The 10 Coolest Security Startups Of 2014

Coolest Security Vendors Go Beyond Threat Detection

When Eugene Spafford, a noted computer security expert and professor of computer science at Purdue University, gave a keynote to hundreds of incident responders at a conference in Boston this summer, the security luminary said he was perplexed by the sheer number of emerging security vendors gaining attention in recent years. Their products were designed to detect so-called advanced threats, but they provided no mechanism to block or take action against them.

In this list of security startups, CRN pulled together vendors trying to not only provide innovative ways to detect threats, but also respond to attacks. At the very least, they give IT security teams the ability to block vulnerabilities and configuration issues or give incident responders enough information to quarantine an infected system, preventing a threat from growing out of control.


CEO: David Hindawi

Berkeley, Calif.-based security and systems management startup Tanium is being led by the former management of BigFix, the IT management platform acquired by IBM in 2010 for an estimated $400 million. The company’s platform is gaining attention for its ability to scale. It can collect information on hundreds of thousands of endpoint devices in seconds, even if they are not connected to the corporate network. For example, when the Heartbleed OpenSSL vulnerability was discovered, users of the Tanium platform could ask a simple query in English and the platform’s natural language parser determined in seconds all of the endpoint devices impacted by the vulnerability. Administrators can also take action, making network changes in seconds. It can deploy patches, stop system processes, and add and delete files and applications in real time or connect to other IT tools to address issues. David Hindawi, CEO and chairman of Tanium, works closely with his son Orion Hindawi, CTO of the company.


CEO: Mark Jaffe

Framingham, Mass.-based Prelert sells Anomaly Detective, providing automated behavioral analytics. It was designed to process terabytes of streaming data in record time to help security analysts spot suspicious activity or network administrators identify abnormal traffic issues. It initially captures a baseline of an organization’s logs and event streams and then begins correlating all the information to identify anomalous activity. It is a native application in Splunk and ties into Hadoop clusters and other big data stores.The company currently has about 110 customers and OEM relationships with Alert Logic and CA Technologies. Prelert secured $7.5 million in venture capital financing from Intel Capital and existing investors Fairhaven Capital and Sierra Ventures.


CEO: Rohit Gupta

Santa Clara, Calif.-based startup Palerra, formerly Apprity, monitors cloud infrastructure and SaaS services for security issues and other problems. Its LORIC platform first establishes a baseline of an organization’s cloud footprint and then uses log data and threat intelligence feeds to detect potential threats. Its automated response capabilities and predictive analytics are gaining the most attention. It supports Amazon, hosted Microsoft Exchange, Office 365, Box, GitHub and The company came out of stealth mode in November with the ability to monitor all users, detect unusual activity and provide configuration management and automated response. The company secured an $8 million Series A round of funding from Norwest Venture Partners and Wing Ventures.


CEO: Manoj Leelanivas

San Jose, Calif.-based Cyphort can detect malware that has been designed to evade file analysis in a virtual sandbox. The company's Advanced Threat Defense Platform is deployed off a network tap, a SPAN port or connected to a physical or virtual switch. The company is gaining momentum, recently striking partnership deals with Riverbed, A10 Networks and Bit9-Carbon Black. It received $15.5 million in Series B funding in late 2013. It supports Windows and OS X environments. It can automate response by generating policies for firewalls, security gateways and intrusion prevention system signatures.


CEO: Eran Barak

San Francisco-based startup Hexadite automates incident response by pulling data from security devices, including security information event management systems with information from other network and endpoint devices. The analysis is designed to cut down on false positives and can then be configured to automate response based on the alert. The company came out of stealth in July with the news that it had received an initial $2.5 million seed investment. Hexadite CEO Eran Barak touts the platform as an alternative to outsourcing an incident response program or bringing in consultants during a security incident.


CEO: Sachin Nayyar

Los Angeles-based security analytics and intelligence platform maker Securonix added real-time detection and response to the platform in August. The platform is deployed in-line for threat detection. In addition to providing threat intelligence to bolster security information event management systems, the company provides privilege account monitoring to remove rogue access privileges and monitor user activities to detect insider threats. At the core of the company’s platform is a behavioral snapshot it takes to get a baseline of the users, infrastructure and applications at an organization.


CEO: Mark Quinlivan

Waltham, Mass.-based Confer deploys host-based agents on Windows, Android and Mac-based systems and when it detects a threat, it can automate response by blocking a process or access to the network. The management console is SaaS-based. Instead of signatures, the company said it collects attacker techniques and procedures and monitors for the malicious behavior on systems. The company also enables users to share attack indicators with the broader user base using a standard threat sharing framework. Confer founder and chief technology officer Jeff Kraemer is a Cisco Systems veteran who was the lead architect for Cisco’s Security Agent, a host intrusion prevention product. The company said in January that it had secured $8 million in Series A funding.


CEO: Neal Creighton

Waltham, Mass.-based security startup CounterTack was on CRN’s list of ’coolest’ startups in July. The company’s Sentinel platform has a Cloudera Enterprise-based Hadoop cluster as its backbone and collects behavioral data from endpoint agents to examine file and process behaviors. The latest version of Sentinel, released in October, adds remediation capabilities, including the ability to automate threat containment. Sentinel has also been updated with management capabilities that are mapped to security operations centers and computer incident response team standard workflows. Responders have the ability to quarantine infected machines with a single click, the company said. In addition to Cloudera, the company’s technology partners include Amazon Web Services, IBM and McAfee. It also supports HP-Arcsight and RSA-enVision deployments.


CEO: Hugh Njemanze

Redwood City, Calif.-based security startup ThreatStream sells the SaaS-based Optic platform, which automates the process of correlating malware classification and threat actor attribution from hundreds of sources to provide more context into threats. The company provides a security intelligence feed that can be connected to an organization’s security information event management systems.ThreatStream said in December that it had raised $22 million in Series B funding led by General Catalyst Partners.


CEO: Tomer Weingarten

Mountain View, Calif.-based SentinelOne sells an endpoint detection and response platform that supports Windows, Macs and Android devices. The company recently added whitelisting and forensics capabilities to the platform’s core execution inspection technology. Endpoint agents track files and newly created processes, inspecting them for subtle changes that could signal an infection. When a threat is detected, it is blocked on the endpoint. The company’s automated forensics reports provide incident responders with information about an attack, including dwell time, the files impacted and network connections.