The 20 Coolest Risk, Threat Intelligence And Security Operations Companies Of 2023: The Security 100
From vendors that provide cloud-native SIEM to those offering threat intelligence to stay ahead of the hackers, here’s a look at 20 top security operations, risk and threat intelligence companies.
A number of vendors now have products better equipped to meet the needs of any security teams struggling with traditional security information and event management (SIEM) tools. From vendors that provide cloud-native SIEM to those offering threat intelligence to stay ahead of the hackers, we’ve assembled 20 of the companies in the space that are making big moves with the help of partners.
When it comes to SIEM, Gartner’s 2022 Magic Quadrant includes Exabeam, IBM, Microsoft, Securonix and Splunk in the Leaders quadrant. Other companies landing on the latest Magic Quadrant for SIEM, which was released in October, include Devo, Fortinet, LogRhythm and Rapid7 in the Challengers quadrant, as well as Elastic, Gurucul, Micro Focus and Sumo Logic in the Visionaries quadrant.
Other vendors in the security operations space include Arctic Wolf, which last month unveiled a new offering that will allow partners to more easily supply their customers with rapid cyber incident response services. The Arctic Wolf Incident Response JumpStart Retainer features benefits such as a guarantee that cyber incidents will receive a response within one hour, backed by a service-level agreement. This response time guarantee is enabled in part by the fact that the rates for the service have already been prenegotiated with insurance companies, which expedites a part of the process that can often be drawn out, according to Jay Pasteris, CIO and CISO at Kittery, Maine-based GreenPages, No. 169 on the 2022 CRN Solution Provider 500.
In the area of threat intelligence, Google Cloud has become a leading provider through its acquisition of Mandiant last year, while Recorded Future, which recently disclosed surpassing $250 million in annual recurring revenue, is among the other major players. And in terms of risk management, major providers include BitSight, BlueVoyant and KnowBe4.
What follows are the 20 security operations, risk and threat intelligence companies that made our Security 100 for 2023.
Arctic Wolf’s security operations platform has essential capabilities such as 24/7 monitoring and threat detection, as well as response and recovery in the event of an attack. In addition to this managed detection and response offering, Arctic Wolf provides digital risk management and managed security awareness.
With a wide range of offerings for cyber asset attack surface management and SaaS management, Axonius integrates with hundreds of data sources with the aim of providing a comprehensive asset inventory, uncovering gaps and automatically validating and enforcing policies.
Recent updates to Bitsight’s third-party risk management platform have included the introduction of additional insight for uncovering and prioritizing vulnerabilities and exposures among third-party vendors. BitSight also said that its fourth-party risk management product now provides increased supply chain risk visibility.
BlueVoyant provides cyber-risk management across internal security with its managed detection and response offering and across external vendors. For external cyber-risk management, BlueVoyant has a unique supply chain defense product that aims to ensure issues are remedied by third-party vendors on behalf of BlueVoyant customers.
With a focus on cyber investigation and automation, Cado Security delivers a digital forensics offering that is cloud-native, making it uniquely designed for cloud environments. Last summer, the startup unveiled cross-cloud support to help streamline cloud investigations.
Marc van Zadelhoff
As security is being recognized as a data analytics problem, Devo offers a cloud-native alternative to on-premises security information and event management systems that many security teams depend upon. Devo’s technology promises to enable the use of a greater amount of security data at a substantially reduced cost.
With its New-Scale security information and event management offering, Exabeam brings together “cloud-scale” security log management with behavioral analytics and automation-driven cyber investigations. It is built on top of the cloud-native Exabeam Security Operations Platform.
With its Chronicles Security Operations platform, Google Cloud brings together security analytics from its earlier Chronicle offering with automated response and remediation for security issues. Google Cloud is further enhancing Chronicle Security Operations with threat intelligence from its acquisition of Mandiant.
Recent moves by IBM Security have included the acquisition of Randori, which brings attack surface management capabilities and offensive cybersecurity services into the IBM portfolio. Security teams can use insight from Randori fed into IBM Security QRadar extended detection and response for real-time attack surface visibility.
A foremost vendor in the area of security awareness training products, KnowBe4’s flagship offering, Kevin Mitnick Security Awareness Training, focuses on enabling organizations to assess their social engineering risks while providing security awareness training to mitigate these risks.
Cloud security startup Lightspin delivers context-driven security platform for cloud-native and Kubernetes environments. The company recently launched a free tier for its Cloud Native Application Protection Platform (CNAPP), which aims to quickly prioritize and remediate cloud security threats.
Rapid7 introduced improved cloud detection and response, used to natively identify serious cloud threats with greater accuracy. The company also recently rolled out enhanced vulnerability assessment, which offers continuous visibility into vulnerabilities and is easier to deploy thanks to it being an agentless technology.
As a threat intelligence powerhouse, Record Future’s Intelligence Cloud brings together continuous data collection with comprehensive graph analysis and analysis from the company’s research team. The platform aims to give “the most complete coverage of intelligence” about malicious adversaries.
Securonix unveiled a new product it said is the industry’s first to integrate security information and event management, security orchestration, automation and response, and investigation capabilities. Dubbed Securonix Investigate, it aims to rapidly accelerate threat identification and response by security teams.
ServiceNow’s security orchestration, automation and response platform covers a lot of bases, including incident and vulnerability response. Key capabilities include AI-driven “smart“ workflows for faster response times and integrations with tools from Palo Alto Networks, CrowdStrike, Microsoft and Zscaler.
Security updates in Splunk Enterprise 9.0 include the expansion of Federated Search functionality to enhance and simplify security investigation and the introduction of Splunk Assist, a fully managed cloud service within the platform that can provide insight about a customer’s security environment.
Sumo Logic recently launched support for Amazon Security Lake, which will enable the company to ingest data from the AWS security data lake and ultimately provide customers with improved detection, investigation and response across their AWS, hybrid and on-premises environments.
In October, Tenable unveiled its exposure management platform, Tenable One, which aims to dramatically accelerate the identification and remediation of security vulnerabilities. The platform brings together vulnerability management with external attack surface management, identity management and cloud security data.
Securing the use of machine identities is considered critical in the age of their rapid growth. Venafi recently introduced Venafi Control Plane for Machine Identities, which enables better management and reduced security risk across cloud, on-premises, hybrid and edge environments.
ZeroFox leverages AI-powered analytics and a variety of data sources to identify and shut down major cyberthreats that originate externally—outside the typical security perimeter— such as targeted phishing and brand hijacking. The company’s technology works in part by analyzing millions of online posts and messages daily.