The 20 Coolest Web, Application And Email Security Companies Of 2021: The Security 100

Here’s a look at 20 web, application and email security companies that have invested in everything from safeguarding cloud applications and embedding certificates on chips to identifying software vulnerabilities and protecting against phishing attacks.

Another Day, Another Threat

The increasing adoption of bring-your-own-device among organizations, stringent regulations and the need for compliance, and the introduction of cloud-based encryption is expected to drive email security growth. The rate of phishing and email scams has spiked in the pandemic, and organizations have in response become more cautious when it comes to protecting confidential data stored on email servers.

The rapid growth in the use of cloud services has given rise to new and sophisticated threats, such as spear phishing, trojans, ransomware, business email compromise scams, social engineering, and malware and spam, which have put organizations’ critical data at risk. Email encryption solutions are gaining traction due to the increasing demand among enterprises to protect business information and infrastructure.

The global email encryption market size is expected to grow at a compound annual growth rate of 23.8 percent over the next half-decade, going from $3.4 billion in 2020 to $9.9 billion by 2025, MarketsandMarkets found. Businesses in North America have been the most aggressive about adopting email encryption to prevent cyberattacks and commercial espionage as well as ensure the security and privacy of data.

As part of CRN‘s annual Security 100 list, here are 20 web, application and email security companies that have doubled down on everything from safeguarding cloud applications and embedding certificates on chips to identifying vulnerabilities in open-source software and protecting against impersonation and phishing attacks.

Area 1 Security
Patrick Sweeney
President, CEO

Area 1 Security debuted Horizon PhishGuard in September to give security teams fraud response, insider threat notification and response, email-based threat hunting, and phish and targeted attack response and management. That same month, the company tasked SonicWall vet Steve Pataky with fast-tracking Area 1’s MSSP program and adding between 30 and 40 solution providers over the next six months.

BJ Jenkins
President, CEO

Barracuda in July debuted the first secure global SD-WAN service built natively on Microsoft Azure to optimize performance and minimize cost by replacing inflexible network connectivity circuits. The company in November purchased remote access vendor Fyde to provide employees and contractors working from home on BYOD equipment with secure access to cloud or on-premises applications and workloads.

Emmanuel Benzaquen

Checkmarx SCA was launched in June to help security and development teams identify vulnerabilities within open-source software that present the greatest risk and enable developers to focus and prioritize remediation efforts accordingly. The company partnered with AWS in November to deliver greater simplicity, flexibility and confidence to customers looking to deploy application security testing tools.

Contrast Security
Alan Naumann
Chairman, President, CEO

Department of Defense application developers were authorized in August to deploy Contrast Security’s platform to assess and mitigate security risks within applications across the software development life cycle. The company in October launched the industry’s first security observability platform that provides comprehensive application protection, dramatically cutting vulnerability and threat remediation time.

John Merrill

DigiCert Automation Gateway launched in August to accelerate the adoption of automated certificate issuance, renewal, reissuance and revocation by tackling some of the common concerns with existing offerings. IoT Device Manager debuted in December and enables manufacturers to embed certificates on chips prior to manufacturing and generate certificate requests directly from an edge device.

F5 Networks
Francois Locoh-Donou
President, CEO, Director

F5 acquired Volterra for $440 million in January to help create an edge platform built for enterprises and service providers that will be security-first and app-driven with unlimited scale. Also in January, Splunk security leader Haiyan Song took over F5’s security business to build on the company’s position as the second-largest global application security player and drive the company’s next phase of growth.

Pam Murphy

Imperva allows customers to secure data and applications on-premises and in multi-cloud environments, leveraging attack analytics to alert users to critical threats to both on-premises and cloud applications. The company agreed in October to buy Goldman Sachs-backed jSonar to create a data security powerhouse with a comprehensive portfolio of tools that protect modern data architectures.

Menlo Security
Amir Ben-Efraim
Co-Founder, CEO

Menlo Security Cloud DLP powered by an Isolation Core has redefined how data is monitored and provides the most complete protection with the highest level of visibility and control of company data. In November, the company completed its $100 million Series E round and notched a valuation of $800 million to scale go-to-market, double down on engineering and accelerate product delivery.

Micro Focus
Stephen Murdoch

Micro Focus in August launched ArcSight 2020 featuring a new unified layered analytics platform and a user interface that simplifies threat detection with an intelligent security operations platform. Four months later, the company debuted NetIQ Universal Policy Administrator, which allows administrators to consolidate and centralize security policies while delivering consistent controls across infrastructure.

Peter Bauer
Co-Founder, CEO

Mimecast in July purchased MessageControl to provide customers using productivity apps such as Microsoft 365 with stronger protection against advanced phishing and impersonation attacks. Three months later, the company snagged former Forescout global channel chief Jonathan Corini to take the email security specialist upmarket by empowering new and existing partners to sell to the enterprise.

Sanjay Beri
Founder, CEO

Netskope NewEdge takes a different approach to SD-WAN by delivering low, single-digit millisecond latency for on-ramping traffic from any user, from any device from anywhere in the world. The company in October debuted an interactive data analytics service that helps customers understand and measure risk through rich, in-depth visual dashboards, as well as reports on cloud and web use.

Mariano Nunez

Onapsis in May unveiled expanded assessments for its Business Risk Illustration service to include operational resiliency, audit efficiency and cyber-risk assessments, providing insight into risk postures. Two months later, the company released Instant Recon, a free online service and downloadable open- source scanning tool to quickly help organizations assess if their SAP applications are exposed.

Gary Steele
Chairman, CEO

Innovations to the Proofpoint Cloud Access Security Broker were introduced to help safeguard the cloud applications employees access every day, such as Amazon Web Services, Box, Google G Suite, Microsoft Office 365 and Slack. The company in December brought on longtime Bitdefender and Fortinet partner leader Joe Sykora to serve as the fast-growing email security vendor’s first-ever global channel chief.

Philippe Courtot
Chairman, CEO

Qualys expanded its cloud capabilities with Container Runtime Security, which provides deep visibility and runtime app protection across traditional server-based containers and newer container-as-a-service environments. The company’s new Vulnerability Management, Detection and Response tool automates the entire process across on-premises, endpoints, cloud, mobile, containers, OT and IoT environments.

Peter McKay

Snyk in July gave developers priority scoring, deep application context and customizable security policies so that teams can ensure their developers are fixing the most important open-source and container vulnerabilities. Three months later, the company acquired AI-powered semantic code analysis provider DeepCode to more quickly identify vulnerabilities and ensure developers have a higher level of accuracy.

Eric Harmon

Trustwave in September began providing U.S. government agencies and suppliers threat detection and response services to address the landscape while meeting federal government security requirements. Two months earlier, the company for the first time started allowing its VAR, MSP and agent partners to directly resell Trustwave’s managed threat detection and response and professional services.

Timothy Eades

vArmour in September debuted the industry’s first relationship search to investigate and manage cyber- risk enterprisewide, enabling businesses to pinpoint risk and resiliency challenges in all environments. Then in October, the company rolled out a tool to manage user access risks in distributed workforces by leveraging relationships to visualize and control user access to every application enterprisewide.

Sam King

Veracode in June achieved AWS DevOps Competency status, recognizing that the company provides technical proficiency and customer success to help implement continuous integration and delivery practices. Four months later, the company debuted a new GitHub action that enables developers to perform a Static Policy Scan workflow, initiate a pipeline scan and consume pipeline scan results.

David Wagner
President, CEO

Zix combined the security and compliance offering from its 2019 acquisition of AppRiver with its own in April 2020 to create a single platform that safeguards digital communication tools. Then in November, the company bought CloudAlly for $30 million to help safeguard Microsoft Office 365, SharePoint, Box, Google Workspace, OneDrive, Salesforce and Dropbox with backup and recovery from any point in time.

Jay Chaudhry
Founder, Chairman, CEO

Zscaler purchased early stage vendor Edgewise Networks for $30.7 million in May to better protect application-to-application communications in public cloud and data center settings. Zscaler Cloud Protection debuted in December to minimize the attack surface and automate globally enforced security policies across organizations’ multi-cloud footprint, extending a zero-trust approach to cloud workloads.