Descope
Descope is an authentication and consumer administration platform for passwordless authentication. It presents instruments for builders to simply add authentication, consumer administration, and authorization capabilities to apps. The platform protects towards bot assaults on login pages, account takeover fraud, and session theft by figuring out dangerous consumer indicators to enact step-up authentication. The corporate was based in 2022.
DoControl
The DoControl platform supplies automated, self-service instruments for knowledge entry monitoring, orchestration, and remediation of SaaS functions. It has the flexibility to determine delicate data and forestall it from leaving a corporation’s cloud occasion. DoControl is an agentless, event-driven platform. The corporate was based in 2020.
Hush
Hush presents AI-based digital privateness providers for people and households, nevertheless it additionally has an enterprise-grade product to guard workforce privateness. As soon as companies deploy the Hush service, their workers are in a position to handle their very own Hush profiles. This permits them to observe for and report privateness points and remediate points that put their privateness in danger. Hush additionally makes a „privateness advocate“ out there by telephone or on-line. The corporate was based in 2021.
Inside-Out Protection
Launched in 2023, Inside-Out Defense claims to be „the cybersecurity trade’s first platform to unravel privilege entry abuse.“ The corporate’s providing supplies entry intent, real-time detection, and in-line remediation by a SaaS platform. „The platform permits the willpower of the gaps between identified and unknown abuse behaviors, thereby stopping privilege abuse in real-time, at scale,“ the corporate says.
Interpres Safety
Rising from stealth mode in December 2022, Interpres Security presents a platform that permits organizations to raised handle their „protection floor.“ It’s going to present what their present safety toolset can detect and defend towards. The platform additionally helps determine gaps and inefficiencies in cyber defenses, permitting safety groups to make use of a data-driven strategy to bettering safety posture.
Kintent
Kintent’s Trust Cloud platform is meant to assist firms move audits, handle danger, and full safety critiques. It makes use of programmatic API-based management and danger verification, which might automate workflows and proof assortment. Belief Cloud can analyze a compliance program and map it to a number of requirements. It additionally has an AI-based function that helps fill out safety questionnaires. Kintent was based in 2020.
Kodem
Kodem claims to be the „world’s first dynamic software program composition platform.“ The corporate’s providing makes use of software runtime to highlight software dangers, creating software context primarily based on what is occurring throughout runtime, not simply in static code. Based on the corporate, „after researching the issue of noise, false positives, and inefficient remediation, we now have discovered that the one solution to get rid of false positives and successfully prioritize remediation is to look at functions throughout runtime. By analyzing them as they’re working, it is doable to know precisely which parts are in use, how knowledge strikes between them, and what a part of the applying is de facto susceptible.“
Naxo Labs
Naxo Labs was based in 2022 by a gaggle of famous consultants and former FBI particular brokers to offer forensic and investigation providers. The corporate works on instances involving cybercrimes equivalent to insider threats or mental property theft and packages the information for referral to regulation enforcement or for litigation. Naxo can also be able to performing blockchain and cryptocurrency evaluation in addition to knowledge restoration.
Nudge Safety
Nudge Security presents an answer aimed toward managing the safety of software program as a service (SaaS) for distributed workforces. Its platform permits for the invention of cloud SaaS property created with out the necessity for community adjustments, endpoint brokers, or browser extensions. The corporate claims it supplies visibility into the whole SaaS assault floor, together with managed and unmanaged accounts, OAuth connections, and assets. It additionally notifies when new SaaS accounts are created. Nudge was based in 2022.
Oligo Safety
Based in 2022, Oligo presents an open-source safety platform that detects and prevents assaults equivalent to Log4Shell by monitoring malicious exercise on the library stage. The corporate claims that its runtime monitoring of open-source libraries focuses solely on vulnerabilities which are related. The platform works with most fashionable improvement languages equivalent to Python, Go, Java, and Node and all cloud service suppliers equivalent to GCP, Azure and AWS.
Piiano
Piiano presents two merchandise: Piiano Scanner scans supply code for references to personally identifiable data (PII), and Piiano Vault secures delicate knowledge whereas permitting it for use. Scanner can scan any Java or Python GitHub tasks on a single click on and is meant to enhance collaboration between improvement and privateness groups. Vault’s API-based infrastructure permits protected storage of delicate knowledge and supplies compliance with GDPR and CCPA. Piiano was based in 2021.
Privya
Based in 2021, Privya’s platform supplies a cloud-native strategy to knowledge privateness by design. The corporate claims it is going to permit organizations to raised allow privateness and knowledge safety throughout the improvement lifecycle course of. The Privya platform is ready to uncover and determine private knowledge throughout a number of knowledge sources and map the info move and enterprise logic. It additionally supplies an automatic structure to raised meet compliance necessities.
Sharepass
Based in 2020, Sharepass supplies a way to share confidential data securely throughout platforms. The corporate claims its web-based product doesn’t depart a digital path when knowledge is shared. Sharepass first encrypts the data being shared and sends a hyperlink to the recipient. That hyperlink turns into inactive as soon as the recipient opens it. Senders can specify e mail addresses, set closing dates for the way lengthy the hyperlink is legitimate, or require a PIN code.
SnapAttack
SnapAttack supplies a purple-teaming platform that the corporate claims to handle the whole risk detection course of. The platform consists of an Assault Sign Library that catalogs assault threats and simulations. Purple and blue groups can create their very own assault periods. SnapAttack permits purple groups to determine gaps towards the MITRE ATT@CK matrix and to create detection logic with a no-code detection builder. The corporate was based in 2021.
SquareX
SquareX is creating a browser-based cybersecurity product to maintain customers protected on-line. The corporate’s product goals to handle threats equivalent to phishing, identification theft, session hijacking, and different browser-based assaults utilizing a browser extension that screens and protects customers whereas they go about their on-line actions. The corporate, based in 2023, plans to launch a beta model starting in Could.
Stack Id
Id and entry administration (IAM) governance firm Stack Identity targets the issue of shadow entry –unauthorized, unmonitored, and invisible cloud knowledge entry patterns created by the myriad of human and machine cloud identities accessing the cloud. „It is our imaginative and prescient and conviction that the way forward for cloud safety should be identity-first, access-centric and with a deep context of information, functions, and software program,“ in line with CEO and founder Venkat Raghavan. Stack employs its Breach Prediction Index algorithm to cut back the chance of cloud vulnerabilities and enhance IAM audits, compliance, and governance.
Valence Safety
Valence Security, based in 2021, presents a platform to remediate SaaS safety dangers round third-party integration, identification, misconfiguration, and knowledge sharing. The platform supplies its personal cross-SaaS knowledge and permissions mannequin to assist preserve entry management. It additionally comes with a set of automated SaaS safety remediation workflows to attenuate the necessity for specialised data to set them up.
Vanta
Belief administration platform developer Vanta has launched its Vendor Danger Administration product, offering third-party vendor safety critiques and due diligence. The providing is designed to cut back the time and value of reviewing, managing, and reporting on third-party vendor danger. The corporate launched in 2018.
Vaultree
Vaultree, based in 2020, has developed what it claims is the primary „absolutely useful“ data-in-use encryption software program improvement package (SDK). The product is designed to get rid of the chance of information being leaked or stolen in plaintext type. Based on Vaultree, can course of, search, and compute knowledge at scale with out surrendering encryption keys or decrypting on the server aspect.
Veza
Veza supplies an authorization platform for knowledge to be used in hybrid, multi-cloud environments. The corporate claims it permits organizations to raised perceive, handle, and management who can and will take actions on knowledge. It focuses on streamlining knowledge entry governance, implementing knowledge lake safety, managing cloud entitlements, and modernizing privileged entry. Veza was based in 2020.
Wing Safety
Wing’s platform is designed to detect and routinely remediate SaaS software threats. It constantly screens utilization for each consumer, app and file. The platform can shut down what it considers dangerous app-to-app connections, limit and govern knowledge shared with exterior customers over SaaS apps, and handle vulnerabilities round dangerous consumer habits. It may additionally handle tokens and permissions of SaaS functions. Wing was based in 2020.
