The 20 Coolest Risk, Threat Intelligence And SIEM Companies Of 2021: The Security 100

From protecting assets and quantifying risk to automating security operations to maximizing existing security investments, here’s a look at everything the 20 coolest risk, threat intelligence and SIEM companies have accomplished over the past year.

The Brains Of The Operation

The need for continuous monitoring and incident response, adhering to compliance requirements, gaining and maintaining certifications and managing and retaining logs are driving demand for Security Information and Event Management (SIEM). The next-generation SIEM offerings can facilitate security analytics with statistical modeling, pattern modeling and machine learning.

SIEM tools can help companies manipulate data and guide decisions for event detection and are also used to identify potential breaches and dwelling threats from disparate network areas. Some of the drivers for security analytics include automation for error detection and remediation, adherence to stringent compliance mandates, holistic visibility, log collection and management, and reduced false positives.

[RELATED: The 2021 Security 100]

The SIEM market is expected to grow at a compound annual growth rate of 5.5 percent over the next half-decade, going from $4.2 billion in 2020 to $5.5 billion in 2025, according to MarketsandMarkets. North America is the most highly regulated area in the world with many regulations across various verticals, and companies are quite advanced when it comes to deploying SIEM offerings and best practices.

From protecting assets and quantifying risk to automating security operations to maximizing existing security investments, here’s a look at everything the 20 coolest risk, threat intelligence and SIEM companies have accomplished over the past year.

AT&T Cybersecurity
John Stankey

AT&T in July debuted a globally available managed SD-WAN service that’s integrated with Cisco to provide threat protection that’s consistently maintained across branch offices and clouds without compromising performance. Integrated security features include an application-aware enterprise firewall, intrusion prevention, URL filtering and advanced malware protection, according to AT&T.

Steve Harvey

BitSight Work From Home-Remote Office debuted in April to help customers discover security concerns evident on remote offices and networks, reducing the risk of compromise for their networks and data. The company updated BitSight for Third-Party Risk Management in June to deliver operational guidance, intelligent recommendations and risk prioritization to enable more effective cyber-risk management.

Jim Rosenthal
Co-Founder, CEO

BlueVoyant in September launched its Cyber Risk Management service to actively manage third-party cybersecurity on behalf of customers to an agreed risk tolerance, accommodating existing customer risk methodologies. The next month, the company acquired Managed Sentinel, a leader in deployment and management for Microsoft’s cloud-native SIEM and Extended Detection and Response (XDR) platform.

Marc van Zadelhoff

Devo Security Operations combines critical security capabilities together with auto enrichment, threat intelligence community collaboration, a central evidence locker and a streamlined analyst workflow. Devo in September welcomed former LogMeIn chief operating officer and the co-founder and former leader of IBM’s $2 billion security business unit, Marc van Zadelhoff, as the company’s new CEO.

Nir Polak
Co-Founder, CEO

Exabeam said in August that customers can license its technology for use cases like expedited insider threat and compromised credential detection to increase threat visibility. The Security Management Platform was enhanced in October to help customers detect improper access of cloud storage objects and defend against threats to cloud-based data, such as exfiltrating sensitive data or hosting malicious files.

Kevin Mandia
Board Director, CEO

The FireEye Mandiant Threat Intelligence Suite gives organizations visibility and actionable insights to improve their protection of assets, enhance the effectiveness of security programs and inform business risk assessments. Mandiant Advantage: Threat Intelligence debuted in October to give global security teams controls-agnostic, actionable breach, adversary, operational and machine intelligence data.

Kyle Hanslovan
Founder, CEO

The Huntress Security Platform debuted in June to expand detection, response and recovery beyond attacker persistence through services that provide visibility around pressing security challenges. Seven months later, the company acquired technology from Level Effect to brings malicious network traffic detection and expanded forensic capabilities to the company’s platform regardless of endpoint location.

Arvind Krishna

IBM in June bought Spanugo to demonstrate cybersecurity compliance in real time when a customer is audited and deliver improvements and adaptation to reduce the likelihood of a successful attack. The company debuted Risk Quantification Services in September to create risk assessments to help customers identify, prioritize and quantify security risk around deploying new technologies and changing processes.

Stu Sjouwerman
Founder, CEO

KnowBe4 debuted PhishRIP in April, which looks at user-reported suspicious message and searches for and optionally quarantines similar messages across all the users’ inboxes within an organization. Then in December, PhishER Security Roles launched to allow cybersecurity professionals to assign custom permissions for the exact incident response roles and responsibilities that they need in their businesses.

Mark Logan

LogRhythm in June debuted version 7.5 of its SIEM platform to provide enhanced analyst workflow experiences and visibility as well as Open Collector to simplify on-boarding cloud data sources for more holistic monitoring. Seven months later, the company acquired MistNet, a cloud-based analytics platform that delivers vast network visibility and machine-learning-based threat detection and response.

Corey Thomas
Chairman, CEO

Rapid7 purchased cloud security startup DivvyCloud in April to help customers protect cloud and container environments from misconfigurations, policy violations, external and internal threats, and identity and access management challenges. The company’s SIEM customers now benefit from broader coverage and investigations into security incidents as well as more visibility into endpoint activity.

Recorded Future
Christopher Ahlberg
Co-Founder, CEO

Recorded Future partnered with Microsoft Azure in August to boost threat investigation and response, simplify security workflows and maximize their existing security investments. The company optimized its Security Intelligence Platform in September to offer intelligence across a wide range of business areas within the enterprise, helping organizations become more nimble in their decision-making.

RSA Security
Rohit Ghai

RSA Archer SaaS was unveiled last year to provide partners with the speed to manage risk along with the flexibility and scalability needed to navigate digital transformation in the workplace. RSA IoT Security Monitor debuted in May and consolidates information from connected devices and applies behavioral analytics, machine learning and threat intelligence to identify anomalies that indicate compromise.

Michael Cote

Secureworks Cloud Configuration Review helps customers detect configuration vulnerabilities, understand the business impact of critical risks, and address security and compliance issues around public cloud adoption. The company bought Delve Laboratories in September to give customers more accurate and actionable data about the highest-risk vulnerabilities across their network, endpoints and cloud.

Bill McDermott
President, CEO

ServiceNow in November agreed to buy Element AI for its world‑class scientists and practitioners with expertise in applying modern artificial intelligence to text and language, chat, images, search, question response and summarization. ServiceNow has more than 20 integrations with Microsoft, including a centralized security response with ServiceNow Security Operations and Microsoft Azure Sentinel.

Doug Merritt
President, CEO

Splunk Enterprise Security in October rolled out alerts that help SOCs further refine the fidelity and priority of notable events so that incident responders can address their most critical threats first. And October updates to Splunk’s SOAR offering have helped customers automate more of their security operations, making playbook creation and execution faster and easier with little to no coding required.

Sumo Logic
Ramin Sayar
President, CEO

Sumo Logic in August broadened its Observability suite to provide enterprises with a unified view of real-time analytics across application and infrastructure logs, metrics, traces and metadata. The company debuted its Software Development Optimization tool in October, which integrates and analyzes data from multiple DevOps tools to give developers real-time insight into software development pipelines.

Amit Yoran
Chairman, CEO

Tenable’s Frictionless Assessment allows customers to evaluate cloud assets without interruption, quickly detecting new vulnerabilities as their environment changes without ever having to schedule a scan or deploy an agent. Enhancements to Tenable Lumin allow customers to predict which vulnerabilities pose the greatest business risk and act with confidence to effectively reduce risk across their ecosystem.

Jeff Hudson

Venafi agreed in May to purchase Jetstack to assist enterprises using Kubernetes for mission-critical infrastructure and accelerate machine identity protection for multi-cloud, service mesh and microservices ecosystems. Venafi Zero Touch PKI launched in October to eliminate the effort, expense and risk of traditional PKI while still providing the speed and control enterprises need to be successful.

James Foster

Z July debuted new artificial intelligence innovations in partnership with Intel AI to help customers protect their web domains and presence at internet scale and speed. Then in October, the company bought the Cyveillance threat intelligence business to protect the brands, executives and data of the world’s largest and most respected financial services, energy and public sector organizations.