The problems cyber security start-ups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Start-ups can often innovative faster because they are unfettered by an installed base.
The downside, of course, is that start-ups often lack resources and maturity. It’s a risk for a company to commit to a start-up’s product or platform, and it requires a different kind of customer/vendor relationship. The rewards, however, can be huge if it gives that company a competitive advantage or reduces stress on security resources.
The vendors below represent some of the most interesting start-ups (defined here as a company founded or emerging from stealth mode in the past two years).
As organisations use more software-as-a-service (SaaS) platforms, security teams can find it hard to monitor and guard against the risks they present. Grip Security’s product promises to provide greater visibility across all SaaS platforms used in an organisation. According to the company, this allows for better enforce security policies and identify security blindspots. The Grip platform can work standalone or with a cloud access security broker (CASB).
The cloud-native JupiterOne cyber asset attack surface management platform promises to bring more context to a range of security processes including vulnerability management, compliance, and identity and access management (IAM). The company also claims that its platform can better enable organisations to comply with security regulations. Enabling this are JupiterOne’s integration capabilities, which allow it to work within the existing security environment.
Lightspin offers a cloud-native application protection platform (CNAPP) that the company claims can identify, prioritise and remediate attack paths within the cloud stack.
The platform will work in any cloud hosting environment including Amazon Web Services (AWS), Azure and Google Cloud Platform (GCP). The Lightspin platform works across all phases of DevOps. For example, it can perform IaC and API scanning during build, identify misconfigurations and exposed secrets during production, and provide malware and runtime protection during runtime.
Noetic Cyber sells what it calls a “continuous cyber asset management and controls platform.” The company claims that this platform can provide greater visibility into the network, improved controls monitoring, and a better understanding of the relationship network entities. On the last point, Noetic’s platform can map relationships among assets to help identify security gaps. Noetic also offers integration with orchestration and automation workflows.
Tracking what Polar Security calls “shadow data” across the cloud can be a challenge. The company attempts to meet that challenge with its data security posture management (DSPM) solution, which it claims is the first automated data security and compliance platform.
According to Polar Security, its platform will automatically map and follow data and data workflows of cloud-native data to better prevent vulnerabilities and meet regulatory compliance. Once the platform identifies data, an automated labelling feature allows for classifying sensitive data.
Revelstoke offers what it claims is the first low-code security orchestration, automation and response (SOAR) platform. The company’s aim is to simplify the implementation and management of SOAR. It does so by offering low-code playbooks to automate security processes, pre-built integrations built on a unified data layer, case management though what it calls “guided investigations”, and a dashboard-based user interface.