The 20 Coolest SIEM, Risk And Threat Intelligence Companies Of 2020: The Security 100

Part three of CRN's 2020 Security 100 list looks at 20 companies moving the needle in everything from threat hunting and anomaly detection to phishing simulations, security ratings and risk management.

Thwarting Threats

In the SIEM, risk, and threat intelligence space, enterprises are expected to double down on threat intelligence to stay informed about exploits, zero-day threats and advanced persistent threats. A larger attack surface due to more mobile device usage and greater exchanging of data has forced businesses to become more aware of cyberthreats and invest in flexible and scalable strategies.

Three companies on CRN's annual CRN Security 100 list secured six-figure funding rounds in 2019, with Sumo Logic getting $110 million in a May round led by Battery Ventures, Vectra in June closing a $100 million round led by TCV, and KnowBe4 receiving a $300 million investment from KKR also in June.

Enterprises are expected to double down on threat intelligence in the coming years to stay informed about exploits, zero-day threats and advanced persistent threats. These are the companies moving the needle in everything from threat hunting and anomaly detection to phishing simulations, security ratings and risk management.

AT&T Cybersecurity

Barmak Meftah


AT&T in March joined the global cybersecurity alliance formed by Etisalat, Singtel, SoftBank and Telefonica to help protect businesses from the growing threat of sophisticated cyberattacks. The business has also helped develop cybersecurity standards for companies deploying 5G such as roaming protection proxies and home network authentication.


Tom Turner

President, CEO

BitSight Enterprise Analytics enables more effective risk management by providing visibility into security performance across business units, subsidiaries and other groups. Enhancements to BitSight for Fourth-Party Risk Management will help companies identify technology dependencies and monitor cyber-risk across extended business ecosystems.


Rohyt Belani

Co-Founder, CEO

The responsive delivery feature for Cofense PhishMe enables operators to deliver phishing scenarios only when a user is performing tasks in their mailbox, ensuring simulations won’t be missed by users who aren’t at their desks. Cofense partnered with AwareGo to better educate users on email compromise, privacy and insider threats.


Nir Polak

Co-Founder, CEO

The acquisition of SkyFormation will let organizations collect logs from over 30 cloud services into Exabeam Data Lake, Exabeam Advanced Analytics or any other SIEM. Meanwhile, expanding the availability of the hosted Exabeam SaaS Cloud will make it easier for customers to take advantage of it while meeting compliance and policy requirements for in-region hosting.

IBM Security

Ginni Rometty

Chairman, President, CEO

IBM Cloud Pak for Security uses open-source technology to hunt threats, while automation capabilities speed response to cyberattacks. IBM Cloud Identity, meanwhile, now has AI-based capabilities that help assess user risk levels when accessing applications and services. IBM named Arvind Krishna as its new CEO, effective April 6.

IronNet Cybersecurity

Keith Alexander and William Welch


New Amazon Virtual Private Cloud traffic mirroring extended IronDefense’s advanced network behavioral detection and IronDome’s collective defense capabilities to cloud and hybrid environments. IronNet has extended its IronDome collective defense offering beyond Fortune 500 companies to reach small and midsize companies.


Stu Sjouwerman

Founder, CEO

The acquisition of CLTRe will help organizations gain access to a research-driven measurement platform that examines their security culture and how it changes over time. The PhishML machine-learning module within KnowBe4’s PhishER platform makes the identification and prioritization of suspicious messages more accurate.


Mark Logan


LogRhythm Cloud provides security a n a l y s t s with the full experience of a SIEM platform with the benefits of SaaS. The debut of the True Unlimited Data Plan for NextGen SIEM gives businesses a fixed cost licensing model so they don’t have to sacrifice security because of cost unpredictability.


Mikael Hagstroem

President, CEO

The Infosys Governance Risk & Compliance Digital Suite provides an interface for first line engagement and robotic process automation-powered controls testing for MetricStream Cloud. MetricStream and the AI Sustainability Center joined forces to support companies in their ethical use of AI with an automated tool for risk scanning.


Corey Thomas

President, CEO

The purchase of NetFort has improved Rapid 7’s ability to detect attacks, investigate incidents and gain more visibility into devices that pose a risk. Rapid7 added Cloud Configuration Assessment to its InsightVM vulnerability risk management offering to give customers visibility into configuration risks within AWS environments.

Recorded Future

Christopher Ahlberg

Co-Founder, CEO

Recorded Future updated its threat intelligence offering with new security control feeds that provide organizations with uniquely curated, high fidelity indicators of compromise. And its security intelligence framework helps organizations lead with intelligence across threat prevention, third-party risk management and brand protection strategies.


Doug Merritt

President, CEO

Deloitte and Splunk began providing automated s e c u r i t y monitoring and response capabilities to drive greater consistency and higher fidelity into security workflows and outputs. The launch of Splunk Mission Control made it easier than ever for security analysts to manage security across the entire threat life cycle.


Rohit Ghai


The RSA NetWitness SIEM Platform was updated with machine-learning models based on deep endpoint observations that rapidly detect anomalies in users’ behavior to uncover evolving threats. And YubiKey for RSA SecurID Access debuted with a FIDO2enabled hardware device by Yubico to deliver secure authentication and identity assurance.

Sumo Logic

Ramin Sayar

President, CEO

Sumo Logic acquire cybersecurity intelligence vendor Jask Labs to better protect modern applications, architectures and multi-cloud infrastructures. Global Intelligence Service for AWS CloudTrail debuted to give teams real-time intelligence to scale detection, prioritization and workflow to prevent potentially harmful service configurations.


Aleksandr Yampolskiy

Co-Founder, CEO

The Trust Portal provides transparency and visibility into the methodology and performance of SecurityScorecard’s high-fidelity security ratings platform. The addition of Custom Scorecard functionality to the security ratings tool lets enterprises have greater visibility into cybersecurity risk across distinct business units, organizational departments and geolocations.


Amit Yoran

Chairman, CEO

New Tenable Lumin cyber exposure analytics capabilities leverage machine learning to automatically correlate vulnerability and threat data with asset criticality in a single platform. The acquisition of Indegy extended Tenable’s OT-specific expertise in vulnerability management, asset inventory and configuration management.


Bill McDermott


Fusing Fairchild Resiliency Systems business continuity tool with ServiceNow’s operational, vendor and IT risk management tool will help companies better manage risk and become more resilient. ServiceNow Security Operations uses intelligent workflows, automation and a deep connection with IT to help teams respond faster and more efficiently.


Hitesh Sheth

President, CEO Vectra rolled out Cognito Stream to help security analysts gain access to the complete context about incidents in network communications between cloud and data center workloads and user and IoT devices. Privileged Access Analytics debuted on the Cognito platform to give visibility into privileged entities and detects malicious interactions.

Skybox Security

Gidi Cohen

Founder, CEO

Skybox Security Suite 10 has prioritization tactics that score the risk of vulnerabilities and assets, enhancements to security policy management automation and upgrades to user experience. A partnership with Zscaler will help transform business access and user policies from legacy networks to modern cloud architecture and create secure cloud ecosystems.


Jeff Hudson


Venafi and GlobalSign partnered to expand machine identity protection by providing automated PKI certificate management. The company’s Next-Gen Code Signing is a machine identity protection offering that secures code signing processes by delivering visibility into relevant operations and guarding against unauthorized use.