Cybersecurity has 53 unicorns. Here are 10 to watch

It’s true: The time period unicorn stopped which means “uncommon” years in the past. And at present, within the cybersecurity market alone, there are literally dozens of privately held corporations with billion-dollar valuations.

However whereas turning into a unicorn could not imply what it used to, it’s not a meaningless milestone, both. At the very least within the safety market, getting a billion-dollar valuation normally does signify that the startup has a fast-growing enterprise underway, amongst different issues.

Dave DeWalt, who is aware of a factor or two about cyber companies, mentioned as a lot to me in an interview final month. Although 30 privately held safety corporations achieved unicorn valuations in 2021 — up from six in 2020 — that doesn’t routinely suggest there’s a bubble, mentioned DeWalt, who beforehand served as CEO of FireEye and McAfee, and is now a enterprise investor.

Many of those safety corporations are constructing actual companies, he mentioned — and addressing actual threats, typically from state-sponsored adversaries, that aren’t going away.

Why are we seeing so many safety distributors attain unicorn valuations? “It’s as a result of the menace is persistent,” mentioned DeWalt, now the founder and managing director at enterprise agency NightDragon. “And that’s why I believe [these companies are] actual, and that is right here to remain.”

Monitoring the herd

By my tally, there are at the moment 53 cybersecurity distributors with privately held valuations of $1 billion or extra. My major supply for that is the CB Insights unicorn list, although my depend isn’t similar to theirs (a couple of safety distributors had been both lacking or categorised in different classes apart from cybersecurity on their record).

Regardless, getting the variety of cybersecurity unicorns precisely proper doesn’t appear too vital. All it is advisable to know is that there are a ton of them now.

Extra crucially: Which safety corporations, on this ever-expanding unicorn herd, is perhaps value a more in-depth search for enterprise and midmarket prospects?

I’ve chosen 10 of the present safety unicorns to spotlight right here. My standards is that they’re reporting sturdy progress; they’re in a fast-growing market; and I’ve had the prospect to interview their CEO or president in current months, giving me a way of their technique, differentiators and traction with prospects.

This isn’t to say the opposite safety unicorns aren’t differentiated, seeing vital progress and working in scorching market. However, I couldn’t embrace all of them (and haven’t interviewed all of their CEOs, both).

So, what follows are the important thing particulars on these 10 cybersecurity unicorns that I believe are value watching proper now, in areas of the market together with cloud safety, cloud-native software safety, managed detection and response, passwordless identification authentication and 0 belief segmentation.

Distributors are ranked by their newest out there valuation, offered on the time of their most up-to-date funding spherical. All quotes are from current VentureBeat interviews, and all metrics had been equipped by the distributors.

Snyk

Based: 2015
Valuation: $8.5 billion (September 2021)
Clients: 1,800 on the finish of Q1 (up 100% year-over-year)
Staff: 1,200 on the finish of Q1 (up greater than 100% year-over-year)

Snyk focuses on providing instruments for scanning and fixing code — constructed to be acquainted to builders and built-in into the present improvement course of — with the purpose of making certain that purposes are constructed securely from the get-go.

The corporate believes that with the intention to present a fantastic developer safety platform, “it must be weaved into the day by day lives of the event groups,” mentioned Snyk cofounder and president Man Podjarny. “We’re there to cowl the complete scope of the cloud-native software — all the time with that developer-first method.”

Snyk is now increasing its choices to incorporate cloud safety, with the current acquisition of Fugue. By combining with Fugue’s cloud safety posture administration expertise, the Snyk platform will be capable of present builders with “continuity all the best way from their code to the cloud deployments,” Podjarny mentioned.

“To equip builders with constructing safe software program and proudly owning it, they must go previous the pipelines into understanding what’s deployed,” Podjarny mentioned. That features “understanding what safety errors are deployed,” he mentioned, “to allow them to personal that and so they may help safe it.”

Lacework

Based: 2014
Valuation: $8.3 billion (November 2021)
Clients: Whole quantity not disclosed; by the top of 2021, Lacework noticed a 3.5X year-over-year improve in new prospects
Staff: Greater than 1,000 (up from 200 in January 2021)

Lacework gives a cloud safety platform that excels at gathering, processing and normalizing information throughout cloud environments — after which deriving insights for purchasers, Lacework co-CEO Jay Parikh mentioned. “We essentially convey a unique method,” Parikh mentioned. “And we will innovate sooner and we will present a way more complete, end-to-end method.”

Central to Lacework’s expertise is the Polygraph Information Platform, which collects and correlates information in cloud environments, detects potential safety points and prioritizes the most important threats for response. Key capabilities embrace anomaly detection powered by machine studying, in addition to deep visibility throughout cloud and container workloads.

Notably, Lacework brings the flexibility to each scan for vulnerabilities and in addition present in manufacturing the place the failings is perhaps exploited, Parikh mentioned.

“Some corporations can simply do the scanning, however they will’t do the manufacturing evaluation,” he mentioned. “We will do each, and it’s all on the identical platform.”

Wiz

Based: 2020
Valuation: $6 billion (October 2021)
Clients: Whole quantity not disclosed; “greater than 20% of the Fortune 500”
Staff: Greater than 200

Wiz gives a cloud safety product that unifies plenty of totally different capabilities, deploys shortly, gives broad visibility and allows prospects to prioritize threats, in accordance with two of the startup’s founders, CEO Assaf Rappaport and vice chairman of product Yinon Costica.

The product’s agentless method helps allow the fast deployment, the founders mentioned. “Actually you’ll be able to end a Wiz deployment in per week, even within the largest enterprises,” Costica mentioned.

Wiz works by implementing a safety graph, permitting for the correlation of the numerous totally different alerts in cloud environments — prioritizing the dangers “very successfully throughout even the most important environments,” he mentioned. The product “adjustments dramatically the best way organizations are in a position to achieve visibility to cloud environments,” Costica mentioned.

“I believe these two parts — the flexibility to prioritize successfully and to deploy actually simply — are making the distinction for purchasers, versus what they’ve at present,” he mentioned.

Arctic Wolf

Based: 2012
Valuation: $4.3 billion (July 2021)
Clients: 2,700 (up from 1,500 a yr in the past)
Staff: 1,500 (up from 650 a yr in the past)

With Arctic Wolf’s safety operations platform — which gives a full gamut of safety options, paired with the flexibility to ingest safety information from a buyer’s present instruments — the corporate has the potential to “unify the cybersecurity market wholesale,” CEO Nick Schneider mentioned.

The platform contains 24/7 monitoring of endpoints, networks and clouds; detection of threats; and response and restoration if a cyberattack happens. The MDR service is offered by a concierge safety workforce that serves to eradicate false positives and alert fatigue.

Arctic Wolf’s MDR is complemented by digital threat administration (tailor-made to every particular person buyer); managed safety consciousness (offering safety coaching, phishing assessments and training to staff); and cloud detection and response (to assist with enhancing cloud safety posture).

Whereas plenty of different safety distributors supply a few of these options, “that mixture of modules, or that mixture of outcomes sitting on prime of the platform — we’re actually the one vendor that does that,” Schneider mentioned. “And from a buyer’s perspective, what meaning is that they get a unified expertise throughout these totally different areas of their enterprise — detection, threat, cloud, safety consciousness and coaching.”

Illumio

Based: 2013
Valuation: $2.75 billion (June 2021)
Clients: Whole quantity not disclosed; firm has added greater than 140 prospects previously yr
Staff: 519 (up from 384 a yr in the past)

Illumio gives zero-trust segmentation options for each datacenter and cloud environments, which allow isolation of attackers post-breach.

With the Illumio zero-trust segmentation resolution, a buyer’s cloud and datacenter environments could be damaged down into totally different segments — all the best way right down to the extent of workload — which may every be locked down with their very own safety controls.

Illumio stands out as “the one standalone zero-trust segmentation firm,” mentioned cofounder and CEO Andrew Rubin. “We began the corporate to unravel this downside. We’ve constructed our expertise particularly to handle it. And at a few of our largest prospects, we deal with it at large international scale.”

In the end, “we’re targeted on solely fixing this downside,” Rubin mentioned. “And we imagine that that has allowed us to construct a greater platform and a extra scalable platform.”

Sysdig

Based: 2013
Valuation: $2.5 billion (December 2021)
Clients: 700 on the finish of 2021 (roughly doubled year-over-year)
Staff: Practically 600 (up from roughly 250 a yr in the past)

Container and cloud safety vendor Sysdig gives a safety platform that gives deeper visibility and higher prioritization of threats than different distributors, CEO Suresh Vasudevan mentioned.

The platform’s “open supply basis” — it’s constructed on prime of two open-source menace detection tasks — has additionally continued to assist set the corporate aside, Vasudevan mentioned.

Sysdig’s platform gives capabilities spanning cloud-native software improvement safety; detection and response for runtime threats; and administration of configurations and permissions.

“The truth that we’ve constructed an end-to-end platform permits us to have a significantly better sense of methods to prioritize, what to deal with, and methods to remediate points on the supply — on the time if you’re constructing your software program reasonably than a lot later if you’re deployed in manufacturing,” Vasudevan mentioned.

Orca Safety

Based: 2019
Valuation: $1.8 billion (October 2021)
Clients: “Lots of of shoppers” (up 400% year-over-year)
Staff: 307 (up from 71 a yr in the past)

Orca Safety gives a cloud safety platform that unites plenty of totally different instruments and doesn’t require an agent, simplifying and expediting the deployment of the platform.

The largest worth for purchasers is “having one platform that leverages information from all the stack to prioritize threat,” CEO and cofounder Avi Shua mentioned. In that manner, Orca is ready to floor not simply the underlying safety difficulty, but in addition its enterprise influence, Shua mentioned.

Utilizing Orca’s “SideScanning” expertise that collects information from cloud environments, the platform gives full visibility of cloud environments and connects the dots in safety alert information to allow threat prioritization, Shua mentioned.

Key capabilities embrace options for managing cloud vulnerabilities; recognizing misconfigurations in cloud accounts and workloads; and detecting malware and lateral motion in cloud environments.

Past Id

Based: 2020
Valuation: $1.1 billion (February 2022)
Clients: Whole quantity not disclosed; buyer base grew 640% in 2021, year-over-year
Staff: 185 (up from 118 a yr in the past)

Past Id has developed an answer for multifactor authentication (MFA) that’s targeted on “reducing out the friction — making it really invisible to a person, or to an organization, that they’ve turned on MFA,” mentioned cofounder and CEO Tom “TJ” Jermoluk.

A key factor is that the MFA resolution is passwordless, achieved by way of cryptographically embedding a person’s identities into their gadgets. “Our customers don’t have to take a look at a one-time code or a push notification, or any of that,” Jermoluk mentioned. When a person opens an software on their PC or smartphone, utilizing the corporate’s system, the person could be routinely logged in while not having to enter any info.

Past Id additionally gives a zero belief “threat engine” that ensures solely legitimate customers can authenticate, Jermoluk mentioned — which “permits us to have this visibility that no person else can get” in an identification safety resolution. Among the many objectives for Past Id, he mentioned, is “to have this platform be adopted because the de facto zero belief platform.”

In the end, Past Id brings the chance to “resolve so most of the totally different issues which have existed [in security] with one platform,” Jermoluk mentioned.

BlueVoyant

Based: 2017
Valuation: “Considerably greater than $1 billion” (February 2022)
Clients: Greater than 700 on the finish of 2021 (up 80% year-over-year)
Staff: Practically 600 (virtually doubled from a yr in the past)

BlueVoyant gives each inside safety and exterior cyber threat administration for purchasers. The corporate’s managed detection and response (MDR) providing stands out with capabilities for analyzing large quantities of knowledge as a part of its menace detection, in accordance with BlueVoyant cofounder and CEO Jim Rosenthal.

And in relation to exterior cyber threat administration, what BlueVoyant gives is one-of-a-kind, Rosenthal mentioned. “We do provide chain protection, versus provide chain threat scoring,” he mentioned.

BlueVoyant appears at each participant in a buyer’s provide chain, and identifies any externally detectable, extreme vulnerabilities that an attacker would see. The corporate then interacts with the provider to be sure that the problems are remedied — fixing the issue on the client’s behalf, Rosenthal mentioned.

As of proper now, in relation to provide chain protection of this kind, “nobody else does it,” Rosenthal mentioned. “And it’s what the world wants — if you wish to forestall attackers from both disrupting your operations, or disrupting the availability chain, or transferring upstream in an operation to the enterprise itself.”

Aqua Safety

Based: 2015
Valuation: “In extra of $1 billion” (March 2021)
Clients: Greater than 450 (up from 400 a yr in the past)
Staff: 530 (up from 300 a yr in the past)

Aqua Safety gives a cloud-native software safety platform that spans the app improvement lifecycle, with capabilities for securing the construct, infrastructure and workload/runtime. The corporate acquired a startup in December, Argon, that provides an answer for securing the software program provide chain to the platform, as effectively.

On the subject of securing cloud-native applied sciences reminiscent of containers and microservices, there may be now “a transparent realization out there that [companies’] present safety options don’t apply for this new stack,” mentioned cofounder and CEO Dror Davidoff.

Aqua’s numerous modules are supplied individually, however are additionally built-in with the intention to “join the dots” and supply a full safety image for a buyer’s cloud-native stack, Davidoff mentioned. The corporate has been investing closely to “create a number of complementary worth between the totally different modules — and actually flip it into one resolution,” he mentioned.

In the end, “I can say very comfortably that we’re the one which’s actually trying on the full lifecycle — out of your software program provide chain all the best way to your manufacturing, and having all of the [solutions] alongside the best way,” Davidoff mentioned.