The 10 Hottest Cybersecurity Startups Of 2021

The 10 hottest cybersecurity startups include companies revealing threats hidden inside APIs, preventing data breaches on SaaS applications, and identifying vulnerabilities and risks in customer infrastructure.

Applications Take Center Stage

Some of cybersecurity’s best and brightest have in recent years formed companies to address everything from discovering legacy and modern APIs and reveal threats and business abuse hiding inside APIs to securing and controlling access to sensitive data and resources and reducing cyber risk, waste and complexity through managed services.

CRN has identified 10 cybersecurity startups founded since 2020 with at least $4 million in outside funding that stood apart from the pack thanks to new funding, the launch of partner initiatives, or key product enhancements or updates. Three of the top startups are based in Israel, three are based in the Northeastern United States, two are based in California, and two are based in Texas.

These companies are solving security challenges such as preventing data breaches on SaaS applications, discovering and inventorying cloud and on-premises systems, and identifying potential vulnerabilities, risks, and gaps in customer infrastructure before an incident occurs. Here’s a look at how the 10 coolest cybersecurity startups have made themselves relevant to partners and customers alike.

BreachQuest

CEO: Shaun Gordon

BreachQuest was founded in 2021 and in August closed a $4.4 million seed funding round led by Slow Ventures, Tinder Founders Sean Rad and Justin Mateen and Lookout Founder Kevin Mahaffey to accelerate the development and rollout of the company’s incident response platform. The Dallas-based company employs 27 people just 10 months after its establishment, according to LinkedIn.

The company’s Priori Platform will empower organizations to immediately improve their security posture with end-to-end readiness and response capabilities that provide unrivaled visibility for first responders into when and where a breach happened. It provides rapid information when a threat is detected on what endpoints have been compromised, enabling a quick response and containment.

BreachQuest in October rolled out its Recovery and Remediation business line to reduce the client‘s recovery costs and recovery time by working directly with them to restore, rebuild and recover their environment. The team can deploy around the globe 24/7 and assist clients on the ground within a matter of hours, providing advice on key operational resilience controls pre-breach.

DoControl

CEO: Adam Gavish

DoControl was founded in 2020 and in April closed a $10 million Series A round led by RTP Global to help the company execute its go-to-market strategy by doubling its head count across research and development, sales and marketing. The New York-based company employs 35 people, up from just 13 employees a year ago, according to LinkedIn.

The company said it helps enterprises prevent data breaches on SaaS applications while minimizing or eliminating the impact on business enablement. The DoControl platform offers comprehensive asset management to provide critical business insight across users, external collaborators, assets and third-party domains.

DoControl in July appointed Votiro and CyberGRX veteran Ed Rodriguez as vice president of North American sales to accelerate the company’s go-to-market execution. The company’s app debuted in the CrowdStrike Store in September, making it possible for CrowdStrike detections to be automatically cross-referenced with the same files stored in corporate SaaS applications that employees use daily.

Grip Security

CEO: Lior Yaari

Grip Security was founded in 2021 and in April closed a $6 million seed funding round led by YL Ventures to enable organizations to discover and secure all SaaS applications from any device and any location. The Tel Aviv, Israel-based company employs 31 people just 10 months after its establishment, according to LinkedIn.

The company provides organizations with full visibility into their entire SaaS portfolio—known and unknown—as well as enforceable endpoint-centric access and data governance capabilities. Armed with deep visibility, Grip said its approach secures all SaaS application access regardless of device or location as well as maps data flows to apply security policies, including data loss prevention.

The Grip Security platform’s key capabilities include comprehensive SaaS application coverage, historical visibility into SaaS application usage and insight into risk levels posed by SaaS applications. The company can also apply security policies across any application or device as well as conduct deep cross-organizational analysis of applications, users and activity, according to Grip.

Neosec

CEO: Giora Engel

Neosec was founded in 2020 and in September closed a $20.7 million Series A funding round led by True Ventures, New Era Capital Partners, TLV and SixThirty to brings established techniques from XDR security products to reveal threats and business abuse hiding inside APIs. The Palo Alto, Calif.-based company employs 33 people, up from just 11 employees a year ago, according to LinkedIn.

The company’s technology finds all APIs involved with an organization based on existing logs without the need to install any sensors. Neosec establishes and constantly maintains a complete inventory of APIs in use and generates missing documentation for ones that are previously unknown.

Neosec audits the risk posture of all discovered APIs and identifies those transferring sensitive data, revealing any discrepancies between existing API documentation and the parameters of the API. The technology automatically learns the baseline behavior of every API user and client, enabling customers to see, investigate, and threat hunt using detailed timelines of behavior for each user entity.

Noetic Cyber

CEO: Paul Ayers

Noetic Cyber was founded in 2020 and in July closed a $20 million Series A funding round led by Energy Impact Partners to enable security teams to make faster and more accurate decisions around detecting coverage gaps and reducing cyber risk. The Waltham, Mass.-based company employs 29 people just 22 months after its founding, according to LinkedIn.

The company uses graph database technology to discover and inventory the key entities present in an organization‘s environment, including cloud and on-premises systems. Noetic builds a dynamic map of the cyber relationships between those entities, highlighting cyber risk and non-compliant systems.

Noetic’s built-in orchestration and automation drive continuous enrichment and remediation, ensuring that systems are restored to their desired state. The platform has a rich automation workflow engine, enabling security teams to anticipate and react to changing IT and security requirements. Noetic’s initial offerings for cyber asset management and continuous controls monitoring were introduced in July.

Noname Security

CEO: Oz Golan

Noname Security was founded in 2020 and in June closed a $60 million Series B funding round led by Insight Partners to help enterprises discover, analyze, remediate, and test all legacy and modern APIs. The Palo Alto, Calif.-based company employs 177 people, up from just 23 employees a year ago, according to LinkedIn.

The company’s platform creates a complete inventory of an organization’s APIs and uses AI and machine learning to detect attackers, suspicious behavior, and misconfigurations. Noname Security remediates API vulnerabilities by integrating with existing security infrastructure and blocking attacks in real-time, all without deploying agents or requiring network modifications.

The Noname Unnamed Partner Program (UPP) launched in November to equip VARs, channel partners, technology partners, SIs, distributors and MSSPs with the technology and resources they each need to create sizable revenue opportunities in the API security market. The program offers a blueprint to guide partners in driving revenue, uncovering market opportunities, and fostering innovation for success.

SnapAttack

CEO: Peter Prizio

SnapAttack was spun out from Booz Allen Hamilton in 2021 and in November closed a $8 million seed funding round led by Volition Capital to help organizations proactively identify potential vulnerabilities, risks, and gaps in their infrastructure before an incident occurs. The Washington D.C.-based company employed 14 people in November when it was established as a standalone entity, according to LinkedIn.

The company combines offensive and defensive tradecraft to identify security gaps and improve advanced behavioral detections, integrating across SIEM, EDR/XDR, and cloud offerings. SnapAttack’s security platform is focused on attack emulation, detection-as-code and continuous development and validation of robust behavioral analytics.

With the funding, SnapAttack plans to accelerate platform development to further integrate across security operations processes, manage the entire lifecycle of detection analytics, and enhance reporting. In addition, the company plans to drive additional threat intelligence and analytic content types into the platform to create the most robust and comprehensive detections with minimal human interaction.

SolCyber

CEO: Scott McCrady

SolCyber was founded in 2021 and in July closed a $20 million Series A funding round led by ForgePoint Capital to extend its technology offerings, build market awareness, drive customer growth and support an aggressive hiring strategy. The Dallas-based company employs 21 people just 10 months after its establishment, according to LinkedIn.

The managed security service provider (MSSP) delivers a curated technology stack including endpoint with EDR capabilities, lateral movement detection, advanced email security and active directory and admin exploitation prevention. SolCyber’s security tools and services are streamlined, accessible and affordable for any organization and work to reduce cyber risk, wastage and complexity.

SolCyber in October tapped Area 1 Security to be the primary cloud email security provider for all its customers to bring best-in-class email protection to midsize organizations. In a 12-month period, SolCyber said Area 1 Security prevented more than half a billion dollars in direct losses for its customers, including some of the world’s largest healthcare, financial services, retail and consumer goods brands.

Talon Cyber Security

CEO: Ofer Ben-Noon

Talon Cyber Security was founded in 2021 and in April closed a $26 million seed funding round led by Team8 and Lightspeed Venture Partners to allow the company to further develop its technology and expand the development team. The Tel Aviv, Israel-based company employs 28 people just nine months after its establishment, according to LinkedIn.

The company in October launched TalonWork, a browser-based endpoint offering intended to address the unique threats imposed by the hybrid workforce. Talon‘s corporate browser can be deployed across an organization in less than an hour, allowing security leaders to make the browser their first line of defense with minimum complexity and cost and without additional hardware.

Talon’s technology allows organizations to better secure and control access to sensitive data and resources, accelerates onboarding in multiple work scenarios and enables rapid and efficient endpoint disaster recovery. The product provides resilience against malware on the device, browser hardening against zero-day exploits and data leakage prevention mechanisms integrated in the browser.

Valence Security

CEO: Yoni Shohet

Valence Security was founded in 2021 and in October closed a $7 million seed funding round led by YL Ventures to manage the risks from third-party integrations and secure app-to-app connectivity in the modern business environment. The Tel Aviv, Israel-based company employs 19 people just eight months after its establishment, according to LinkedIn.

The platform delivers immediate, non-intrusive risk surface management, providing organizations with a visible map of their app-to-app integrations and spotlighting risky third-party connections. It constantly alerts on anomalous activities and unauthorized data access across the Business Application Mesh.

Valence applies zero trust principles and enables enforcement of policies such as least privilege to significantly reduce the risk surface and allow security teams to be more preemptive regarding risks. The company’s technology is already deployed at select global enterprises which were able to significantly reduce their risk surface with actionable insights.