Cybersecurity has 53 unicorns. Listed here are 10 to observe

It’s true: The time period unicorn stopped which means “uncommon” years in the past. And right now, within the cybersecurity market alone, there are literally dozens of privately held firms with billion-dollar valuations.

However whereas changing into a unicorn might not imply what it used to, it’s not a meaningless milestone, both. No less than within the safety market, getting a billion-dollar valuation normally does signify that the startup has a fast-growing enterprise underway, amongst different issues.

Dave DeWalt, who is aware of a factor or two about cyber companies, mentioned as a lot to me in an interview final month. Although 30 privately held safety firms achieved unicorn valuations in 2021 — up from six in 2020 — that doesn’t robotically suggest there’s a bubble, mentioned DeWalt, who beforehand served as CEO of FireEye and McAfee, and is now a enterprise investor.

Many of those safety firms are constructing actual companies, he mentioned — and addressing actual threats, typically from state-sponsored adversaries, that aren’t going away.

Why are we seeing so many safety distributors attain unicorn valuations? “It’s as a result of the risk is persistent,” mentioned DeWalt, now the founder and managing director at enterprise agency NightDragon. “And that’s why I believe [these companies are] actual, and that is right here to remain.”

Monitoring the herd

By my tally, there are at present 53 cybersecurity distributors with privately held valuations of $1 billion or extra. My principal supply for that is the CB Insights unicorn listing, although my depend isn’t an identical to theirs (a couple of safety distributors had been both lacking or categorized in different classes in addition to cybersecurity on their listing).

Regardless, getting the variety of cybersecurity unicorns precisely proper doesn’t appear too necessary. All you’ll want to know is that there are a ton of them now.

Extra crucially: Which safety firms, on this ever-expanding unicorn herd, is perhaps price a more in-depth search for enterprise and midmarket prospects?

I’ve chosen 10 of the present safety unicorns to spotlight right here. My standards is that they’re reporting sturdy development; they’re in a fast-growing market; and I’ve had the prospect to interview their CEO or president in latest months, giving me a way of their technique, differentiators and traction with prospects.

This isn’t to say the opposite safety unicorns aren’t differentiated, seeing important development and working in sizzling market. However, I couldn’t embody all of them (and haven’t interviewed all of their CEOs, both).

So, what follows are the important thing particulars on these 10 cybersecurity unicorns that I believe are price watching proper now, in areas of the market together with cloud safety, cloud-native utility safety, managed detection and response, passwordless identification authentication and nil belief segmentation.

Distributors are ranked by their newest obtainable valuation, supplied on the time of their most up-to-date funding spherical. All quotes are from latest VentureBeat interviews, and all metrics had been equipped by the distributors.

Snyk

Based: 2015
Valuation: $8.5 billion (September 2021)
Prospects: 1,800 on the finish of Q1 (up 100% year-over-year)
Workers: 1,200 on the finish of Q1 (up greater than 100% year-over-year)

Snyk makes a speciality of providing instruments for scanning and fixing code — constructed to be acquainted to builders and built-in into the prevailing improvement course of — with the goal of guaranteeing that purposes are constructed securely from the get-go.

The corporate believes that in an effort to present a terrific developer safety platform, “it must be weaved into the day by day lives of the event groups,” mentioned Snyk cofounder and president Man Podjarny. “We’re there to cowl the total scope of the cloud-native utility — at all times with that developer-first method.”

Snyk is now increasing its choices to incorporate cloud safety, with the latest acquisition of Fugue. By combining with Fugue’s cloud safety posture administration expertise, the Snyk platform will be capable to present builders with “continuity all the way in which from their code to the cloud deployments,” Podjarny mentioned.

“To equip builders with constructing safe software program and proudly owning it, they should go previous the pipelines into understanding what’s deployed,” Podjarny mentioned. That features “understanding what safety errors are deployed,” he mentioned, “to allow them to personal that they usually might help safe it.”

Lacework

Based: 2014
Valuation: $8.3 billion (November 2021)
Prospects: Complete quantity not disclosed; by the top of 2021, Lacework noticed a 3.5X year-over-year enhance in new prospects
Workers: Greater than 1,000 (up from 200 in January 2021)

Lacework provides a cloud safety platform that excels at accumulating, processing and normalizing knowledge throughout cloud environments — after which deriving insights for purchasers, Lacework co-CEO Jay Parikh mentioned. “We basically deliver a distinct method,” Parikh mentioned. “And we will innovate quicker and we will present a way more complete, end-to-end method.”

Central to Lacework’s expertise is the Polygraph Knowledge Platform, which collects and correlates knowledge in cloud environments, detects potential safety points and prioritizes the largest threats for response. Key capabilities embody anomaly detection powered by machine studying, in addition to deep visibility throughout cloud and container workloads.

Notably, Lacework brings the flexibility to each scan for vulnerabilities and in addition present in manufacturing the place the issues is perhaps exploited, Parikh mentioned.

“Some firms can simply do the scanning, however they will’t do the manufacturing evaluation,” he mentioned. “We will do each, and it’s all on the identical platform.”

Wiz

Based: 2020
Valuation: $6 billion (October 2021)
Prospects: Complete quantity not disclosed; “greater than 20% of the Fortune 500”
Workers: Greater than 200

Wiz provides a cloud safety product that unifies a variety of totally different capabilities, deploys shortly, supplies broad visibility and permits prospects to prioritize threats, in keeping with two of the startup’s founders, CEO Assaf Rappaport and vice chairman of product Yinon Costica.

The product’s agentless method helps allow the fast deployment, the founders mentioned. “Actually you’ll be able to end a Wiz deployment in per week, even within the largest enterprises,” Costica mentioned.

Wiz works by implementing a safety graph, permitting for the correlation of the numerous totally different indicators in cloud environments — prioritizing the dangers “very successfully throughout even the most important environments,” he mentioned. The product “modifications dramatically the way in which organizations are capable of achieve visibility to cloud environments,” Costica mentioned.

“I believe these two elements — the flexibility to prioritize successfully and to deploy actually simply — are making the distinction for purchasers, versus what they’ve right now,” he mentioned.

Arctic Wolf

Based: 2012
Valuation: $4.3 billion (July 2021)
Prospects: 2,700 (up from 1,500 a 12 months in the past)
Workers: 1,500 (up from 650 a 12 months in the past)

With Arctic Wolf’s safety operations platform — which provides a full gamut of safety options, paired with the flexibility to ingest safety knowledge from a buyer’s present instruments — the corporate has the potential to “unify the cybersecurity market wholesale,” CEO Nick Schneider mentioned.

The platform consists of 24/7 monitoring of endpoints, networks and clouds; detection of threats; and response and restoration if a cyberattack happens. The MDR service is supplied by a concierge safety crew that serves to eradicate false positives and alert fatigue.

Arctic Wolf’s MDR is complemented by digital threat administration (tailor-made to every particular person buyer); managed safety consciousness (offering safety coaching, phishing exams and training to workers); and cloud detection and response (to assist with enhancing cloud safety posture).

Whereas a variety of different safety distributors supply a few of these options, “that mixture of modules, or that mixture of outcomes sitting on prime of the platform — we’re actually the one vendor that does that,” Schneider mentioned. “And from a buyer’s perspective, what meaning is that they get a unified expertise throughout these totally different areas of their enterprise — detection, threat, cloud, safety consciousness and coaching.”

Illumio

Based: 2013
Valuation: $2.75 billion (June 2021)
Prospects: Complete quantity not disclosed; firm has added greater than 140 prospects up to now 12 months
Workers: 519 (up from 384 a 12 months in the past)

Illumio provides zero-trust segmentation options for each datacenter and cloud environments, which allow isolation of attackers post-breach.

With the Illumio zero-trust segmentation resolution, a buyer’s cloud and datacenter environments might be damaged down into totally different segments — all the way in which all the way down to the extent of workload — which might every be locked down with their very own safety controls.

Illumio stands out as “the one standalone zero-trust segmentation firm,” mentioned cofounder and CEO Andrew Rubin. “We began the corporate to resolve this drawback. We’ve constructed our expertise particularly to handle it. And at a few of our largest prospects, we tackle it at large world scale.”

Finally, “we’re centered on solely fixing this drawback,” Rubin mentioned. “And we imagine that that has allowed us to construct a greater platform and a extra scalable platform.”

Sysdig

Based: 2013
Valuation: $2.5 billion (December 2021)
Prospects: 700 on the finish of 2021 (roughly doubled year-over-year)
Workers: Almost 600 (up from roughly 250 a 12 months in the past)

Container and cloud safety vendor Sysdig provides a safety platform that gives deeper visibility and higher prioritization of threats than different distributors, CEO Suresh Vasudevan mentioned.

The platform’s “open supply basis” — it’s constructed on prime of two open-source risk detection initiatives — has additionally continued to assist set the corporate aside, Vasudevan mentioned.

Sysdig’s platform provides capabilities spanning cloud-native utility improvement safety; detection and response for runtime threats; and administration of configurations and permissions.

“The truth that we’ve constructed an end-to-end platform permits us to have a a lot better sense of methods to prioritize, what to deal with, and methods to remediate points on the supply — on the time whenever you’re constructing your software program moderately than a lot later whenever you’re deployed in manufacturing,” Vasudevan mentioned.

Orca Safety

Based: 2019
Valuation: $1.8 billion (October 2021)
Prospects: “A whole bunch of consumers” (up 400% year-over-year)
Workers: 307 (up from 71 a 12 months in the past)

Orca Safety provides a cloud safety platform that unites a variety of totally different instruments and doesn’t require an agent, simplifying and expediting the deployment of the platform.

The largest worth for purchasers is “having one platform that leverages knowledge from your complete stack to prioritize threat,” CEO and cofounder Avi Shua mentioned. In that approach, Orca is ready to floor not simply the underlying safety situation, but in addition its enterprise affect, Shua mentioned.

Utilizing Orca’s “SideScanning” expertise that collects knowledge from cloud environments, the platform supplies full visibility of cloud environments and connects the dots in safety alert knowledge to allow threat prioritization, Shua mentioned.

Key capabilities embody options for managing cloud vulnerabilities; recognizing misconfigurations in cloud accounts and workloads; and detecting malware and lateral motion in cloud environments.

Past Identification

Based: 2020
Valuation: $1.1 billion (February 2022)
Prospects: Complete quantity not disclosed; buyer base grew 640% in 2021, year-over-year
Workers: 185 (up from 118 a 12 months in the past)

Past Identification has developed an answer for multifactor authentication (MFA) that’s centered on “slicing out the friction — making it really invisible to a consumer, or to an organization, that they’ve turned on MFA,” mentioned cofounder and CEO Tom “TJ” Jermoluk.

A key factor is that the MFA resolution is passwordless, completed via cryptographically embedding a consumer’s identities into their gadgets. “Our customers don’t have to take a look at a one-time code or a push notification, or any of that,” Jermoluk mentioned. When a consumer opens an utility on their PC or smartphone, utilizing the corporate’s system, the consumer might be robotically logged in with no need to enter any info.

Past Identification additionally supplies a zero belief “threat engine” that ensures solely legitimate customers can authenticate, Jermoluk mentioned — which “permits us to have this visibility that no one else can get” in an identification safety resolution. Among the many targets for Past Identification, he mentioned, is “to have this platform be adopted because the de facto zero belief platform.”

Finally, Past Identification brings the chance to “remedy so lots of the totally different issues which have existed [in security] with one platform,” Jermoluk mentioned.

BlueVoyant

Based: 2017
Valuation: “Considerably greater than $1 billion” (February 2022)
Prospects: Greater than 700 on the finish of 2021 (up 80% year-over-year)
Workers: Almost 600 (virtually doubled from a 12 months in the past)

BlueVoyant supplies each inside safety and exterior cyber threat administration for purchasers. The corporate’s managed detection and response (MDR) providing stands out with capabilities for analyzing large quantities of information as a part of its risk detection, in keeping with BlueVoyant cofounder and CEO Jim Rosenthal.

And in relation to exterior cyber threat administration, what BlueVoyant provides is one-of-a-kind, Rosenthal mentioned. “We do provide chain protection, versus provide chain threat scoring,” he mentioned.

BlueVoyant seems at each participant in a buyer’s provide chain, and identifies any externally detectable, extreme vulnerabilities that an attacker would see. The corporate then interacts with the provider to guarantee that the problems are remedied — fixing the issue on the shopper’s behalf, Rosenthal mentioned.

As of proper now, in relation to provide chain protection of this sort, “nobody else does it,” Rosenthal mentioned. “And it’s what the world wants — if you wish to forestall attackers from both disrupting your operations, or disrupting the provision chain, or shifting upstream in an operation to the enterprise itself.”

Aqua Safety

Based: 2015
Valuation: “In extra of $1 billion” (March 2021)
Prospects: Greater than 450 (up from 400 a 12 months in the past)
Workers: 530 (up from 300 a 12 months in the past)

Aqua Safety provides a cloud-native utility safety platform that spans the app improvement lifecycle, with capabilities for securing the construct, infrastructure and workload/runtime. The corporate acquired a startup in December, Argon, that provides an answer for securing the software program provide chain to the platform, as nicely.

In relation to securing cloud-native applied sciences resembling containers and microservices, there’s now “a transparent realization out there that [companies’] present safety options don’t apply for this new stack,” mentioned cofounder and CEO Dror Davidoff.

Aqua’s numerous modules are provided individually, however are additionally built-in in an effort to “join the dots” and supply a full safety image for a buyer’s cloud-native stack, Davidoff mentioned. The corporate has been investing closely to “create lots of complementary worth between the totally different modules — and actually flip it into one resolution,” he mentioned.

Finally, “I can say very comfortably that we’re the one which’s actually trying on the full lifecycle — out of your software program provide chain all the way in which to your manufacturing, and having all of the [solutions] alongside the way in which,” Davidoff mentioned.