The 20 Coolest Cloud Security Companies Of The 2025 Cloud 100

As part of CRN’s Cloud 100, here are 20 cloud security companies you should know about in 2025.

As the shift of corporate data to the cloud continues unabated—and cloud-based systems for utilizing GenAI begin to see explosive growth—attackers are increasingly moving their focus in the same directions. A 2024 report from Check Point Software Technologies found that the percentage of organizations reporting cloud security incidents more than doubled from a year earlier, to 61 percent, highlighting the massive risks associated with insecure cloud systems.

[Related: The 10 Hottest Cloud And AI Security Startups Of 2024]

Solution providers and customers have gotten the message, however. Combined global spending on two major cloud security categories—cloud access security broker (CASB) and cloud workload protection (CWP) is expected to climb nearly 30 percent in 2025 to $8.7 billion, according to a forecast from research firm Gartner.

At the same time, solution providers and customers are finding that the challenges in securing SaaS apps as well as public cloud platforms such as AWS, Microsoft Azure and Google Cloud remain steep. Meanwhile, the surge in deployment of large language models running in the cloud and GenAI-powered applications are raising a whole new set of cloud security concerns around the industry.

In response to the need for protecting increasingly critical cloud systems, security continues to be a leading area of product innovation in the cloud technologies market. CRN has been closely following an array of vendors across the cloud security space, ranging from emerging startups delivering cutting-edge capabilities for protecting cloud infrastructure and data, to established vendors with a complete cloud-native application protection platform offering for comprehensive application and cloud security.

As part of CRN’s Cloud 100 for 2025, here are 20 cloud security companies you should know about.

Aqua Security

Dror Davidoff

Co-Founder, CEO

Recent launches from Aqua Security included the debut of protection for large language model-based applications, both in terms of development and operation of the apps. Key functionality includes code integrity through the deployment of scanning technology, along with real-time monitoring for LLM-based workloads and GenAI assurance policies to provide guardrails against risky LLM usage.

Check Point Software Technologies

Nadav Zafrir

CEO

Key cloud security product moves from Check Point included the unveiling of its CloudGuard WAF-as-a-Service offering, an AI-driven web application firewall (WAF) for protecting cloud apps and APIs. The WAF offers notable capabilities such as threat prevention, contextual analysis and API security. Other benefits include a rapid deployment process, according to the company.

Cloudflare

Matthew Prince

Co-Founder, CEO

Cloudflare has recently expanded its Cloudflare One platform including with the acquisition of cloud security startup Kivera. The acquisition brought enhanced preventative security capabilities through the addition of inline cloud application controls —embedded within the cloud deployment process itself—along with one-click mitigation of misconfigurations and enforced cloud tenant control.

CrowdStrike

George Kurtz

Co-Founder, CEO

CrowdStrike recently introduced AI security posture management capabilities to its Falcon Cloud Security platform, providing a way to detect and remediate security issues involving AI services and LLMs running in the cloud. The company also unveiled its data security posture management tool for Falcon Cloud Security, leveraging its acquisition of Flow Security.

Cyera

Yotam Segev

Co-Founder, CEO

Cyera offers agentless data security posture management capabilities that can rapidly provide visibility into the status of an organization’s data and identity access—including across cloud environments and SaaS as well as in data lakes and on-premises environments. The company recently added data loss prevention capabilities through the acquisition of Trail Security.

Fortinet

Ken Xie

Co-Founder, Chairman, CEO

Fortinet significantly expanded its cloud security capabilities with the acquisition of Lacework, a major cloud-native application protection platform provider. The acquisition has enhanced Fortinet’s platform with Lacework’s data-powered cloud security technology, which collects and analyzes data from across cloud environments and supplies key insight, such as around threat prioritization.

Illumio

Andrew Rubin

Co-Founder, CEO

Illumio launched its offering for zero-trust segmentation in public cloud and hybrid cloud environments, CloudSecure. The company took an agentless approach with the architecture for the offering, as compared with the vendor’s segmentation offerings for data center and endpoints, which utilize agents. Illumio now can provide segmentation across IT environments with the availability of CloudSecure.

Netskope

Sanjay Beri

Co-Founder, CEO

Netskope disclosed new updates to its cloud access security broker offering that bring greater GenAI capabilities to protecting SaaS usage on the Netskope One platform. The vendor said it is the first security service edge provider to combine CASB with GenAI, with functionality including a GenAI-powered engine to bolster SaaS security risk categorization.

Inserting image...

OpenText Cybersecurity

Mark Barrenechea

Vice Chair, CEO, CTO

OpenText unveiled a major enhancement to its Secure Cloud platform, with the company providing simplification of certain workflows, automation of more tasks and new integrations. Other key offerings for OpenText include cloud access security broker for protecting data and controlling access for cloud-based applications.

Inserting image...

Orca Security

Gil Geron

Co-Founder, CEO

Orca Security expanded its capabilities for cloud detection and response, including with the introduction of an enhanced user experience featuring an event-driven security dashboard. Orca also unveiled new capabilities that classify security events using cloud-agnostic terminology, in order to provide a common language to security teams spanning their CDR workflow.

Palo Alto Networks

Nikesh Arora

Chairman, CEO

Palo Alto Networks unveiled a new offering, Cortex XSIAM for Cloud, which introduces a new Cloud Command Center that provides comprehensive visibility around cloud assets. Meanwhile, the inclusion of a new cloud security agent as part of XSIAM for Cloud enables key capabilities such as cloud detection and response.

Qualys

Sumedh Thakar

President, CEO

Qualys recently added vulnerability assessment capabilities to its Enterprise TruRisk Platform, the company’s external attack surface management offering for securing environments including clouds and containers, while separately also launching Enterprise TruRisk Management, a cloud-based risk operations center that analyzes data from Qualys and third-party tools to protect cloud, hybrid and on-premises environments.

SentinelOne

Tomer Weingarten

Co-Founder, CEO

SentinelOne unveiled the launch of its Singularity Cloud Native Security platform, combining agent-based and agentless cloud-native application protection platform capabilities to protect against cloud threats. Key functionality includes an offensive security engine that provides simulation of attacker tactics that can enable detection and remediation of exploitable cloud assets.

Skyhigh Security

Vishal Rao

CEO

Skyhigh Security offers tools for protecting cloud-based applications, including cloud access security broker, delivering protection for data, controls for devices and inline cloud app threat protection. Skyhigh’s CASB offering provides real-time control of cloud services, with capabilities to protect against risky access to sanctioned and unsanctioned services in the cloud.

Snyk

Peter McKay

CEO

Snyk unveiled the launch of its developer-focused offering for application security posture management, AppRisk Pro. The tool provides key capabilities such as being able to trace back insecure portions of apps to specific components in the code that need to be fixed. Other major capabilities include improved prioritization through enhanced vulnerability remediation and prevention.

Sophos

Joe Levy

CEO

Key Sophos capabilities in cloud security include cloud security posture management for identifying vulnerable cloud resources, rapidly responding to threats and ensuring compliance. Other offerings include cloud workload protection for protecting infrastructure and data in the cloud through runtime threat detection and cloud threat investigation.

Tenable

Steve Vintz, Mark Thurmond

Co-CEOs

Tenable unveiled additional context-driven features for prioritization and response—including in its Tenable Cloud Security platform—dubbed Vulnerability Intelligence and Exposure Response. The features represent an advancement through providing strong contextualization of vulnerability data, according to the company—including context from both internal and external sources.

Trend Micro

Eva Chen

Co-Founder, CEO

Trend Micro provides cloud risk management along with agentless threat detection and real-time monitoring of cloud attack surfaces through its Trend Vision One platform. Recent cloud security enhancements have included the introduction of a simplified method for adding the Trend Vision One platform to EC2 Image Builder on AWS.

Wiz

Assaf Rappaport

Co-Founder, CEO

Wiz unveiled its new offering for tracing security risks back to application code, Wiz Code. The tool correlates vulnerable cloud assets and potential attack paths with the related source code (and its developer)—ultimately providing an expedited process for addressing cloud- and code-related risks. Wiz also recently unveiled a major expansion through its acquisition of cloud remediation startup Dazz.

Zscaler

Jay Chaudhry

Founder, Chairman, CEO

Zscaler introduced new enhancements for its AI Data Protection platform including data security posture management for discovery, classification and protection of data in public cloud environments. Meanwhile, Zscaler unveiled the integration of multiple capabilities for securing cloud-based apps through its Unified SaaS Security offering and debuted improved zero-trust segmentation for environments including public clouds.