2018 Security 100: 20 Coolest Web, Email And Application Security Vendors

Avoiding Application Pitfalls

An increase in security breaches targeting business applications has prompted organizations across the world to deploy offerings that safeguard their web and mobile applications.

Government regulations, increased usage of third-party applications, and the need to protect enterprise applications and data from sophisticated attacks have all driven this market. And demand for more security is only going to continue growing since the application layer is the prime target for hackers looking to gain access to sensitive information, according to research firm MarketsandMarkets.

The global application security market is expected to hit $9 billion by 2022, MarketsandMarkets projects, with North America leading the way due to its fast adoption of cutting-edge technology, the presence of major industry vendors, and strict government and industry regulations around the deployment of IT tools for business processes.

Here's a look at 20 vendors that have changed the game around web, email and application security.

Alert Logic

Gray Hall, Chairman, CEO

Headquarters: Houston

Alert Logic in June received a $70 million syndicated credit facility from Square 1 Bank, with the proceeds to be used for working capital and various internal growth initiatives. Five months later, the company launched Alert Logic Cloud Insight Essentials, which identities AWS configurations that don’t meet security best practices and suggests actions for responding to attacks targeting AWS workloads.

Arxan Technologies

Joe Sander, CEO

Headquarters: San Francisco

Arxan subsidiary Apperian unveiled updates that take advantage of native device capabilities, industry protocols and password controls to allow for seamless distribution of secure mobile apps. The company also snagged former Proofpoint executive Dennis Reno to oversee the customer success organization, which includes professional services, technical support, account management and technical training.

Barracuda Networks

BJ Jenkins, President, CEO

Headquarters: Campbell, Calif.

Barracuda was acquired by private equity firm Thoma Bravo for $1.6 billion due to the company's ability to bring comprehensive offerings to customers in an increasingly hostile and complex threat environment. The company also in recent months bought public cloud information archiving and analytics firm Sonian, as well as social engineering simulation and training platform player PhishLine.


Emmanuel Benzaquen, CEO

Headquarters: Ramat Gan, Israel

Checkmarx in July unveiled its acquisition of Codebashing, an application security education company built by developers that uses gamification to train other developers. One month later, the company released an interactive application security testing platform that enables dynamic and continuous testing in real time with zero scan time, outstanding accuracy and seamless implementation.


Lior Samuelson, Chairman, CEO

Headquarters: McLean, Va.

Private equity firm Warburg Pincus invested $62 million in December for a 52 percent stake in publicly traded Cyren. The company renewed and increased several contracts for its threat intelligence services, which leverages its email security, web security and cyber intelligence services. Cyren also added some new distribution and reseller partners for its U.S. Enterprise business.

Cyxtera Technologies

Manuel Medina, Chairman, CEO

Headquarters: Coral Gables, Fla.

Cyxtera Technologies launched a new partner program in September to meet the demand of co-location partners looking to get into the security market by providing more co-marketing opportunities and sales enablement. Four months later, the company expanded beyond its defensive capabilities through its agreement to buy offense-oriented systems vulnerability research firm Immunity.

Distil Networks

Tiffany Olson Jones, CEO

Headquarters: San Francisco

Distil Networks in May acquired Are You A Human, which specializes in analyzing and understanding how real humans interact with the internet. Two months later, the company unveiled an offering that prevents bots from accessing the API servers that power public-facing websites and mobile applications. Distil also selected former FireEye executive Tiffany Olson Jones to be its next CEO.

F5 Networks

Francois Locoh-Donou, President, CEO, Director

Headquarters: Seattle

F5's integrated security suite, backed by around-the-clock access to security experts, protects users against the constantly evolving threats leveled at their apps. The company provides visibility into hidden threats and offer the controls needed to manage access and reduce the risks of app attacks while supporting security for any infrastructure ranging from traditional data centers to cloud environments.


Mark Pierpoint, SVP, President, Ixia Solutions Group

Headquarters: Calabasas, Calif.

Ixia unveiled an offering that safely models data breaches and threat vectors to deliver quantifiable evidence and immediate insight into the effectiveness of cloud-based data and application security. The company also released a market data monitoring platform that delivers market feed health monitoring and advanced network visibility with preprogrammed support for hundreds of trading venues.

Menlo Security

Amir Ben-Efraim, Co-Founder, CEO

Headquarters: Palo Alto, Calif.

Menlo Security in December closed a $40 million round in Series C funding, which the company plans to use to expand sales and marketing around its Security Isolation Platform. The company also updated its Security Isolation Platform to bring in capabilities around email threat protection, with a particular focus on stopping threats related to malicious links and attachments, as well as preventing credential theft.


Peter Bauer, CEO

Headquarters: Lexington, Mass.

Mimecast in August said it was working to move all of its SMB business through the channel and preparing to launch a bigger partner program that included a shift toward two-tier distribution. Two months later, the company launched an all-in-one cloud service that integrates a secure data repository, built-in data recovery, storage management, e-discovery and compliance capabilities.


Safra Catz, Mark Hurd, Co-CEOs

Headquarters: Redwood Shores, Calif.

Oracle in December expanded its security portfolio to include new capabilities that help enterprises manage and certify user identities, applications, and confidential data more securely and through a richer, consumer-like user experience. Two months later, the company moved to boost the application and network protection around its cloud services by agreeing to purchase security startup Zenedge.


Gary Steele, CEO

Headquarters: Sunnyvale, Calif.

Proofpoint in November agreed to buy browser isolation offerings vendor Weblife.io for $60 million to extend its advanced threat protection capabilities into personal email. Three months later, the company unveiled plans to provide the industry's first integration of market-leading protection and awareness offerings through its $225 million purchase of phishing simulation provider Wombat Security Technologies.


Philippe Courtot, Chairman, CEO

Headquarters: Foster City, Calif.

Qualys unveiled an app framework that delivers visibility and insight to customers about the security and compliance posture of their complete public cloud infrastructure for major providers including AWS, Microsoft Azure and Google Cloud. The company also agreed to purchase the assets of NetWatcher to expand its reach into the real-time threat intelligence market and bolster its relationship with MSSPs.


Corey Thomas, President, CEO

Headquarters: Boston

Rapid7 in May launched a partner program that adds free virtual technical training and certifications, interactive reporting and analytics, and a user community that connects partner engineers with Rapid7 engineers. Two months later, the company bought security automation and orchestration firm Komand to help customers reduce time to resolution, maximize resources, and overcome ecosystem complexity.


Jeff Kukowski, CEO

Headquarters: Irvine, Calif.

SecureAuth in June unveiled identity protection and detection for Office 365 that uses techniques like geographic location analysis, device recognition, IP-address-based threat services, and phone fraud prevention. Three months later, the company merged with Core Security, forming a 360-employee organization with strength in both security operations as well as identity and access management.

Trend Micro

Eva Chen, CEO

Headquarters: Tokyo

Trend Micro in June launched a $100 million venture fund to nurture a portfolio of startups that are developing ideas in hyper-growth markets such as IoT. Five months later, the company acquired Immunio to facilitate early detection and protection against application vulnerabilities, as well as container image scanning that allows for the publishing and protection of secure container images.

Trustwave Holdings

Robert McCullen, President, CEO

Headquarters: Chicago

Trustwave in November enhanced its channel program to include a new online learning system and streamlined partner portal that help solution providers more effectively offer customers managed security services. Three months later, the company unveiled a service that can help thwart an attacker's activities by detecting security threats sooner and shutting them down before extensive damage occurs.


Timothy Eades, CEO

Headquarters: Mountain View, Calif.

vArmour in April appointed former U.S. Homeland Security Secretary Michael Chertoff to its advisory board to support the company's global expansion efforts and concentrated focus on large government and private sector organizations. Four months later, the company unveiled 12 additions to its growing patent portfolio focused on policy and automation as services to secure the data center.


Pat Gelsinger, CEO

Headquarters: Palo Alto, Calif.

VMware unveiled an offering that leverages virtual infrastructure to monitor running applications against their predetermined state so it can detect and automate a response to attacks that aim to manipulate those applications. The company debuted a digital workspace platform that fuses AirWatch endpoint management technology with end-user identity to deliver a simple experience with enterprise-class security.