The 10 Hottest Cybersecurity Startups In 2023 (So Far)
Startups with innovative new tools for securing the cloud, applications and authentication are among those that have stood out from the pack during the first half of this year.
While venture funding has been harder to come by in 2023, many cybersecurity startups have continued to thrive as demand for innovative new tools in the space remains strong. In particular, startups that specialize in fast-growing areas such as cloud security, application security and passwordless authentication have been seeing major interest from partners and customers during the first half of the year.
A number of cybersecurity startups have raised major funding rounds, launched unique new products, or both in 2023. Increasingly, many companies in the security industry are also rolling out channel programs that aim to bring partners into the mix even at an early stage. We’ve been tracking a wide array of cybersecurity startups and have chosen 10 that especially caught our attention during the first half of 2023.
Demand for cybersecurity tools that bring new approaches to securing against ransomware, data theft and other key threats continues to grow as attackers remain agile in their tactics. For instance, in one of the year’s highest-profile cyberattacks, the supply chain compromise of communications software firm 3CX, Mandiant researchers said that the attack was unprecedented on account of the fact that its cause was actually a prior software supply chain attack. “This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” the incident response and threat intelligence firm, owned by Google Cloud, said in April.
Software supply chain attacks are among the critical threats that startups on our list are helping to protect organizations against, alongside other threats such as ransomware, which some researchers say appears to be seeing a resurgence this year after declining in 2022.
What follows are the 10 hottest cybersecurity startups in 2023 so far.
CEO: Benjamin Fabre
Bot protection startup DataDome announced in late March that it had closed its Series C round, raising $42 million in funding led by InfraVia Growth. Then in May, the company disclosed that it had hired a new director of channel sales, Teague Dufresne. Dufresne was most recently a channel account manager at cloud security startup Ermetic, and before that worked at companies including Liferay, Flashpoint and TD Synnex. In a news release, Dufresne said she plans to expand DataDome’s partner program to better take advantage of the “integral role” partners play in bringing solutions to customers.
CEO: Slavik Markovich
In February, Descope raised $53 million in seed funding led by Lightspeed Venture Partners and GGV Capital, while also announcing the debut of its tool for enabling developers to more easily integrate passwordless authentication into applications. Other investors include CrowdStrike co-founder and CEO George Kurtz and Rubrik co-founder and CEO Bipul Sinha.
Descope has a total of eight founders, all of which were key players at Demisto — a security orchestration, automation and response (SOAR) vendor that was acquired by Palo Alto Networks for $560 million in 2019.
The startup brings a focus on allowing for easier connections into the passwordless systems such as “passkeys” that are now supported by devices and platforms from major vendors including Apple, Microsoft and Google. The Descope tool is available through both free and paid versions, with higher user counts and other capabilities offered by the paid version.
While it’s very early for the company, Slavik Markovich, co-founder and CEO at Descope, said that the company expects to explore bringing the technology to market through partners down the road. “There are going to be partnerships to help us get to both customers and the large dev shops,” he said.
CEO: Varun Badhwar
Code security startup Endor Labs announced in March that it has launched a global partner program and is making a “100 percent commitment” to working with channel partners to drive its business. Endor Labs was founded by Varun Badhwar and Dimitri Stiliadis, former leaders of Palo Alto Networks’ Prisma Cloud division whose companies, RedLock and Aporeto, were acquired by the cybersecurity giant. The startup aims to provide enhanced security for the software supply chain, with a platform focused on enabling the secure use of open-source software — spanning dependency selection, management and remediation of code security issues.
With the recently launched partner program, Endor Labs Hyperdrive, the startup is committing to a “channel-first go-to-market strategy,” the company said in a news release. Benefits include support around presales, deployment and customer success, the startup said. Partners can grow their businesses by launching new services based around the Endor Labs platform, the company said, including advisory services and services for building and running open-source software lifecycle programs. In October 2022, Endor Labs announced raising a $25 million seed funding round from investors including Lightspeed Venture Partners, Dell Technologies Capital, Sierra Ventures, Palo Alto Networks CEO Nikesh Arora, Zscaler Founder and CEO Jay Chaudhry and Netskope Founder and CEO Sanjay Beri.
CEO: Shai Morag
Ermetic, a startup that specializes in automatically removing unneeded permissions in the cloud, announced the launch of a redesigned channel program in March. The company’s Above the Cloud Channel Partner Program consists of an offering customized for resellers and a separate offering tailored to MSSPs.
Components of the new program include Ermetic’s first certification program around its cloud-native application protection platform (CNAPP), aimed at providing partners with key technical skills for working with the platform, said Scott Hoard (pictured), head of global channel sales for Ermetic, in a news release. The platform brings an identity-focused approach to unifying and automating a number of capabilities in cloud security — including cloud infrastructure entitlement management (CIEM), cloud security posture management (CSPM), cloud workload protection (CWP) and security for infrastructure-as-code (IaC), as well as Kubernetes security posture management.
Ermetic says it counts more than 90 channel partners in its program, including Trace3, GuidePoint Security, Optiv, Marcum Technology and Protiviti.
CEO: Tiffany Ricks
HacWare, a cybersecurity training vendor that was founded in 2019, has about 500 MSP partners worldwide, but expects that number to double by the end of 2023 thanks to a recent integration with ConnectWise, according to Founder and CEO Tiffany Ricks. The integration is putting HacWare onto ConnectWise’s Manage and Asio platforms.
“We’re excited about this because we’re trying to enhance the partner’s workflow around security awareness,” Ricks told CRN in a recent interview. “We don’t want to disrupt their workflow and try to get them to use a tool outside of their normal workflow. We are integrated within the ConnectWise manage platform.”
The integration will allow MSPs to see how their customers are doing with regards to security awareness. From onboarding, HacWare is giving MSPs one place, where they’re already working, to protect, enhance and empower their employees and customers with training on how to identify phishing.
HacWare’s automated security awareness platform eradicates repeated tasks like creating and scheduling phishing simulations and planning training schedules. Instead of manual scheduling, its phishing technology leverages behavioral psychology best practices to improve security posture and awareness.
CEO: Jon Miller
Halcyon, a startup that offers a number of capabilities aimed at thwarting ransomware, announced in April that it has raised $50 million in Series A funding led by Syn Ventures. The company is using the round to accelerate the development of its platform, including through enhancing its capabilities and effectiveness around detecting, mitigating and recovering from ransomware attacks.
Halcyon’s suite of capabilities includes pre-execution ransomware prevention using proprietary AI/ML and exploitation of ransomware features that “tricks ransomware into aborting or revealing the attack,” the startup said in a news release. The Halcyon platform also offers advanced ransomware behavior detections — which can help to enhance endpoint protection, endpoint detection and response (EDR) and extended detection and response (XDR) — as well as offering automation of endpoint and network resiliency, including through automated host isolation.
CEO: Michael Fey
Island, a fast-growing startup that offers a security-focused web browser for businesses, told CRN in March that it’s making a major bid to expand its work with partners with the hire of industry veteran Keith Weatherford as its first channel chief.
Weatherford, who departed a role as global channel chief at cybersecurity firm Forescout, told CRN that he sees a massive opportunity to help Island connect with the channel around bringing its secure browser to a wider number of businesses. Founded in mid-2020, Island only exited stealth in February 2022 and has already done a number of customer deals through channel partners.
With Weatherford now heading its channel efforts, Island is expecting to accelerate that work while also developing its first partner program, which should launch prior to 2024. “[Island] definitely had channel impact in year one, but we see an opportunity to ramp that up significantly,” Weatherford said.
At one of Island’s early partners, Trace3, initial use cases have included allowing businesses to provide secure application access to their contractors, as well as enabling secure usage of BYOD (bring your own device) as well. Trace3 is “super excited about where Island is going,” said Katherine Walther, vice president of innovation at Trace3.
Other uses for Island that could be significant include using the browser as an alternative to zero trust network access (ZTNA) and data loss prevention (DLP) solutions, according to Walther.
CEO: Amit Shaked
Laminar, a startup that offers a cloud-native data security platform, announced in April that it has added a number of new features for enhancing its data security posture management (DSPM) offering. The new capabilities add up to making the Laminar platform the “only pure-play DSPM that provides comprehensive enterprise-wide multi-user capabilities,” the startup said in a news release.
Key features that were added in the recent update included the introduction of the Laminar Executive Data Landscape Dashboard, which provides instant visibility into data risk and security gaps, along with “best-in-class” support for role-based access control (RBAC) ensuring that authorized users have controlled access to data policies and system administration.
Also in April, Laminar announced support for Google Cloud and Snowflake, making it “the first cloud-native data security platform to support all major cloud service providers and data warehouse environments,” the company said in a release.
CEO: J.J. Guy
Sevco Security, which offers a cloud-native platform for cybersecurity asset attack surface management (CAASM), announced in March that it has launched a new partner program for managed service providers and managed security service providers. The Sevco 5-Star Partner Program debuts with “more than 20” partners to start, and is aimed at making it easier for MSPs and MSSPs to utilize the company’s “real-time asset intelligence that helps customers identify and close previously unknown security gaps,” the company said in a news release. The program offers consumption-based pricing as well as dedicated support for partners, Sevco said.
Sevco has been launched and headed by executives who were formerly part of the founding teams at endpoint security pioneers Cylance and Carbon Black. The startup raised a $15 million Series A round of funding in mid-2021 led by Syn Ventures.
CEO: Ofer Smadari
Torq, a startup whose technology offers a no-code method for automating security operations, in April announced its new Torq Hyperautomation Platform that promises to automate “the most complex security infrastructures at dramatic scale,” the company said in a news release. The startup said that the new platform can bring automation to entire processes and workflows across all of an organization’s security efforts, Torq said.
Key capabilities include the ability to connect all apps and stacks across all infrastructure environments, including Slack, Zoom and Microsoft Teams; support for any command-line interface or programming language to enable “bring your own code”; and orchestration of containerized actions — supporting Docker, Kubernetes, AWS and Azure — to enable “bring your own container.”
Additionally, the Torq Hyperautomation Platform features generative AI capabilities by integrating OpenAI technology, via the ChatGPT API, the company told CRN. The platform can provide answers to questions from users as a way to accelerate resolution of security issues, through a chatbot interface in Slack, Teams, Discord and Zoom, according to Torq.