The 20 Coolest Web, Application And Email Security Companies Of 2022: The Security 100
Here are 20 web, application and email security vendors that have focused on safeguarding cloud applications, finding bugs in open-source software and thwarting impersonation attacks
Defending Digital Communication
Accelerating digital transformation and adoption of cloud email services worldwide is making companies reorganize their email security architecture, with rising demand for phishing intelligence driving market growth. The global email security market is expected to grow at a compound annual growth rate of 16.2 percent over the next several years, expanding to $6.8 billion by 2025.
Four companies that have excelled as securely protecting web connections and applications have seen their valuations climb over the past year. Akamai’s stock was up 2 percent on a valuation of $16.3 billion; Cloudflare’s stock was up 22 percent on a valuation of $31.02 billion; Qualys’ stock was up 15 percent on a $4.46 billion valuation; and Zscaler’s stock was up 20 percent on a $35.75 billion valuation.
Three companies on our list secured six-figure funding rounds, including: code security tool developer Contrast Security, which raised $150 million on a more than $1 billion valuation; cloud security vendor Netskope, which raised $300 million in a $7.5 billion valuation; and application security vendor Snyk, which raised $530 million on an $8.5 billion valuation.
As part of CRN’s 2022 Security 100, here are 20 web, application and email security vendors that have focused on everything from safeguarding cloud applications to finding bugs in open-source software to thwarting impersonation attacks.
Akamai Technologies Protector uses Akamai Insight and behavioral analytics to shield users from account takeover at the edge. In September, the company bought Guardicore for $600 million to reduce the threat surface by limiting access only to applications that are authorized to communicate with one another.
Area 1 Security
Area 1 partnered with MSSP SolCyber in October to stop phishing campaigns 24 days before they launch and bring best-in-class email protection to midsize organizations. The company is looking to get all SolCyber customers to an inbox free of ever-evolving threats that defraud companies of data, dollars and brand confidence.
Barracuda in July bought Skout Cybersecurity to help MSPs cull and correlate threat data and better respond to incidents. Two months later, it launched a cloudnative SASE platform to enable modern security architectures by allowing policy enforcement and security inspection in the cloud, at the branch or on the device.
Checkmarx acquired Dustico to prevent supply chain attacks by giving customers a unified view into the risk, reputation and behavior of open-source packages. The Checkmarx Application Security Platform safeguards applications through built-in security, seamless integrations and accelerated software development.
Cloudflare expanded its zerotrust firewall capabilities to help companies secure their corporate network across all branch offices, data centers and clouds. The company also purchased Zaraz to boost website speed and security without sacrificing privacy by reducing the impact of third-party marketing and analytics tools.
Chairman, President, CEO
ContrastScan aims to revolutionize static application security testing with pipeline-native static analysis that analyzes code and detects vulnerabilities early in the software development life cycle. The company in November raised $150 million to accelerate its global expansion and hunt for strategic acquisitions.
President, Director, CEO
F5 bought ThreatStack for $68 million to enhance visibility across application infrastructure and workloads and adopt consistent security in the cloud. The company has rolled out multiple security offerings that help block automated and humandriven malicious activity, shield valuable user details and stop fraud.
Co-Founder, CTO, CEO
The iboss Channel Partner Program debuted in March to drive new business, boost customer retention and support more channel-delivered service offerings. The company in December added Cloud App Isolation and Exact Data Match for Data Loss Prevention to the iboss Cloud Platform.
Imperva Serverless Protection safeguards organizations from vulnerabilities created by misconfigured apps and code-level security risks in serverless computing environments. A new tool helps organizations discover, identify and protect personal data in on-premises, cloud, hybrid and multi-cloud environments.
Menlo Security extended its cloud-based Secure Web Gateway to include web isolation for mobile devices to eliminate malware and phishing attacks when users access the internet and email from their smartphones and tablets. The offering provides data loss prevention, read-only phishing protection and download controls.
Co-Founder, Board Member, CEO
Mimecast CyberGraph detects sophisticated phishing and impersonation attacks and alerts employees to potential cyberthreats. Permira agreed in December to purchase Mimecast for $5.8 billion, with Mimecast saying the private equity firm has a strong track record of supporting portfolio companies’ growth ambitions.
Netskope in July raised $300 million to expand its platform and go-to-market to fulfill strong demand for its Secure Access Service Edge architecture. The company enhanced Netskope Security Cloud, which leverages a common management console, easy-to-use policy engine, unified client and AI/ML intelligence.
Onapsis unveiled support for SAP Success Factors, which enables customers to quickly discover, prioritize and enhance security around the SAP platform. The Onapsis tool thwarts authorization issues and misconfigurations, ensuring that sensitive data is protected while helping to further secure the interconnected enterprise.
Proofpoint bought MSP InteliSecure for $62.5 million to help customers protect their critical data in diverse environments. The company also purchased startup Dathena to help organizations understand information risk and eliminate data loss through AI-based data classification.
Qualys CyberSecurity Asset Management inventories the complete IT ecosystem, detects security gaps and responds to risk from a unified platform. The company has integrated zero-touch patching capabilities into Qualys Patch Management to ensure that endpoints and servers are proactively updated.
Snyk raised $530 million to help introduce enhancements, features, workflow integration and improved functionality to its Developer Security Platform. The company also acquired CloudSkiff to catch drift outside a developer‘s infrastructure code, filling in a crucial element for comprehensive DevSecOps.
Synack Campaigns gives organizations access to skilled and trusted ethical hackers to perform tasks from targeted security checks to cloud configuration assessments. Campaigns deliver intelligence for application security, compliance and vulnerability management, and can range from hunting for major vulnerabilities to cloud configuration checks.
vArmour’s Application Access and Identity Module equips security and operations teams with visibility and control over user access to critical applications, freeing up time and energy. Louise Cooke joined the company in May as global channel chief to scale the vArmour channel program and bolster partner engagement.
Veracode’s Technology Alliance Program debuted in April to make it easier to implement, manage and scale software security programs. The company in November launched an advanced scanning tool that enables organizations to find and fix API vulnerabilities and deliver comprehensive API security insight.
Founder, Chairman, CEO
Zscaler in April purcjased startup Trustdome for $31.1 million to get control over who and what has access to data, applications and services in public cloud environments. A month later, the company bought Smokescreen Technologies for $11.5 million to proactively hunt for emerging adversary tactics and techniques using deception technologies.