Cybersecurity has 53 unicorns. Listed here are 10 to observe

It’s true: The time period unicorn stopped that means “uncommon” years in the past. And at this time, within the cybersecurity market alone, there are literally dozens of privately held corporations with billion-dollar valuations.

However whereas turning into a unicorn might not imply what it used to, it’s not a meaningless milestone, both. Not less than within the safety market, getting a billion-dollar valuation often does signify that the startup has a fast-growing enterprise underway, amongst different issues.

Dave DeWalt, who is aware of a factor or two about cyber companies, stated as a lot to me in an interview final month. Although 30 privately held safety corporations achieved unicorn valuations in 2021 — up from six in 2020 — that doesn’t mechanically indicate there’s a bubble, stated DeWalt, who beforehand served as CEO of FireEye and McAfee, and is now a enterprise investor.

Many of those safety corporations are constructing actual companies, he stated — and addressing actual threats, usually from state-sponsored adversaries, that aren’t going away.

Why are we seeing so many safety distributors attain unicorn valuations? “It’s as a result of the menace is persistent,” stated DeWalt, now the founder and managing director at enterprise agency NightDragon. “And that’s why I believe [these companies are] actual, and that is right here to remain.”

Monitoring the herd

By my tally, there are at the moment 53 cybersecurity distributors with privately held valuations of $1 billion or extra. My predominant supply for that is the CB Insights unicorn record, although my depend isn’t similar to theirs (just a few safety distributors have been both lacking or categorized in different classes in addition to cybersecurity on their record).

Regardless, getting the variety of cybersecurity unicorns precisely proper doesn’t appear too vital. All it’s worthwhile to know is that there are a ton of them now.

Extra crucially: Which safety corporations, on this ever-expanding unicorn herd, could be value a better search for enterprise and midmarket clients?

I’ve chosen 10 of the present safety unicorns to spotlight right here. My standards is that they’re reporting robust progress; they’re in a fast-growing market; and I’ve had the prospect to interview their CEO or president in latest months, giving me a way of their technique, differentiators and traction with clients.

This isn’t to say the opposite safety unicorns aren’t differentiated, seeing vital progress and working in scorching market. However, I couldn’t embody all of them (and haven’t interviewed all of their CEOs, both).

So, what follows are the important thing particulars on these 10 cybersecurity unicorns that I believe are value watching proper now, in areas of the market together with cloud safety, cloud-native software safety, managed detection and response, passwordless identification authentication and nil belief segmentation.

Distributors are ranked by their newest out there valuation, supplied on the time of their most up-to-date funding spherical. All quotes are from latest VentureBeat interviews, and all metrics have been equipped by the distributors.

Snyk

Based: 2015
Valuation: $8.5 billion (September 2021)
Clients: 1,800 on the finish of Q1 (up 100% year-over-year)
Workers: 1,200 on the finish of Q1 (up greater than 100% year-over-year)

Snyk focuses on providing instruments for scanning and fixing code — constructed to be acquainted to builders and built-in into the present growth course of — with the goal of guaranteeing that purposes are constructed securely from the get-go.

The corporate believes that with a purpose to present an amazing developer safety platform, “it needs to be weaved into the day by day lives of the event groups,” stated Snyk cofounder and president Man Podjarny. “We’re there to cowl the total scope of the cloud-native software — at all times with that developer-first method.”

Snyk is now increasing its choices to incorporate cloud safety, with the latest acquisition of Fugue. By combining with Fugue’s cloud safety posture administration know-how, the Snyk platform will be capable to present builders with “continuity all the best way from their code to the cloud deployments,” Podjarny stated.

“To equip builders with constructing safe software program and proudly owning it, they must go previous the pipelines into understanding what’s deployed,” Podjarny stated. That features “understanding what safety errors are deployed,” he stated, “to allow them to personal that they usually will help safe it.”

Lacework

Based: 2014
Valuation: $8.3 billion (November 2021)
Clients: Complete quantity not disclosed; by the tip of 2021, Lacework noticed a 3.5X year-over-year improve in new clients
Workers: Greater than 1,000 (up from 200 in January 2021)

Lacework gives a cloud safety platform that excels at gathering, processing and normalizing knowledge throughout cloud environments — after which deriving insights for patrons, Lacework co-CEO Jay Parikh stated. “We basically deliver a distinct method,” Parikh stated. “And we will innovate sooner and we will present a way more complete, end-to-end method.”

Central to Lacework’s know-how is the Polygraph Information Platform, which collects and correlates knowledge in cloud environments, detects potential safety points and prioritizes the most important threats for response. Key capabilities embody anomaly detection powered by machine studying, in addition to deep visibility throughout cloud and container workloads.

Notably, Lacework brings the flexibility to each scan for vulnerabilities and in addition present in manufacturing the place the failings could be exploited, Parikh stated.

“Some corporations can simply do the scanning, however they will’t do the manufacturing evaluation,” he stated. “We will do each, and it’s all on the identical platform.”

Wiz

Based: 2020
Valuation: $6 billion (October 2021)
Clients: Complete quantity not disclosed; “greater than 20% of the Fortune 500”
Workers: Greater than 200

Wiz gives a cloud safety product that unifies quite a few totally different capabilities, deploys rapidly, supplies broad visibility and permits clients to prioritize threats, in response to two of the startup’s founders, CEO Assaf Rappaport and vice chairman of product Yinon Costica.

The product’s agentless method helps allow the speedy deployment, the founders stated. “Actually you may end a Wiz deployment in every week, even within the largest enterprises,” Costica stated.

Wiz works by implementing a safety graph, permitting for the correlation of the various totally different alerts in cloud environments — prioritizing the dangers “very successfully throughout even the most important environments,” he stated. The product “adjustments dramatically the best way organizations are in a position to achieve visibility to cloud environments,” Costica stated.

“I believe these two elements — the flexibility to prioritize successfully and to deploy actually simply — are making the distinction for patrons, versus what they’ve at this time,” he stated.

Arctic Wolf

Based: 2012
Valuation: $4.3 billion (July 2021)
Clients: 2,700 (up from 1,500 a 12 months in the past)
Workers: 1,500 (up from 650 a 12 months in the past)

With Arctic Wolf’s safety operations platform — which gives a full gamut of safety options, paired with the flexibility to ingest safety knowledge from a buyer’s current instruments — the corporate has the potential to “unify the cybersecurity market wholesale,” CEO Nick Schneider stated.

The platform consists of 24/7 monitoring of endpoints, networks and clouds; detection of threats; and response and restoration if a cyberattack happens. The MDR service is supplied by a concierge safety staff that serves to eradicate false positives and alert fatigue.

Arctic Wolf’s MDR is complemented by digital danger administration (tailor-made to every particular person buyer); managed safety consciousness (offering safety coaching, phishing exams and training to workers); and cloud detection and response (to assist with enhancing cloud safety posture).

Whereas quite a few different safety distributors supply a few of these options, “that mixture of modules, or that mixture of outcomes sitting on prime of the platform — we’re actually the one vendor that does that,” Schneider stated. “And from a buyer’s perspective, what which means is that they get a unified expertise throughout these totally different areas of their enterprise — detection, danger, cloud, safety consciousness and coaching.”

Illumio

Based: 2013
Valuation: $2.75 billion (June 2021)
Clients: Complete quantity not disclosed; firm has added greater than 140 clients prior to now 12 months
Workers: 519 (up from 384 a 12 months in the past)

Illumio gives zero-trust segmentation options for each datacenter and cloud environments, which allow isolation of attackers post-breach.

With the Illumio zero-trust segmentation resolution, a buyer’s cloud and datacenter environments could be damaged down into totally different segments — all the best way all the way down to the extent of workload — which might every be locked down with their very own safety controls.

Illumio stands out as “the one standalone zero-trust segmentation firm,” stated cofounder and CEO Andrew Rubin. “We began the corporate to resolve this downside. We’ve constructed our know-how particularly to handle it. And at a few of our largest clients, we tackle it at large world scale.”

Finally, “we’re centered on solely fixing this downside,” Rubin stated. “And we imagine that that has allowed us to construct a greater platform and a extra scalable platform.”

Sysdig

Based: 2013
Valuation: $2.5 billion (December 2021)
Clients: 700 on the finish of 2021 (roughly doubled year-over-year)
Workers: Almost 600 (up from roughly 250 a 12 months in the past)

Container and cloud safety vendor Sysdig gives a safety platform that gives deeper visibility and higher prioritization of threats than different distributors, CEO Suresh Vasudevan stated.

The platform’s “open supply basis” — it’s constructed on prime of two open-source menace detection tasks — has additionally continued to assist set the corporate aside, Vasudevan stated.

Sysdig’s platform gives capabilities spanning cloud-native software growth safety; detection and response for runtime threats; and administration of configurations and permissions.

“The truth that we’ve constructed an end-to-end platform permits us to have a significantly better sense of find out how to prioritize, what to give attention to, and find out how to remediate points on the supply — on the time if you’re constructing your software program relatively than a lot later if you’re deployed in manufacturing,” Vasudevan stated.

Orca Safety

Based: 2019
Valuation: $1.8 billion (October 2021)
Clients: “Tons of of shoppers” (up 400% year-over-year)
Workers: 307 (up from 71 a 12 months in the past)

Orca Safety gives a cloud safety platform that unites quite a few totally different instruments and doesn’t require an agent, simplifying and expediting the deployment of the platform.

The largest worth for patrons is “having one platform that leverages knowledge from the whole stack to prioritize danger,” CEO and cofounder Avi Shua stated. In that means, Orca is ready to floor not simply the underlying safety situation, but additionally its enterprise affect, Shua stated.

Utilizing Orca’s “SideScanning” know-how that collects knowledge from cloud environments, the platform supplies full visibility of cloud environments and connects the dots in safety alert knowledge to allow danger prioritization, Shua stated.

Key capabilities embody options for managing cloud vulnerabilities; recognizing misconfigurations in cloud accounts and workloads; and detecting malware and lateral motion in cloud environments.

Past Identification

Based: 2020
Valuation: $1.1 billion (February 2022)
Clients: Complete quantity not disclosed; buyer base grew 640% in 2021, year-over-year
Workers: 185 (up from 118 a 12 months in the past)

Past Identification has developed an answer for multifactor authentication (MFA) that’s centered on “chopping out the friction — making it really invisible to a consumer, or to an organization, that they’ve turned on MFA,” stated cofounder and CEO Tom “TJ” Jermoluk.

A key component is that the MFA resolution is passwordless, achieved by cryptographically embedding a consumer’s identities into their units. “Our customers don’t have to take a look at a one-time code or a push notification, or any of that,” Jermoluk stated. When a consumer opens an software on their PC or smartphone, utilizing the corporate’s system, the consumer could be mechanically logged in without having to enter any data.

Past Identification additionally supplies a zero belief “danger engine” that ensures solely legitimate customers can authenticate, Jermoluk stated — which “permits us to have this visibility that no one else can get” in an identification safety resolution. Among the many targets for Past Identification, he stated, is “to have this platform be adopted because the de facto zero belief platform.”

Finally, Past Identification brings the chance to “clear up so lots of the totally different issues which have existed [in security] with one platform,” Jermoluk stated.

BlueVoyant

Based: 2017
Valuation: “Considerably greater than $1 billion” (February 2022)
Clients: Greater than 700 on the finish of 2021 (up 80% year-over-year)
Workers: Almost 600 (virtually doubled from a 12 months in the past)

BlueVoyant supplies each inside safety and exterior cyber danger administration for patrons. The corporate’s managed detection and response (MDR) providing stands out with capabilities for analyzing large quantities of knowledge as a part of its menace detection, in response to BlueVoyant cofounder and CEO Jim Rosenthal.

And in terms of exterior cyber danger administration, what BlueVoyant gives is one-of-a-kind, Rosenthal stated. “We do provide chain protection, versus provide chain danger scoring,” he stated.

BlueVoyant appears to be like at each participant in a buyer’s provide chain, and identifies any externally detectable, extreme vulnerabilities that an attacker would see. The corporate then interacts with the provider to be sure that the problems are remedied — fixing the issue on the shopper’s behalf, Rosenthal stated.

As of proper now, in terms of provide chain protection of this kind, “nobody else does it,” Rosenthal stated. “And it’s what the world wants — if you wish to stop attackers from both disrupting your operations, or disrupting the provision chain, or shifting upstream in an operation to the enterprise itself.”

Aqua Safety

Based: 2015
Valuation: “In extra of $1 billion” (March 2021)
Clients: Greater than 450 (up from 400 a 12 months in the past)
Workers: 530 (up from 300 a 12 months in the past)

Aqua Safety gives a cloud-native software safety platform that spans the app growth lifecycle, with capabilities for securing the construct, infrastructure and workload/runtime. The corporate acquired a startup in December, Argon, that provides an answer for securing the software program provide chain to the platform, as effectively.

In the case of securing cloud-native applied sciences corresponding to containers and microservices, there may be now “a transparent realization available in the market that [companies’] current safety options don’t apply for this new stack,” stated cofounder and CEO Dror Davidoff.

Aqua’s varied modules are supplied individually, however are additionally built-in with a purpose to “join the dots” and supply a full safety image for a buyer’s cloud-native stack, Davidoff stated. The corporate has been investing closely to “create a number of complementary worth between the totally different modules — and actually flip it into one resolution,” he stated.

Finally, “I can say very comfortably that we’re the one which’s actually trying on the full lifecycle — out of your software program provide chain all the best way to your manufacturing, and having all of the [solutions] alongside the best way,” Davidoff stated.