The 20 Coolest Security Operations, Risk And Threat Intelligence Of 2024: The Security 100

From vendors that provide modern SIEM to those offering advanced threat feeds, here’s a look at 20 key companies in security operations, risk and threat intelligence.

The arrival of generative AI marks another turning point in the security operations market, with many vendors now offering GenAI-powered tools that aim to dramatically boost productivity and effectiveness for Security Operations Center (SOC) teams.

Many teams are now looking to leverage GenAI tools in tandem with their SIEM (security information and event management) and SOAR (security orchestration, automation and response) systems, in an effort to expedite their response times and improve their security decision-making.

The SIEM space itself, meanwhile, continues to be highly competitive. The most recent Gartner Magic Quadrant for SIEM (from late 2022) ranks Microsoft, Splunk, IBM, Securonix and Exabeam in the “leaders” quadrant.

In the realm of threat intelligence, top providers include Google Cloud (through its Mandiant subsidiary) and Recorded Future, while major players in risk management include Tenable and Qualys.

What follows are the 20 security operations, risk and threat intelligence companies that made our Security 100 for 2024.

Arctic Wolf

Nick Schneider

President, CEO

Arctic Wolf launched a retainer option for its cyber incident response services, which aims to allow partners to more easily supply customers with rapid access to the services. The Arctic Wolf Incident Response JumpStart Retainer features a guarantee that cyber incidents will receive a response within one hour, backed by a service-level agreement.

Axonius

Dean Sysman

Co-Founder, CEO

Axonius unveiled a major new update to its platform that seeks to provide comprehensive visibility into installed software applications. With the introduction of software management as an addon capability, the Axonius platform can now consume inventories of installed software.

BlueVoyant

Jim Rosenthal

Co-Founder, CEO

With the acquisition of Conquest Cyber, BlueVoyant gains a company specializing in providing cloud security to Microsoft customers in the government sector. BlueVoyant said the deal provides robust cybersecurity assessment and compliance capabilities with an enhanced ability to identify gaps in customers’ security posture.

Cribl

Clint Sharp

Co-Founder, CEO

Cribl offers a data platform whose mission is to enable improved flexibility and control around security and IT data. The company aims to serve as an agnostic data engine, with the ability to route data—including from Splunk—and then place that data into a data lake or take other security-focused actions with it.

Devo Technology

Walter Scott

CEO

Devo has introduced a new threat intelligence feed inside its Devo Collective Defense security data platform that aims to enable enhanced defense against emerging cyberthreats. Other moves have included the launch of Devo DeepTrace, an AI-powered alert investigation tool that can build “complete” traces of suspicious activity within an organization’s IT infrastructure.

Exabeam

Adam Geller

CEO

Exabeam’s major recent product included Outcomes Navigator, which brings improved visualization to the company’s New-Scale SIEM platform. The offering provides a look into the security of current configurations in an environment and provides detailed recommendations for making improvements.

Google Cloud

Thomas Kurian

CEO

Google Cloud’s new Security AI Workbench offering is powered by a security-specific large language model known as SecPaLM. The model utilizes Google Cloud’s security intelligence via Google’s broad visibility into threat data and Mandiant ’s threat intel around vulnerabilities and malware.

IBM Security

Arvind Krishna

Chairman, CEO

IBM debuted its IBM Security QRadar Suite For Analysts, which is SaaS-delivered and includes re-architected threat detection and response offerings to improve speed and efficiency. Upgrades include a unified experience, simplified deployment through SaaS delivery and over 900 integrations with third-party tools.

Infima Cybersecurity

Joel Cahill

Co-Founder, CEO

The provider of highly automated security awareness training is focused on meeting the needs of MSPs. Infima said that its next-gen security awareness training platform provides dramatically simplified administration for MSPs, including speedy setup and minimal oversight once it’s up and running.

KnowBe4

Stu Sjouwerman

Founder, CEO

KnowBe4, which provides security awareness training as well as security tools including anti-phishing, has expanded its portfolio with new tools including its QR Code Phishing Security Test offering. The tool aims to help organizations with identifying which of their users are most likely to be susceptible to malicious QR code threats.

Qualys

Sumedh Thakar

President, CEO

Qualys unveiled a major update to its risk management platform with the option for application security teams to bring detections of their own to use on the platform. AppSec teams will be able to bring detection and remediation scripts as Qualys IDs to the company’s vulnerability management, detection and response platform.

Rapid7

Corey Thomas

CEO

Recent product updates from Rapid7 have included the addition of cloud anomaly detection utilizing AI-based, agentless capabilities. Rapid7 said the offering leverages its proprietary AI engine to detect suspicious behavior, which can then prompt automatic adjustments of configurations and privileges using the Rapid7 platform.

Recorded Future

Christopher Ahlberg

Co-Founder, CEO

Recorded Future enhanced its Intelligence Cloud platform, which is aimed at providing better visibility into threats and more automation of processes. Key capabilities include AI-driven automation for improved detection, triage and analysis of threats, as well as Collective Insights, which offers visibility into emerging threats.

Securonix

Nayaki Nayyar

CEO

Securonix's new Unified Defense SIEM platform works with data feeds from Snowflake’s data lake and better accommodates the massive volumes of security-relevant data that enterprises generate through a cloud-native approach. The platform can leverage 365 days worth of “hot” searchable data from the Snowflake Data Cloud.

ServiceNow

Bill McDermott

President, CEO

As part of ServiceNow’s Security operations platform, the company offers capabilities including incident response, configuration compliance, vulnerability response and threat intelligence. The offering is built on its Now platform, with benefits such as enabling a unified data model across an organization.

Splunk

Gary Steele

President, CEO

Splunk, which has a deal with Cisco to be acquired for $28 billion, has enhanced Splunk Mission Control with updates such as enabling security operations teams to handle threats from a unified platform. For Splunk Observability Cloud, it added capabilities around automated detection and improved alert accuracy.

Sumo Logic

Joe Kim

President, CEO

Major updates from Sumo Logic have included the debut of new capabilities including native user and entity behavior analytics threat detection, which brings advantages such as increased flexibility through making detections more tunable. Sumo Logic also unveiled a new service for more efficient SIEM automation in the cloud.

Tenable

Amit Yoran

Chairman, CEO

Tenable bolstered its exposure management platform and cloud security offering through its recent acquisition of Ermetic. The acquisition enables it to provide cloud identity and permissions management technology as well as a complete cloud-native application protection platform Offering.

Torq

Ofer Smadari

Co-Founder, CEO

Torq offers a no-code method for automating security operations activities. The startup’s platform is aimed at boosting the productivity of security analysts by completing numerous Security Operations Center tasks faster and more easily.

ZeroFox

James Foster

Chairman, CEO

ZeroFox, which focuses on shutting down major cyberthreats that originate externally such as targeted phishing, has enhanced its platform with new capabilities such as anti-cloaking. Meanwhile, the company recently unveiled the acquisition of external attack surface management company LookingGlass Cyber Solutions.