The 10 Top Cybersecurity Startups Of 2019 (So Far)
The 10 top cybersecurity startups include companies solving challenges around cloud, identity management, microsegmentation, emerging threats, and stopping internal network attacks that got by perimeter defenses.
On The Cutting Edge
A collection of emerging security firms is looking to make its mark on everything from cloud computing and identity management to microsegmentation and threat detection and response.
CRN has identified 10 cybersecurity startups founded since 2016 that stood out from the crowd so far this year thanks to new funding, the launch of partner initiatives, or key product enhancements or updates. Four of the top startups are headquartered in Israel, three are based in California, and three are located in the Northeastern United States.
These companies are solving security challenges such as cyber threats against rail networks, moving data from on-premise or offsite to the cloud, and stopping internal network attacks that have bypassed perimeter defenses. Here are the steps the 10 top cybersecurity startups have taken this year to make themselves indispensable to the channel.
CEO: Amir Levintal
Cylus was founded in 2017, and in June closed a $12 million Series A funding round led by Magma Venture Partners and Vertex Ventures to increase research and development efforts, grow its workforce, and accelerate activities in the European Union, United States, and Asia-Pacific.
The Tel Aviv, Israel-based company helps rail and metro companies avoid safety incidents and service disruptions caused by cyberattacks. The company's flagship CylusOne offering detects cyber threats in both trackside and onboard signaling and control networks, and facilitates a timely and effective response before any harm is done.
Cylus was selected last year to be part of Thales's cybersecurity program, allowing the company to work closely with Thales's ground transportation team around signaling technology.
CEO: Eyal Wachsman
Cymulate was founded in 2016, and in March closed a $7.5 million Series A funding round led by Vertex Ventures and Dell Technologies Capital to expand its operations in the United States, add key leadership positions, and invest further in its research team to enhance the functionality of its platform.
The Rishon LeZion, Israel-based company launched a new simulation in June that enables companies to simulate a full-scale APT attack on their network with a click of a button, challenging security control mechanisms through the entire cyber kill chain.
Cymulate offers a breach and attack simulation platform that empowers organizations with complex security environments to safeguard their business-critical assets. The company enjoyed triple-digit growth in 2018.
Co-Founders: Andrew Rinaldi and Rob Simopoulos
Defendify was founded in 2017, and in June closed a $1.6 million pre-seed funding round featuring participation from the Maine Technology Institute and 3dot6 Ventures to expand its core product and increase its acquisition of cybersecurity channel partners.
The Portland, Maine-based company changed its name in July 2018 from Launch Security to Defendify, and one month later launched a cybersecurity platform designed to help secure small businesses from existing and emerging threats. The platform includes a website for cybersecurity management, a dashboard with insights and reports, and a support system with resources and recommendations.
Defendify works with VARs, MSPs, MSSPs, consultants and integrators, providing them with sales and marketing training, co-branded marketing materials, the co-branded Defendify platform, and a dedicated Partner Success team.
CEO: Peter Smith
Edgewise Networks was founded in 2016, and in June closed an $11 million Series A round led by Accomplice and .406 Ventures to support research and development and go-to-market activities around the company's microsegmentation platform.
The Burlington, Mass.-based company in May received two new patents from the U.S. Patent and Trademark Office that cover key elements for automating microsegmentation to enable zero trust security for enterprises. This follows a December 2018 patent for policy enforcement technology, which enforces the symmetric verification of software fingerprints at both ends of a network communication.
A month later, Edgewise launched an offering to stop internal network attacks that have bypassed perimeter defenses. The platform reduces cyber risk by shrinking the network attack surface, boosting time-to-value, and enhancing operational efficiency for policy creation and management.
CEO: Ambuj Kumar
Fortanix was founded in 2016, and in January closed a $23 million Series B round led by Intel Capital to accelerate growth internationally and work with Intel to help enterprises securely move data from on-premise and offsite to the cloud.
The Mountain View, Calif.-based company in February announced beta availability of the IBM Cloud Data Shield for container workloads running on the IBM Cloud Kubernetes Service. Fortanix' encryption capabilities allow organizations to securely run data-centric workloads in the cloud such as blockchain, databases, AI/machine learning, and analytics.
A month later, Fortanix launched its Enclave Development Platform (EDP) to help developers leverage Rust's built-in functionality to create more secure applications for Intel Software Guard Extensions (SGX) enclaves. The integration between Fortanix EDP and Rust allows developers to immediately use new features such as non-lexical lifetimes while improving compile-time speeds.
CEO: Glenn Chisholm
Obsidian Security was founded in 2017, and in February closed a $20 million Series B round led by Wing Venture Capital to transform how enterprise identity is monitored and secured.
The Newport Beach, Calif.-based company's intelligent identity protection offering analyzes user activity, permissions and configuration data with advanced machine learning to enable better security and identity management. The platform provides complete visibility, smarter identity lifecycle management, and efficient incident response and forensics to help organizations protect their users and critical assets.
Two months later, Obsidian appointed data ethicist Laura Noren as VP of privacy and trust to protect data subjects’ privacy and advocate for fairness in statistical and machine learning models. Noren’s new role at Obsidian is a proactive privacy and data ethics position integrated into the data science and engineering teams, which the company said is a first in the cybersecurity industry.
CEO: Avi Shua
Orca Security was founded in 2019, and in June closed a $6.5 million seed round led by YL Ventures to provide organizations with seamless visibility into their cloud infrastructure footprint.
The Tel Aviv, Israel-based company was founded by former Check Point executives Avi Shua and Gil Geron to deliver full stack IaaS and PaaS cloud security visibility. Orca said its patent-pending SideScanning technology can be deployed instantaneously without the impact and complexity of per asset agents.
Orca's technology automatically assesses the security state of every discovered asset throughout the entire technology stack, including the cloud control plane, operating system, applications and business data. The platform can delivers complete visibility into issues such as compromised resources, vulnerable software, and misconfigurations.
CEO: Brendan Hannigan
Sonrai Security was founded in 2017, and in January closed a $18.5 million Series A round led by Polaris Partners and TenEleven Ventures to deliver unparalleled data and identity control across all cloud accounts and within any data store.
The New York-based company provides a common interface with deep granularity and extensibility for both SecOps and DevOps teams, enabling both comprehensive data security and confident compliance. By focusing on data and users, Sonrai offers the ability to assess and reduce risk, comprehensively monitor usage and movement, and enforce accountability on the most critical assets.
Sonrai Co-Founder Hannigan was previously general manager of IBM Security, which he helped establish and grow to become a $2 billion division. Hannigan joined IBM following its 2011 acquisition of security intelligence and analytics company Q1 Labs, where he had served as CEO.
CEO: Vishal Jain
Valtix was founded in 2018, and in June closed a $14 million Series A round led by Trinity Ventures, Vertex Ventures and Wing Venture Capital to remove the security barrier for enterprise cloud adoption by making inline network security simple and automatic.
The Santa Clara, Calif.-based company said its offering runs as a cloud native service, targets the pain of security management, and accelerates security agility. The platform automatically discovers new applications that run in the cloud and automatically follows these applications to ensure the right inline security rules and protections are applied.
Valtix possesses all the attributes of a cloud-native platform such as automated app discovery, elastic scaling, native multi-cloud support, automatic adaptation, and pay-as-you-go pricing. It is comprised of the Valtix Cloud Controller and Valtix Cloud Firewall and attempts to make visibility and enforcement automatic at the pace of the applications they protect.
CEO: Netanel Davidi
Vdoo was founded in 2017, and in April closed a $32 million Series B round led by WRV Capital and GGV Capital to increase market adoption of its IoT security platform while also expanding its technical capabilities.
The Tel Aviv, Israel-based company said the proceeds will be used to deliver comprehensive automated analysis capabilities - including zero-day vulnerabilities detection - that enable device vendors to implement unprecedented security levels at scale. The round will fuel the expansion of a rapidly growing partner and distribution network, which already includes NTT, Macnica, DNP and Fujisoft in Japan.
Vdoo in January debuted its Embedded Runtime Agent (ERA), which is automatically tailored for each device based on an analysis of its firmware binary. The Vdoo agent is focused on the device’s threat landscape and resources, while avoiding any significant performance or functionality impact to the device.