The 20 Coolest Security Operations, Risk And Threat Intelligence Of 2025: The Security 100

From vendors that provide modern SIEM to those offering advanced threat feeds, here’s a look at 20 key companies in security operations, risk and threat intelligence.

When it comes to the crucial work of security operations teams, GenAI has rapidly made inroads — with countless tools now offering capabilities that can simplify and expedite the work of security analysts in responding to threats. Security analysts are now utilizing GenAI capabilities in a major way along with their SIEM (security information and event management) and SOAR (security orchestration, automation and response) tools, as a way to accelerate their responses and improve their security outcomes.

[Related: 10 Major Ransomware Attacks And Data Breaches In 2024]

In the SIEM market, meanwhile, a major shakeup sparked by Cisco’s $28 billion acquisition of Splunk has led to a series of other consolidation moves, including the merger of Exabeam and LogRhythm along with Palo Alto Networks’ $500 million acquisition of IBM’s QRadar SaaS business. Gartner’s 2024 Magic Quadrant for SIEM saw Microsoft, Splunk, IBM, Securonix and Exabeam ranked in the “leaders” quadrant.

Elsewhere in the security operations platforms space, Arctic Wolf recently completed its $160 million acquisition of Cylance from BlackBerry.

In the realm of threat intelligence, key providers include Google Cloud and Dataminr, while major players in risk management include Qualys, Tenable and Rapid7.

What follows are the 20 security operations, risk and threat intelligence companies that made our Security 100 for 2025.

Arctic Wolf

Nick Schneider

President, CEO

Arctic Wolf has enhanced its Aurora security oper­ations platform with the integration of SOAR tech­nology and plans to expand its capabilities further with the planned acquisition of Cylance’s endpoint security technology from BlackBerry. Meanwhile, it debuted a new module for Aurora that provides real-time threat intelligence and reporting.

Axonius

Dean Sysman

Co-Founder, CEO

Axonius expanded its offerings in cybersecurity asset management and SaaS security pos­ture management with the introduction of the Axonius Software Man­agement Module for tracking and managing all installed software. It also debuted enhancements for enabling better over­sight of SaaS usage.

BlueVoyant

Jim Rosenthal

Co-Founder, CEO

BlueVoyant unveiled its new Cyber Defense Program, integrating a number of defensive security tools— including internal, external and supply chain protec­tion—into a centralized platform. Key capabilities include managed XDR, supply chain defense, dig­ital risk protection, cyber posture management and proactive defense.

Cribl

Clint Sharp

Co-Founder, CEO

Data plat­form provider Cribl unveiled product updates including the debut of a managed data lake focused on long-term data retention, Cribl Lake. The company also unveiled AI-powered assistant Cribl Copilot and launched new and enhanced integrations for Cribl Stream including with Wiz, Oracle, Google Security Operations and OpenTelemetry.

Cynomi

David Primor

CEO

Cynomi offers an automated vCISO plat­form tailored to the needs of MSPs. The platform aims to offer equivalent capabilities to a governance, risk and compliance tool while also going further by conduct­ing gap analysis, creating customized policies and developing a prioritized remediation plan to ensure that cybersecurity is addressed as well.

Dataminr

Ted Bailey

Founder, CEO

Major launches for Dataminr included the debut of its new generative AI capability, ReGenAI. The technology provides automatic regeneration of textual descriptions throughout the unfolding of events, accelerating the delivery of up-to-date situ­ational understanding for threat teams.

Devo Technology

Walter Scott

CEO

Devo debuted its security data analyt­ics platform, including with new data orchestration capabilities focused on enhanced filter­ing and routing of data to cloud and data platforms. Other updates included the launch of the Devo Data Analytics Cloud for orchestration and ingestion of data from any source.

Exabeam

Chris O’Malley

President, CEO

Exabeam and Log­Rhythm announced the closure of their merger, with the combined company now known as Exabeam. It offers a cloud-native secu­rity operations platform as well as an on-premises SIEM platform. Recent updates included launch­ing compatibility with the OpenAPI standard for improved interoperability.

Google Cloud

Thomas Kurian

CEO

The cloud giant's new Google Threat Intelligence offering is integrated into the Google Security Operations platform. Google Threat Intelligence combines insight from three massive data sources—Mandiant, VirusTotal and Google— with new GenAI-powered capabilities.

IBM Security

Arvind Krishna

Chairman, President, CEO

The sale of its QRadar SaaS business to Palo Alto Networks comes as IBM shifts its cybersecurity strategy to focus on data security, as exemplified by its deal to acquire HashiCorp. The planned acquisition aims to bring capabilities such as data protection and identity-based security with products including HashiCorp Vault.

Infima

Joel Cahill

Co-Founder, CEO

Infima, an MSP-focused provider of highly automated security awareness train­ing, offers rapid setup and requires minimal oversight of its platform. The com­pany recently updated its platform with a simplified training invite process, newly available access to historical reports and user risk scoring.

KnowBe4

Stu Sjouwerman

Founder, CEO

KnowBe4 , a provider of security awareness training as well as anti-phishing capabilities, expanded into offering email security with the acquisition of Egress. The KnowBe4 Cloud Email Security offering provides adaptive, AI-powered defense capabilities and email threat prevention and encryption functionality.

Qualys

Sumedh Thakar

President, CEO

Qualys unveiled its new cloud-based risk operations center offering, Qualys Enterprise TruRisk Man­agement. The platform provides analysis of data from Qualys and third-party tools to protect hybrid, cloud and on-premises environments. Other updates have included the addition of vulnerability assessment capabilities.

Rapid7

Corey Thomas

CEO

Rapid7 debuted its new platform for threat exposure , detection and response, the Command Platform. It unifies visibility of vulner­abilities, exposures and threats across environ­ments and devices. Key capabilities include detec­tion and prioritization through Exposure Com­mand as well as discovery tool Surface Command.

Securonix

Kash Shaikh

President, CEO

Securonix debuted a suite of AI-powered capabilities, Securonix EON, using LLMs from Amazon Bed­rock and Anthropic Claude 3 to extend the company’s Unified Defense SIEM offering. EON provides new “psycholinguistics” capabilities to assist with hunting for insider threats as well as adaptive threat modeling.

ServiceNow

Bill McDermott

President, CEO

With the Xan­adu release of the Now Platform, Service­Now included a number of updates on security capabilities, including the expansion of GenAI func­tionality to its security operations offering. The Now Assist tool enables accelerated incident response workflows as well as real-time management of threat exposure.

Sumo Logic

Joe Kim

President, CEO

Updates to Sumo Logic’s Cloud SIEM platform included the launch of Insight Trainer, which utilizes AI to pro­vide suggestions on how to adjust detection sever­ity and automatically tune recommendations. Other enhancements included its MITRE ATT&CK Coverage Explorer, which provides a broad view across adver­sary tactics.

Tenable

Stephen Vintz, Mark Thurmond

Co-CEOs

Tenable bolstered its expo­sure management platform and cloud security offering through its acquisition of Ermetic. The acquisition enables it to provide cloud identity and permissions management technol­ogy as well as a complete cloud-native application protection platform.

Torq

Ofer Smadari

Co-Founder, CEO

Torq offers a no-code method for automating security operations activities. Key updates to its plat­form included the debut of Agentic AI capabili­ties via its autonomous, multi-agent security operations system. Torq’s Agentic AI agents provide autonomous analysis and assessment of security incidents.

ZeroFox

David Muse

CEO

ZeroFox launched an external attack surface management module, providing dis­covery of external assets, prioritization of risk and detection of unsanctioned shadow IT usage. Other moves included the launch of ZeroFox PSI Mobile, a mobile app that can assist with delivery of physical security intelligence.