The 10 Coolest Security Startups Of 2016 (So Far)

Standing Out In Security

Despite a slowdown in venture capital funding and IPOs in the area, security remained one of the hottest – if not the hottest - technology areas in the first half of 2016. So far this year, startups have gained significant traction and recognition for their technology that looks to solve security challenges around orchestration, threat detection, the Internet of Things, risk scoring and network security. Even better news? Many of these companies are investing heavily in partners, or even adopting a 100 percent channel go-to-market model. As we head into the second half of the year, take a look at 10 of the coolest startups from the year so far.

For more on the "coolest" of 2016, check out "CRN's Tech Midyear In Review."


CEO: Oliver Friedrichs

Winner of this year's prestigious RSA Conference Innovation Sandbox competition, Phantom offers a security orchestration and automation solution that aims to help enterprises close the gap between a rising tide of threats and a shortage of security staff. The Palo Alto, Calif.-based company's platform achieves that by allowing companies to orchestrate a range of security actions from prevention to response, automate simple tasks to free up resources, and consolidate third-party capabilities into a single platform for greater control. In addition to winning the Innovation Sandbox competition, Phantom landed $6.5 million in Series A funding in September and a strategic investment and technology development agreement from In-Q-Tel in April.

Bastille Networks

CEO: Chris Risley

Bastille touts itself as the first cybersecurity company to detect and mitigate threats from the Internet of Things in the enterprise. The Atlanta-based startup's technology uses sensors and software to scan an enterprise's environment, identifying and providing visibility into every connected device on premise using airborne emission detection. The company has landed a significant amount of recognition for its technology, including being named a finalist in the RSA Conference's Innovation Sandbox competition and a Gartner 2016 ’Cool Vendor,’ as well as landing $9 million in venture capital funding in August.


CEO: Aleksandr Yampolskiy

SecurityScorecard does what its name implies – it provides a platform for an organization to determine the security risk score for its own business and that of its vendor partners. The risk score is based on monitoring of application security, malware, patching, network security, hacker chatter, social engineering and passwords. The New York-based startup has garnered some big-name investors in its technology in recent months, namely adding $20 million in Series B funding in June from Google Ventures to fuel scale and innovation.

Cato Networks

CEO: Shlomo Kramer

Cato Networks launched into the market in February with a Network Security-as-a-Service platform that it says will shake up the perception that security has to be complicated – and provide significant opportunity to its channel partners. The company's Cato Cloud platform uses the cloud to consolidate WAN and Internet traffic and layer enterprise-grade security solutions -- such as a next-generation firewall -- on top. The solution has two primary parts, according to the company: the Cato Cloud Network, which consolidates and encrypts all enterprise network elements using a global network of Points of Presence, and the Cato Network Security Services, which then adds enterprise-grade security solutions on top of the network. The Tel Aviv-based startup was founded last year by Shlomo Kramer -- a respected security investor who also co-founded big-name security vendors Check Point Software Technologies and Imperva -- and Gur Shatz. It landed $20 million in Series A funding in October before officially launching this year with a 100 percent channel go-to-market model.


CEO: Guy Bejerano

How safe is your company from a breach? That's the question every CISO has but few have the answer to -- and one SafeBreach looks to fix. The Menlo Park, Calif.-based startup was founded in 2014 and officially launched in the market this January with a platform to quantify an organization's risk and launch simulated attacks to challenge security controls and pinpoint weak spots in the environment. Similar in principle to penetration testing, SafeBreach differentiates itself by providing continuous, rather than static, visibility into weaknesses, providing actionable insights and visibility across the cloud, endpoint and network. In doing that, SafeBreach aims to arm CISOs with actionable data on where they should place investments to better defend their environments.


CEO: Casey Ellis

Crowdsource application security testing company Bugcrowd continued to gain momentum in 2016, landing $15 million in Series B funding in April and seeing increased traction for the solution in large enterprises, with companies larger than 5,000 employees accounting for 44 percent of those launching bug bounty programs. The San Francisco-based company's Crowdcontrol solution brings together a ’crowd’ of independent cybersecurity researchers that companies can leverage to test their application security, rather than using a single security researcher or scanner, and a platform to manage the tests and payouts to researchers.


CEO: Scott Chasin

ProtectWise, based in Denver, offers a network security solution that leverages the cloud for better visibility, detection and response capabilities. The ProtectWise Time Machine continuously scans a company's network for signs of a breach using adaptive network capture capabilities and sensors deployed throughout the network, creating an unlimited and searchable forensic recording model that it says is key in remediation. The company is 100 percent focused on the channel and has been building out its partner program in a big way in recent months, unveiling its first round of top-tier partners in June.

Illusive Networks

CEO: Shlomo Touboul

Illusive Networks, based in both Tel Aviv and New York, is breaking its way into the emerging market for deception technologies with its Deception Everywhere solution. The solution is based on the premise that attackers will inevitably get inside the perimeter and uses an agentless approach to "turn the tables on attackers" by installing decoy data onto laptops, desktops, servers, data centers and more to root out attackers already in the environment. The company was founded by Check Point veteran Ofer Israeli and has gained significant recognition since launching from stealth last June, including landing $22 million in Series B funding in October and being named a finalist to the RSA Conference's Innovation Sandbox competition. Illusive Networks also named its first channel chief in January, appointing former Palo Alto Networks and Extreme Networks executive Tracy Pallas to the role.


CEO: Saryu Nayyar

Gurucul is planting a stake in the growing market for security risk and user behavior analytics. The Los Angeles-based company -- tying together key factors such as what information a user has access to, what privileges he or she has and what information he or she should have access to -- uses machine learning to provide risk and behavioral analytics to pinpoint and prioritize threats, and provide context behind user behavior in an organization. This year, Gurucul dove headfirst into the channel, launching its inaugural partner program and naming its first channel chief in June.


CEO: Gil Friedrich

Avanan launched from stealth at the end of last year, with an aim to tap into the growing opportunity for Cloud Access Security Brokers, a market that is expected to reach $7.51 billion by 2020, up from $3.34 billion in 2015, according to research firm Markets and Markets. Founded by four former ForeScout execs, the New York-based startup looks to bridge the gap between cloud applications and best-of-breed security vendors, including Palo Alto Networks, Check Point, Symantec and more. Under a single platform, MSPs, enterprises and smaller businesses can deploy data security, malware scanning, anti-virus, encryption, anomaly detection, data sanitization, endpoint compliance and more, as well as manage and enforce polices.