- Despite the ongoing economic slump, recent research shows that the global cybersecurity market is expected to grow from $183.2 billion in 2019 to $230 billion by 2021.
- That industry growth includes investment in innovation, as IT staffs adopt new tools to address changes such as the boom in remote work.
- We've rounded up a list of promising young cybersecurity companies working in areas like passwordless authentication, autonomous threat detection, security training programs and more.
- Visit Business Insider's homepage for more stories.
The cybersecurity industry has experienced a rare silver lining of the COVID-19 economic collapse, recent studies show. Remote workers need new kinds of protection; healthcare organizations need defenses in a desperate time; and high-profile ransomware cases drive demand for new solutions.
"Cybersecurity is perhaps more relevant than ever given the new scale of remote work," analysts from startup incubator DataTribe recently wrote. "This is a great time to invest in quality ventures."
The global cybersecurity market is expected to grow from $183.2 billion in 2019 to $230 billion by 2021, led by remote worker security and healthcare security, according to April research on COVID-19's impact from the firm Markets and Markets. Meanwhile, customers are willing to pay up for innovative products: The number of companies spending more than 20% of their cybersecurity budgets on advanced technologies has doubled in the last three years, according to recent research from Accenture.
With these market forces in mind, we rounded up 16 cybersecurity startups that are making news and impressing investors. Several are announcing new funding this week while others just launched. They range in funding from $10 million to $570 million. All are plunging into developing areas, whether that means exploring new approaches to authentication to avoid passwords, harnessing the power of automation, or using machine learning to teach algorithms to protect us.
While it's far from a complete list, here's a look at some of the cybersecurity startups bringing innovation and investment opportunity to a down economy:
Darktrace: Using machine learning to identify and stop threats
Name: Darktrace
Cofounder and co-CEO: Poppy Gustafsson
What it does: Darktrace creates profiles for networks, devices, and users in an organization and then deploys machine learning (a kind of artificial intelligence that uses vast amounts of data to train algorithms to make predictions) to identify anything that doesn't look like "normal" behavior and thus alert security teams to possible threats before they harm the company.
Why it's noteworthy: Darktrace has made a name for itself by spotting strange hacks and scams, such as bad actors trying to break into a US casino using the internet-connected thermometer in a fish tank. Gustafsson was named an Officer of the British Empire in June for her contributions to cybersecurity.
Funding: $230.5 million, the latest round in 2018 led by Kohlberg Kravis Roberts, Vitruvian Partners, and TenEleven Ventures.
Beyond Identity: Killing the password they helped to create
Company: Beyond Identity
Founders: Jim Clark and Tom Jermoluk (CEO)
What it does: Beyond Identity, which just launched in April, uses an old solution in a new way to provide passwordless security. The firm uses the "certificates" system that verifies trusted websites (generating the little lock icon next to a web address in your browser) to also verify users. So, users sign in on their laptop or phone and then don't need to use passwords on any websites.
As veterans of the pioneering web browser Netscape, the founders are essentially addressing a problem — passwords — which they helped create 25 years ago.
Funding: $30 million in Series A funding from Koch Disruptive Technologies and New Enterprise Associates.
Druva: Centralizing and protecting enterprises' data
Company: Druva
Founder and CEO: Jaspreet Singh
What it Does: Druva's cloud platform breaks down data silos and centralizes businesses' critical data in a single location in the cloud. That allows it to protect data spread across company laptops, applications, and servers. It can also help customers identify data loss and recover that data, and says that it has more than 4,000 enterprises using its products, including Marriott, Live Nation and NASA.
Funding: $328 million in funding via Sequoia Capital, Viking Global Investors, Tenaya Capital, Riverwood Capital and Nexus Partners, among others.
BioCatch: Learning your gestures and traits to verify your identity
Company:BioCatch
CEO: Howard Edelstein
What it does: BioCatch uses behavioral biometrics, in which artificial intelligence "learns" to identify a user's identity by monitoring all kinds of gestures and behavior. Financial technology customers like American Express use it to guard against fraud.
Why it's noteworthy: The startup is newly relevant as the COVID-19 pandemic makes people worried about the possible coronavirus exposure of using shared touchscreens and analysts predict that facial recognition and gesture identification will replace fingerprint identification on touchscreens.
Funding: $187 million, including a $145 million round in April led by Bain Capital Tech Opportunities.
CyberMDX: Protecting medical IoT devices
Name:CyberMDX
Cofounder and CEO: Amir Magner
What it does: CyberMDX protects internet-connected medical devices and the networks that host them from cybersecurity attacks by alerting hospital security teams to vulnerabilities they didn't know existed. It essentially tries to avoid worst-case scenarios where ransomware attacks lock down entire networks, making potentially life-saving medical devices inaccessible.
As health systems grow to include more locations on scattered campuses, the ability to identify and locate faulty pieces of equipment can save time, money, and lives.
Funding: $30 million from investors including Pitango Venture Capital, Qure Venture
Cybereason: Securing endpoints like laptops and smartphones with a billion-dollar valuation
Company: Cybereason
Founders: Yonatan Striem-Amit, Lior Div (CEO), and Yossi Naar
What it does: Cybereason specficically focuses on risks to "endpoints" (like laptops, iPads, servers, and mobile devices) to help security analysts respond faster to threats. The firm also provides forensics services, advanced analysis services, and breach response services.
The company reached unicorn status — becoming a billion-dollar company — in 2019.
Funding: $389 million total, including from Softbank, Lockheed Martin, Charles River Ventures, and Spark Capital
Elevate Security: Making cybersecurity training interesting
Company: Elevate Security
Founders: Masha Sedova and Robert Fly (CEO)
What it does: Elevate Security trains employees to have better cybersecurity habits by evaluating their behavior and notifying them of ways to improve. The cofounders — both former Salesforce executives — stress a positive and upbeat approach to cybersecurity, which is unusual in a field that often focuses on threats and risk.
Why it's noteworthy: A Forrester report in March gave Elevate Security the highest score possible among cybersecurity training companies, saying the firm offers customers "a departure from ancient cybersecurity employee training rhetoric."
Funding: $10 million total over two rounds, most recently a 2019 round of $8 million led by Defy.
Kriptos: Classifying and protecting company information
Company:Kriptos
Founders: Christian Torres and Alfonso Villalba
What it does: Kriptos uses machine learning to understand the vocabulary of an organization and automatically classify its internal documents to prevent leakage of confidential data.
An organization with between 5,000 and 10,000 employees would have more than 10 million files and it would take 20 years to classify the data manually, Kriptos says. By contrast, it could understands the content and context of each file and classify them in less than a week, it says.
With a strong foothold in Latin America, the startup has impressed investors in an area crucial to protecting against data threats like ransomware.
Funding: $570,000 with latest round led by SixThirty Cyber
Quantum Xchange: Providing encryption for the future
Company: Quantum Xchange
Founder: John Prisco
What it does: Quantum Xchange provides encryption that can withstand the power of quantum computers, the super powerful computers of the near future that experts fear will be able to easily crack into our most secure forms of data. In fact, researchers say hostile nation-states, in particular China, have already stolen assets from the United States, and are stockpiling that encrypted information until quantum computers can crack it.
Traditional encryption is based on mathematical algorithms, which can be solved by super-computers. Quantum Xchange uses an encryption method that relies on physics, employing photons to transmit an encryption "key" that cannot be intercepted. This level of security will help finance, government, critical infrastructure like power plants, and more protect their most important data.
Funding: $10 million from New Tech Ventures
Randori: Attacking its clients to point out security flaws
Company: Randori
Founders: Brian Hazzard (CEO) and David Wolpoff
What it does: Randori attacks its clients just like real hackers do to help organizations find and address their vulnerabilities. The Denver-based startup uses an automated platform to provide continuous intelligence from the point of view of hackers (whereas in the past companies had to pay for individual simulated hacker attacks).
Why it's noteworthy: Randori raised a new round of funding this month to invest more in its team of hackers, who develop new automated attack techniques and tools.
Funding: $49.8 million from Harmony Partners, Accomplice, .406 Ventures and Legion Capital.
Armis: Automatically tracking IoT devices
Company: Armis
Founders: Yevgeny Dibrov (CEO) and Nadir Izrael
What it does: Armis provides cybersecurity for an enterprise's Internet of Things devices by automatically tracking their behavior, detecting threats, and taking action where necessary to protect threatened devices, the company says.
Why it's noteworthy: Armis' team of researchers have drawn attention to the insecurity of IoT through several recent vulnerability reports, which highlighted issues with millions of devices used in healthcare, aviation, manufacturing and more.
Funding: $112 million total with a $65 million round in April of 2019 led by Sequoia Capital. In February, venture capital firm Insight Partners (with participation from other firms) acquired Armis at a valuation of $1.1 billion in anticipation of an initial public offering.
Those plans have been shaken up by the COVID-19 pandemic, the independently operated startup says, though it still hopes to go public at some point.
ReliaQuest: Making the most of your existing tools
Company: ReliaQuest
Founder: Brian Murphy
What it does: ReliaQuest connects cybersecurity tools from different vendors to help companies make the most of products they already have. This addresses a key need in an increasingly crowded cybersecurity market: integrating and automating different tools into a simplified and effective company strategy.
Since its founding in 2007, ReliaQuest has retained 97% of customers, the company says, and has more than 35 current and pending patents.
Funding: $30 million total from FTV Capital
Orca: Finding security issues in the cloud with a new kind of scan
Company:Orca Security
Cofounder and CEO: Avi Shua
What it does: Orca provides automated software-as-a-service cybersecurity for cloud applications by deeply analyzing an organization's remote data storage systems, without the need for human or direct computer interaction.
The company has created a scanning tool that pulls in many sources of data from a companies' application programming interfaces — the mechanisms that connect different computer programs — and automatically finds vulnerabilities, malware, misconfigurations, leaked or weak passwords, and more, without agents and in minutes.
Funding: $26.5 million, including a $20 million Series A funding round this month led by GGV Capital.
Sixgill: Analyzing the dark web to block attacks
Company:Sixgill
Founders: Avi Kasztan, Elad Lavi
What it does: Sixgill analyzes the dark web to monitor for sensitive data leaks or imminent cyberattacks, which it will try to prevent from occurring. It sends clients real-time alerts of any threats it finds.
It creates profiles of malicious actors, mapping their hidden social networks and behavior patterns to analyze and predict their activity.
Funding: $21 million from Terra Venture Partners, Elron Electronic Industries, Sonae IM, and REV Venture Partners.
Sonatype: An open-source security company
Company: Sonatype
Cofounder and CEO: Wayne Jackson
What it does: Sonatype addresses security issues in open-source code by helping developers ensure that it's safe.
Why it's noteworthy:Equifax turned to Sonatype after the credit giant's global data breach crisis, which involved open-source security issues. The startup helped Equifax shore up its code, ultimately leading to cultural changes at the multi-national firm.
Funding: $154.7 million from firms including Accel and Goldman Sachs. Sonatype was acquired by Vista Equity Partners in November for an undisclosed sum.
Tessian: Protecting people from email threats
Company: Tessian
Founders: Tim Sadler (CEO), Tom Adams, and Ed Bishop
What it does: Tessian focuses on email security. It uses machine learning to automatically identify and block incoming emails containing malicious links, ultimately preventing data loss – such as what happens in ransomware attacks.
Why it's noteworthy: Tessian's three co-founders were investment bankers in their early 20s with no security expertise when they discovered that most email security was focused on protecting computer systems – and not taking into account employees' user experience. Tessian learns a user's network of contacts and email habits, and tailors an automated security profile that blocks threats and urges cautions for that specific user.
Funding: $58.7 million from Accel and Sequoia