The 20 Coolest Cloud Security Companies Of The 2022 Cloud 100
Here’s a look at 20 cloud security vendors that have taken on today’s wide-ranging management, segmentation, compliance and governance challenges.
An Emerging Threat Vector
An increased number of cyberattacks on cloud infrastructure coupled with stricter regulations and compliance rules around cloud services adoption has driven more cloud security spending. Large enterprises are leading the way and have aggressively adopted technologies that safeguard cloud and Internet of Things (IoT)-based applications, which are highly susceptible to cyberattacks.
Businesses with more than 1,000 employees also face the most pronounced threat from targeted attacks that have the potential to disrupt their IT services. From a geographic perspective, North America is expected to lead the way when it comes to cloud security adoption thanks to the region’s significant investments in research and development and continuous development of new technologies.
The global cloud security market is expected to achieve a compound annual growth rate of 14.7 percent over the next half-decade, going from $34.5 billion in 2020 to $68.5 billion in 2025, MarketsandMarkets projects. As part of CRN’s annual Cloud 100 list, here’s a look at 20 cloud security vendors that have taken on management, segmentation, compliance, and governance challenges in the space.
Aqua Security in March raised $135 million on a $1 billion valuation to improve its product, acquire additional customers and educate the market about cloud-native security. The company in December purchased startup Argon to thwart third-party threats to the development environment and ensure the software supply chain is secure.
Check Point Software Technologies
Check Point in February rolled out CloudGuard Application Security to secure cloud-native applications against known and zero-day attacks via contextual AI technology. Then in June, Check Point CloudGuard Workload Protection debuted to automate security across applications, APIs and microservices from development to runtime.
Founder, Chairman, CEO
Fortinet in February debuted FortiOS 7.0 to deliver consistent security for all networks, endpoints, and clouds via SASE and zero-trust network access. A month later, the company purchased cloud and network security startup ShieldX for $10.8 million to give customers a more comprehensive view of end users, workstations and OT devices.
Co-Founder, CEO, CTO
iboss in May introduced a license package that allows organizations to turn on an unlimited number of core platform features on the company’s SASE Cloud Platform. The company in August debuted features that expand the Cloud Access Security Broker functionality, security and data leakage protection abilities available on the iboss platform.
Illumio in June raised $225 million on a $2.75 billion valuation and plans to invest in programming for systems integrators and MSSPs. The company in October debuted Illumio CloudSecure to help organizations build dynamic cloud workload policies using native controls in their public, hybrid and multi-cloud environments.
Imperva in April introduced a data-centric security platform to protect organizations’ diverse database environments and simplify the security and compliance of cloud data. A month later, the company bought CloudVector to help customers discover, monitor, and protect all API traffic in any environment.
David Hatfield, Jay Parikh
Lacework in November acquired scalable cloud infrastructure management vendor Soluble to help organizations integrate security practices into their software delivery workflows. That same month, the company raised $1.3 billion on an $8.3 billion valuation to carry out acquisitions and work more efficiently with partners.
Netskope Cloud Exchange enables cloud-based data and intelligence sharing across security and IT operations teams to help them be more effective. New or enhanced integration modules will help customers export logs, automate service tickets, share indicators of compromise and exchange risk scores.
Orca Security provides agent-less security and compliance for AWS, Microsoft Azure and Google Cloud Platform. In October it raised $340 million on a $1.8 billion valuation to integrate post-breach detection capabilities earlier in the life cycle and boost the number of partners it will work with over the next year.
Palo Alto Networks
Palo Alto Networks bought Bridgecrew for $156 million to allow developers to enforce infrastructure security standards throughout the application development life cycle. Once the offering is integrated into Prisma Cloud, developers will be able to spot problems in their development environment without having to use CI/CD tools.
Proofpoint in June enhanced its Information Protection and Cloud Security Platform to provide data loss prevention, insider threat management, cloud app security broker, zero-trust network access and web security. The company also partnered with Microsoft to implement data security and compliance for users collaborating in Teams.
Qualys in August bought cloud workflow management and no-code automation platform TotalCloud for $1.2 million to let customers build user-defined workflows for custom policies. In November it added Infrastructure as Code scanning to its CloudView app to detect and remediate misconfigurations earlier in the development cycle.
Board Member, CEO
Saviynt’s platform centralizes controls and risk management for every human and machine identity across an organization, while advanced analytics contextualize risk and automate remediation. The company raised $130 million in September to fund investments in zero-trust architecture as well as analytics enhancements.
Sophos in July bought Capsule8 to boost runtime visibility, detection and response for Linux production servers and containers covering on-premises and cloud workloads. That same month, it purchased Braintrace to collect third-party event data from firewalls, proxies and VPNs, significantly improving its threat detection and threat hunting expertise.
Sysdig leverages open-source technology to drive developer adoption and ensure security teams are comfortable as projects are embedded into the DevOps life cycle. The company in April raised $188 million on a $1.19 billion valuation to strengthen its container and cloud security product lines.
Trellix, formerly known as FireEye McAfee Enterprise, introduced MVision Private Access in August to enable granular zero-trust access to private applications hosted in public or hybrid cloud environments from any location or device. It offers integrated data loss prevention and threat protection capabilities for securing access and data collaboration.
Trend Micro partnered with Snyk in May to provide continuous insight into open-source vulnerabilities for enhanced risk management and improved data-driven decisions. Two months later, the company began working with Microsoft to develop a cloud-based cybersecurity offering on Azure.
vArmour in June joined the Microsoft Intelligent Security Association to provide unprecedented visibility and control over user access to critical applications, solving difficult challenges such as revealing inappropriate or toxic combinations of access or discovering an incident’s blast radius.
Wiz in October raised $250 million on a $6 billion valuation to extend its support beyond Amazon Web Services, Microsoft Azure and Google Cloud Platform. The push beyond the big public cloud providers will provide multinational or international customers with security for more localized cloud options.
Founder, Chairman, CEO
Zscaler Workload Communications shrinks attack surfaces, prevents lateral threat movement and stops data loss by extending security to apps and workloads hosted in public clouds. It boosts multi-cloud workload connectivity by eschewing traditional IP-based routing and VPNs between cloud environments.