The 20 Coolest Web, Email and Application Security Companies Of 2024: The Security 100

From vendors offering code security tools to those protecting inboxes and websites against attacks, here’s a look at 20 key companies in web, email and application security.

Among the major disclosures in a recent AI security report from Microsoft and OpenAI was this doozy: It’s likely that nation-state hackers are, indeed, using GenAI to create phishing emails. While the potential for GenAI-powered phishing and social engineering has been widely discussed since the debut of OpenAI’s ChatGPT more than a year ago, the report suggests that it’s really happening in the wild.

[Related: 10 Cybersecurity Companies Making Moves: January 2024]

Notably, according to the report’s findings, attackers from nation-state groups in China, North Korea and Iran are among those taking advantage of Large Language Model (LLM) technology as part of their phishing campaigns. “Our analysis of the current use of LLM technology by threat actors revealed behaviors consistent with attackers using AI as another productivity tool on the offensive landscape,” Microsoft said in the report.

In other words, now bolstered by GenAI, phishing and social engineering tactics may pose an even bigger threat than in the past — and a huge opportunity for email security vendors and their partners to help with protecting organizations of all sizes.

Meanwhile, with vulnerability exploits constituting another big focus area for threat actors in 2024, the adoption of tools for eliminating vulnerabilities during software development remains a growing priority for many organizations. There’s been no subsidence in browser-based threats either, with the continued frequency of attacks such as cross-site scripting — leading to ongoing demand for web application firewalls and other web security tools.

What follows are the 20 web, email and application security companies that made our Security 100 for 2024.

Abnormal Security

Evan Reiser

Co-Founder, CEO

Email security vendor Abnormal Security uses AI-based behavioral analytics to detect anomalous activity across the company level and user level. Major product updates have included an expansion into securing the use of collaboration apps.

Akamai Technologies

Tom Leighton

Co-Founder, CEO

Big updates to Akamai’s security platform have included the addition of enhanced API security through the acquisition of Neosec. Meanwhile, the company debuted an offering that aims to disrupt websites used for phishing as well as brand impersonation.

Aqua Security

Dror Davidoff

Co-Founder, CEO

Aqua Security enhanced its cloud-native application protection platform with the introduction of AI-Guided Remediation, which uses GenAI to automatically produce remediation steps, as well as support for Amazon Security Lake, enabling cybersecurity professionals to more easily collect and correlate data across different sources.

Barracuda Networks

Hatem Naguib

President, CEO

Barracuda Networks launched new offerings for securing web apps and APIs with the debut of its application protection plans. Meanwhile, the company introduced its SASE platform, SecureEdge, which is targeted at the company’s small and midsize enterprise customers as well as at MSPs.

Checkmarx

Sandeep Johri

CEO

Checkmarx unveiled the launch of its Fusion 2.0 platform with updates including the introduction of an application risk management tool. The module brings together information on vulnerabilities with risk ratings as well as prioritization guidance for an organization’s entire software portfolio.

Contrast Security

Rick Fitz

CEO

Contrast Security has unveiled a new capability for security observability with the aim of enhancing visibility into the security of apps and APIs. Contrast’s security observability capability offers “total visibility” into security-related behavior of applications and APIs, the company said.

Cloudflare

Matthew Prince

Co-Founder, CEO

Major Cloudflare product launches included the introduction of its Magic WAN Connector, giving the Cloudflare One platform all the key elements of a single-vendor SASE offering. Cloudflare also updated its Area 1 email security product, including automatic isolation for suspicious links and attachments.

F5

François Locoh-Donou

CEO

F5 rolled out new capabilities aimed at providing comprehensive control and protection for management of applications and APIs. The ML-powered updates enable advanced API endpoint discovery as well as improved anomaly detection, behavioral analysis and telemetry.

Inky

Dave Baggett

Co-Founder, CEO

Email security vendor Inky stands out in the market by using AI to help users make smarter decisions about potentially malicious emails. Among the key updates to the Inky platform have included prevention capabilities against QR code phishing attacks.

Island

Michael Fey

Co-Founder, CEO

Island is making its mark by offering a Chromium-based browser that aims to provide businesses with a much greater level of visibility and control over the use of data inside SaaS applications. Key updates from the startup have included the debut of data loss prevention capabilities for ChatGPT and other GenAI applications.

Lacework

Jay Parikh

CEO

Lacework rolled out Lacework AI Assist, which aims to boost productivity for security teams while also helping to strengthen their relationships with DevOps teams. Meanwhile, the company has integrated its platform with two major ticketing systems, ServiceNow and Jira, with the goal of enabling better vulnerability mitigation.

Menlo Security

Amir Ben-Efraim

Co-Founder, CEO

Menlo Security unveiled new capabilities for preventing threats that are especially evasive to security controls with the debut of its HEAT Shield and HEAT Visibility products. The products aim to thwart evasive browser-based threats such as phishing attacks with the help of AI and ML advancements.

Mimecast

Marc van Zadelhoff

CEO

Mimecast expanded its threat protection capabilities to include collaboration apps such as Microsoft Teams joining its email security offerings. It also unveiled the acquisition of Elevate Security, which is focused on identifying high-risk users. It will be integrated with Mimecast’s security awareness training platform.

Noname Security

Oz Golan

Co-Founder, CEO

Noname Security unveiled its new API security testing tool, Active Testing V2, with capabilities for finding and testing all APIs by leveraging a complete understanding of each app’s business logic. The offering also provides development teams with dynamic API visibility across environments.

Orca Security

Gil Geron

Co-Founder, CEO

Orca Security has debuted “cloud to dev” capabilities with the aim of automatically tracing risks to cloud security that are uncovered in code. The offering enables reduced remediation efforts and can identify the source artifact as well as the developer who owns it.

Proofpoint

Sumit Dhawan

CEO

Proofpoint debuted new capabilities for its Aegis Threat Protection platform that offer proactive protection against GenAI-powered threats such as social engineering attacks. Other launches included improved visibility into cases where Proofpoint deems an email to represent a business email compromise threat.

Salt Security

Roey Eliyahu

Co-Founder, CEO

Salt Security has added advanced threat capabilities, as well as improved API discovery, to its API Protection Platform. The company said it utilizes “only patented AI algorithms for API security” in the industry to offer enhanced user intent detection along with enhanced analytics for API threat severity evaluation.

Snyk

Peter McKay

CEO

Recent platform enhancements from Snyk included an update to its application security posture management offering, AppRisk, with the debut of AppRisk Essentials. The tool provides automatic discovery of app assets that are code-based as well as management of security coverage and prioritization based on risk.

Veracode

Sam King

CEO

Veracode unveiled a new product that utilizes GenAI to provide remediation suggestions for application security flaws, including flaws in both code and open-source dependencies. Veracode Fix is designed to help developers and security teams identify and fix vulnerabilities more quickly and effectively.

Wiz

Assaf Rappaport

Co-Founder, CEO

Wiz recently unveiled the introduction of AI security posture management capabilities onto its platform with the aim of providing greater visibility and cybersecurity around the usage of AI technologies. Wiz also added the ability to pinpoint threats impacting workloads in real time with the debut of its Runtime Sensor.