The 10 Hottest Cloud Security Startups Of 2021

The 10 hottest cloud security startups include companies finding cloud vulnerabilities and misconfigurations, monitoring managed and unmanaged datastores, and identifying overprivileged users and incorrectly assigned permissions.

The Next Frontier

Some of the security industry’s sharpest minds have over the past three years founded new companies to address everything from finding vulnerabilities and misconfigurations in the cloud to monitoring managed and unmanaged datastores to identifying overprivileged users and incorrectly assigned permissions.

CRN has identified 10 cloud security startups founded since 2019 with at least $4 million in outside funding that stood apart from the pack thanks to new funding, the launch of partner initiatives, or key product enhancements or updates. Five of the top startups are based in Israel, three are based in California, and the remaining two are headquartered in Texas and England.

These companies are solving security challenges such as automating data collection from multiple sources, getting visibility into all assets across siloed systems, and prioritizing and remediating the most critical security issues from build to runtime.

Here’s a look at how the 10 hottest cloud security startups have made their mark on the industry.

See the latest entry: The 10 Hottest Cloud Security Startup Companies Of 2022

Armo

CEO: Shauli Rozen

Armo was founded in 2019, and in January closed a $4.5 million seed funding round led by Pitango First to expand its go-to-market efforts and the commercial offering around its technology. The Tel Aviv, Israel-based company employs 26 people less than three years after its establishment, according to LinkedIn.

The company said it provides DevOps teams with a new approach to cloud-native workload and application deployment that infuses inherent security and visibility into applications, creating a virtual control plane that can be easily deployed in any cloud-native environment. Global enterprises have chosen Armo as their future security and visibility infrastructure, running in production environments.

Armo in October expanded its Kubescape open-source Kubernetes testing tool to leverage the MITRE framework, marking the first time teams can test Kubernetes against multiple frameworks in one single tool. The technology is designed to detect misconfigurations and software vulnerabilities at early stages of the CI/CD pipeline, and integrates natively with DevOps tools, including Jenkins, CircleCI and Github.

Cado Security

CEO: James Campbell

Cado Security was founded in 2020, and in April closed a $10 million Series A funding round led by Blossom Capital to accelerate the company’s growth through the expansion of key functions including engineering, customer support, and go-to-market operations. The London-based company employs 27 people just 19 months after its establishment, according to LinkedIn.

The company’s platform automates data collection from multiple sources, including cloud and containers, while also supporting traditional, on-premises systems to provide 100 percent of the data with no extra effort. Cado’s analytics engine correlates all systems, users, processes, and files so analysts can immediately visualize the scope of an organization’s IT environment.

Cado Security in August added memory acquisition, processing and analysis capabilities to its Cado Response platform to give security teams enhanced visibility and context to identify the root cause of incidents and respond to data breaches faster. The company partnered with SentinelOne in November to help security teams detect, investigate, and respond to incidents with unmatched speed.

Dasera

CEO: Ani Chaudhuri

Dasera was founded in 2019, and in May closed a $6 million seed funding round led by Sierra Ventures to expand its engineering and go-to-market teams as well as launch a SaaS offering. The Sunnyvale, Calif.-based company employs 28 people less than three years after its establishment, according to LinkedIn.

The company enables safe use of sensitive data by automatically securing the full lifecycle of cloud data stores. Initially developed at UC Berkeley, the Dasera platform enables compliance and security teams to find, flag and fix vulnerabilities for data misuse across the data lifecycle, thereby securing data between the areas of access control and data loss prevention (DLP).

Dasera’s platform automatically finds where sensitive cloud data is stored, analyzes permissions, detects data store misconfigurations, monitors data in use, and tracks data lineage. The company in July brought on Erin Swanson as VP Marketing, April Mitchell as head of engineering, and Deepti Hemwani as head of product to help Dasera dramatically accelerate its product development and market presence.

Laminar

CEO: Amit Shaked

Laminar was founded in 2020, and in November closed a $32 million Series A funding round led by Insight Partners to expand its engineering department, build-out its go-to-market team and establish a world-class data security research team. The Tel Aviv, Israel-based company employs 36 people, up 89 percent from just 19 employees a year ago, according to LinkedIn.

The company delivers agentless and asynchronous data security and leakage protection for everything organizations build and run in the cloud. Laminar provides continuous monitoring of both managed and unmanaged datastores, compute as well as data egress channels, allowing sanctioned data movements and alerting when something’s wrong.

Laminar’s cloud-native approach allows complete, autonomous data observability, including within shadow datastores. With Laminar’s technology, data protection teams can reduce the attack surface and detect real-time data leaks without any impact on performance or data flow.

Lightspin

CEO: Vladi Sandler

Lightspin was founded in 2020, and in June closed a $16 million Series A round led by Dell Technologies to fuel cross-function innovation and growth as the company plans to triple the size of its staff, while maintaining its commitment to gender balance across all departments. The Tel Aviv, Israel-based company employs 43 people, up 115 percent from 20 employees a year ago, according to LinkedIn.

The company has developed a context-based cloud security platform for cloud-native and Kubernetes environments. Lightspin’s platform provides a full contextual view of all cloud assets and relationships, maps the potential attack paths, and prioritizes and remediates the most critical security issues from build to runtime.

Lightspin empowers cloud and security teams to eliminate risks and maximize productivity by proactively and automatically detecting all security risks, smartly prioritizing the most critical issues, and easily fixing them. The company in November expanded its board to include top executives from Netflix, RedLock, CyberArk, and the New York Stock Exchange to advise on technology and business strategies.

Orca Security

CEO: Avi Shua

Orca Security was founded in 2019, and in March and October closed $210 million and $340 million Series C funding rounds, respectively, to dramatically expand its identity and access management capabilities and bolster its alerting around attacks already in progress. The Los Angeles-based company employs 245 people, up 199 percent from just 82 employees a year ago, according to LinkedIn.

The company is focused on having its product natively spot essential risks from vulnerabilities, misconfigurations, and exposed data as well as identify overprivileged users and incorrectly assigned permissions. Orca Security’s funding will also allow for investment in agentless, workload-deep, context-aware security and compliance for Google Cloud, Amazon Web Services and Microsoft Azure.

Orca Security plans to integrate post-breach detection capabilities earlier in the lifecycle in areas spanning from Kubernetes, data discovery and vulnerability management to identity and access management and cloud posture management. Orca’s platform displaces a lot of cloud security point products by giving customers a broader set of cloud capabilities and insights in a single location.

Oxeye

CEO: Dean Agron

Oxeye was founded in 2020, and the company in November closed a $5.3 million seed funding round led by MoreVC to complete product development, increase mindshare around the company’s novel approach, and expand sales, marketing and operations. The Tel Aviv, Israel-based company employs 17 people just 13 months after it was established, according to LinkedIn.

The company is looking to protect the world’s most popular web applications with next-generation cloud-native application security testing. Currently in Beta, the Oxeye security testing platform is built for AppSec, Dev, and DevOps teams, helping to shift security left while accelerating development cycles, reducing friction, and eliminating risks.

Oxeye’s offering overcomes the challenges imposed by the complex nature of modern architectures. This positions the technology to disrupt traditional application security testing (AST) approaches by offering a multi-layer, contextual, effortless and comprehensive platform designed to ensure that no vulnerable code ever reaches production.

Piiano

CEO: Gil Dabah

Piiano was founded in 2021, and the company in October closed a $9 million seed funding round led by YL Ventures to provide privacy engineering infrastructure for cloud-native applications. The Tel Aviv, Israel-based company employs 14 people just 10 months after it was established, according to LinkedIn.

The company enables security and privacy teams to monitor and gain data-driven insights into privacy artifacts from application code bases, thereby allowing developers to easily partition and isolate personally identifiable information (PII). Piiano’s code scanner will help security and privacy teams locate decentralized PII data and limit its drift.

The Piiano Vault, meanwhile, provides enterprises with the infrastructure to centralize and secure PII and other select sensitive data within their own environments. Deployed in the enterprise‘s virtual private cloud, the Piiano Vault enables developers to build privacy while empowering privacy and security personnel to manage data, track its access and enforce advanced policies.

Sevco Security

CEO: J.J. Guy

Sevco Security was founded in 2020, and the company in June closed a $15 million Series A funding round led by SYN Ventures to scale adoption of the industry’s first cloud-native security asset intelligence platform. The Austin-based company employs 31 people, up 121 percent from just 14 employees a year ago, according to LinkedIn.

The company delivers continuous converged visibility of all assets across siloed systems as well as the telemetry required to understand how assets change in a dynamic environment over time. With Sevco’s innovation, customers can make sense of the data they already have, making existing products more effective.

The Sevco platform does not require any installed agents, deployed scanners, or remote access to be enabled to an on-premises installation. The cloud-native platform integrates in seconds to existing tools via native-API to capture asset metadata, and Sevco captures inventory reported from all sources every hour.

Wiz

CEO: Assaf Rappaport

Wiz was founded in 2020, and the company received $130 million of funding in March, $120 million of funding in June, and $250 million of funding in October to extend its support beyond Amazon Web Services, Microsoft Azure and Google Cloud Platform. The Palo Alto, Calif.-based company employs 185 people, up 387 percent from just 38 employees a year ago, according to LinkedIn.

The company said its architecture facilitates scanning of the entire cloud environment across all compute types and cloud services for vulnerabilities, configuration, network, and security issues. Wiz said it offers a weighted view of risk that allows customers to assess vulnerabilities and misconfigurations based on severity, exposure, exploitability, blast radius and business impact.

Wiz said its push beyond the big public cloud providers will provide multinational or international customers with security for more localized cloud options. The company primarily wants to invest organically in its engineering and R&D organizations, but will consider buying companies with good teams, innovative technologies and market traction in areas like shift left security and remediation.