create their own password, which remains static. Then users ultimately submit a different password for each login conducted through the cloud-based GridOne system that associates each letter of the original password to arbitrary letters and numbers selected by the application. And although SyferLock has primarily targeted the enterprise, as well as pharmaceutical, health care and government verticals, executives contend that GridOne can scale to fit the needs of just about any midmarket company.

Trend Micro remains the pioneer of the SaaS arena and helped foster the cloud computing phenomenon with the launch of its Smart Protection Network. The company recently catapulted into the virtualization space with its new virtualized Web Gateway Security product and also released Trend Micro Deep Security 7.0 as part of its advanced server security effort intended to protect all aspects of the server, including the operating systems, network and application layers on physical as well as virtualized platforms.

WatchGuard prepared its partner base for an anticipated upsurge of managed service offerings in 2010 with the acquisition of e-mail messaging security company BorderWare in August, followed by the launch of a new Managed Security Services Provider partner program in December. The purchase of BorderWare, which specializes in e-mail and Web application security platform management for midsize companies, government organizations and solution providers, also opens up more doors for WatchGuard in the cloud computing space.

Webroot has recently plunged into the SaaS arena with the release of its on-demand Web, e-mail and archiving products hosted in the cloud. The company unleashed dozens of enhancements to its business Web security service, while unveiling new security services to help businesses with e-discovery and compliance initiatives. The launch was part of a broader strategy for Webroot to build out its cloud security services.

Websense's Security-as-a-Service, which relies on real-time threat updates from the Websense ThreatSeeker Network, is positioned as a way to eliminate distribution, deployment and ongoing upgrades of on-premise equipment. Specifically, Websense SaaS incorporates Websense Hosted Web Security and Websense Email Security, designed to protect against numerous Web and e-mail threats without any impact to network performance. Both services provide full reporting and policy management capabilities.

Founded in 2001 by a former Yahoo information security officer, WhiteHat aims to address the rising tidal wave of financially motivated Web-based attacks at the application level, preventing hackers from infiltrating and planting malicious code on users' Web sites. To help combat growing Web threats, WhiteHat offers resellers its WhiteHat Sentinel, a SaaS-platform assessment tool and Web site vulnerability manager designed to evaluate and verify all classes of vulnerabilities.

Zscaler offers its security business policy services via its Global Cloud Infrastructure, and offers one of the most comprehensive arrays of Web security, management and compliance services around, including Web filtering, social network security, virus control, antivirus, Web policy and management, DLP, and PCI and HIPAA compliance. It also touts low latency, reduced risk, lowered cost, improved resource utilization and IT administration simplification.