Skull
AI security and belief software program agency Skull affords the Skull Enterprise software program platform, geared toward serving to organizations map, monitor, and handle AI/ML environments in opposition to threats with out interrupting how groups practice, check, and deploy their AI fashions. On June 15, the corporate launched its Skull AI Card, which permits organizations to collect and share details about the trustworthiness and compliance of their AI fashions with each purchasers and regulators and acquire visibility into the security of their distributors’ AI techniques.
Cyclops
Cyclops, primarily based in Tel Aviv, produces a contextual cybersecurity search platform. Based in 2020 by cybersecurity veterans Eran Zilberman (CEO), Elay Gueta (CTO) and Biran Franco (CPO), Cyclops affords a search engine powered by generative AI to reply essential and well timed questions in regards to the state of a corporation’s security posture and supply proactive protection in opposition to cyber threats and deal with vulnerabilities.
Descope
Descope is an authentication and person administration platform for passwordless authentication. It affords instruments for builders to simply add authentication, person administration, and authorization capabilities to apps. The platform protects in opposition to bot assaults on login pages, account takeover fraud, and session theft by figuring out dangerous person alerts to enact step-up authentication. The corporate was based in 2022.
DoControl
The DoControl platform offers automated, self-service instruments for information entry monitoring, orchestration, and remediation of SaaS purposes. It has the power to establish delicate data and stop it from leaving a corporation’s cloud occasion. DoControl is an agentless, event-driven platform. The corporate was based in 2020.
Dope.security
Billing itself as “the world’s solely fly-direct safe internet gateway (SWG),” dope.security performs security immediately on the endpoint as a substitute of routing site visitors by stopover datacenters. The method “improves efficiency as much as 4X, ensures that decrypted information by no means leaves the machine, and improves reliability by eliminating exterior dependencies.
Hadrian Safety
Hadrian is a hacker-led cybersecurity startup primarily based in London and Amsterdam that gives an event-based, offensive security platform in a SaaS mannequin. The corporate says its “autonomous expertise identifies actual threats and prioritizes the place motion is required, connecting pressing duties to present workflow instruments and processes in order that the necessary stuff will get dealt with first.” Utilizing cloud-native expertise and ML modules, Hadrian proactively and repeatedly scans and assessments firms’ IT infrastructures to offer quick and exact holistic insights.
Hush
Hush affords AI-based digital privateness providers for people and households, nevertheless it additionally has an enterprise-grade product to guard workforce privateness. As soon as companies deploy the Hush service, their workers are capable of handle their very own Hush profiles. This enables them to watch for and report privateness points and remediate points that put their privateness in danger. Hush additionally makes a “privateness advocate” accessible by cellphone or on-line. The corporate was based in 2021.
Inside-Out Protection
Launched in 2023, Inside-Out Protection claims to be “the cybersecurity trade’s first platform to unravel privilege entry abuse.” The corporate’s providing offers entry intent, real-time detection, and in-line remediation by a SaaS platform. “The platform permits the dedication of the gaps between recognized and unknown abuse behaviors, thereby stopping privilege abuse in real-time, at scale,” the corporate says.
Interpres Safety
Rising from stealth mode in December 2022, Interpres Safety affords a platform that permits organizations to higher handle their “protection floor.” It would present what their present security toolset can detect and defend in opposition to. The platform additionally helps establish gaps and inefficiencies in cyber defenses, permitting security groups to make use of a data-driven strategy to enhancing security posture.
Kodem
Kodem claims to be the “world’s first dynamic software program composition platform.” The corporate’s providing makes use of software runtime to highlight software dangers, creating software context primarily based on what is occurring throughout runtime, not simply in static code. Based on the corporate, “after researching the issue of noise, false positives, and inefficient remediation, now we have discovered that the one solution to get rid of false positives and successfully prioritize remediation is to look at purposes throughout runtime. By analyzing them as they’re working, it is potential to know precisely which parts are in use, how information strikes between them, and what a part of the applying is absolutely weak.”
Mobb
Automated vulnerability fixer Mobb makes use of AI-powered expertise to automate vulnerability remediations to considerably cut back security backlogs and free builders to give attention to innovation. Mobb ingests SAST outcomes from varied scanning instruments and routinely fixes code, whereas preserving the builders knowledgeable through the course of to instill belief and guarantee accuracy. Mobb ingests findings from a number of SAST options. The corporate says “its computerized code remediations are powered by AI, and knowledgeable by security greatest practices and enter from the builders who commit the fixes.”
Naxo Labs
Naxo Labs was based in 2022 by a bunch of famous consultants and former FBI particular brokers to offer forensic and investigation providers. The corporate works on circumstances involving cybercrimes akin to insider threats or mental property theft and packages the information for referral to regulation enforcement or for litigation. Naxo can be able to performing blockchain and cryptocurrency evaluation in addition to information restoration.
Nudge Safety
Nudge Safety affords an answer geared toward managing the security of software program as a service (SaaS) for distributed workforces. Its platform permits for the invention of cloud SaaS property created with out the necessity for community adjustments, endpoint brokers, or browser extensions. The corporate claims it offers visibility into your entire SaaS assault floor, together with managed and unmanaged accounts, OAuth connections, and assets. It additionally notifies when new SaaS accounts are created. Nudge was based in 2022.
Oligo Safety
Based in 2022, Oligo affords an open-source security platform that detects and prevents assaults akin to Log4Shell by monitoring malicious exercise on the library stage. The corporate claims that its runtime monitoring of open-source libraries focuses solely on vulnerabilities which might be related. The platform works with most trendy growth languages akin to Python, Go, Java, and Node and all cloud service suppliers akin to GCP, Azure and AWS.
Phylum.io
Phylum.io is a software program provide chain security firm that gives a security-as-code platform that provides security and threat groups extra visibility into the code growth lifecycle and the power to implement security coverage with out disrupting innovation. The platform protects builders and purposes on the perimeter of the open-source ecosystem and the instruments used to construct supply code. The corporate was the inaugural Black Hat Innovation Highlight competitors winner in 2022 and claims to have been the primary to detect and mitigate three separate assaults in opposition to npm builders by nation-state unhealthy actors since June.
Piiano
Piiano affords two merchandise: Piiano Scanner scans supply code for references to personally identifiable data (PII), and Piiano Vault secures delicate information whereas permitting it for use. Scanner can scan any Java or Python GitHub tasks on a single click on and is meant to enhance collaboration between growth and privateness groups. Vault’s API-based infrastructure permits protected storage of delicate information and offers compliance with GDPR and CCPA. Piiano was based in 2021.
Privya
Based in 2021, Privya’s platform offers a cloud-native strategy to information privateness by design. The corporate claims it’s going to enable organizations to higher allow privateness and information safety throughout the growth lifecycle course of. The Privya platform is ready to uncover and establish private information throughout a number of information sources and map the info move and enterprise logic. It additionally offers an automatic structure to higher meet compliance necessities.
Shield AI
Shield AI is a man-made intelligence and machine studying security firm that assist organizations shield ML techniques and AI purposes from distinctive security vulnerabilities, data breaches and rising threats. Its platform, AI Radar, “helps organizations construct safer AI by offering builders, ML engineers, and AppSec professionals a solution to see, know, and handle an ML atmosphere,” in keeping with the corporate. “AI Radar permits prospects to rapidly establish and remediate dangers, and keep a robust security posture for ML techniques and AI purposes.”
Savvy
Savvy’s workforce security automation platform addresses human error by giving SecOps visibility and security automation playbooks for orchestrating SaaS incident response earlier than an unsecure motion takes place. The corporate claims its platform “offers real-time alerts and suggestive steering to enhance person decision-making. Savvy’s give attention to the ‘human’ assault floor and defending workers throughout browsers and work apps solves an enormous downside all enterprises face and is just getting worse.”
Sharepass
Based in 2020, Sharepass offers a way to share confidential data securely throughout platforms. The corporate claims its web-based product doesn’t go away a digital path when information is shared. Sharepass first encrypts the data being shared and sends a hyperlink to the recipient. That hyperlink turns into inactive as soon as the recipient opens it. Senders can specify e-mail addresses, set deadlines for the way lengthy the hyperlink is legitimate, or require a PIN code.
Silk Safety
Silk Safety affords a sustainable cyber threat decision platform that allows security and operations stakeholders to collaboratively align discovering threat with fixing threat, enhancing enterprise security and compliance posture and centralizing visibility into threat decision standing. The platform incorporates AI applied sciences to consolidate and contextualize findings from a number of detection instruments, automates prioritization primarily based on severity, asset profiles and environmental components, and predictively assigns repair possession.
SnapAttack
SnapAttack offers a purple-teaming platform that the corporate claims to deal with your entire menace detection course of. The platform consists of an Attack Sign Library that catalogs assault threats and simulations. Crimson and blue groups can create their very own assault periods. SnapAttack permits purple groups to establish gaps in opposition to the MITRE ATT@CK matrix and to create detection logic with a no-code detection builder. The corporate was based in 2021.
SquareX
SquareX is growing a browser-based cybersecurity product to maintain customers protected on-line. The corporate’s product goals to deal with threats akin to phishing, id theft, session hijacking, and different browser-based assaults utilizing a browser extension that screens and protects customers whereas they go about their on-line actions. The corporate, based in 2023, plans to launch a beta model starting in Could.
Stack Identification
Identification and entry administration (IAM) governance firm Stack Identification targets the issue of shadow entry –unauthorized, unmonitored, and invisible cloud information entry patterns created by the myriad of human and machine cloud identities accessing the cloud. “It is our imaginative and prescient and conviction that the way forward for cloud security should be identity-first, access-centric and with a deep context of information, purposes, and software program,” in keeping with CEO and founder Venkat Raghavan. Stack employs its Breach Prediction Index algorithm to scale back the chance of cloud vulnerabilities and enhance IAM audits, compliance, and governance.
Candy Safety
Candy Safety’s Cloud Runtime Safety Suite offers runtime defenses throughout the entire phases of an assault together with detection and response, discovery, and prevention. Based on the corporate, “Candy leverages an eBPF-based sensor to realize cloud-native cluster visibility and stream key software information and enterprise logic to its servers. Utilizing an progressive framework to profile workload conduct anomalies and contextualize them with conventional TTPs, its evaluation makes use of a deep understanding of cloud assaults and customized shopper environments.” The corporate was based in 2021 by Dror Kashti, former CISO of the Israel Protection Forces (IDF) and Eyal Fisher, former head of the Cyber Division at Unit 8200.
TrustCloud (previously Kintent)
The TrustCloud platform is meant to assist firms move audits, handle threat, and full security opinions. It makes use of programmatic API-based management and threat verification, which might automate workflows and proof assortment. TrustCloud can analyze a compliance program and map it to a number of requirements. It additionally has an AI-based characteristic that helps fill out security questionnaires. TrustCloud was based in 2020 as Kintent.
Trustmi
Enterprise funds security firm Trustmi affords an end-to-end resolution geared toward serving to companies shield their backside line by eliminating losses from cyberattacks, inner collusion, and human error. Based in Israel in 2021, Trustmi claims to assist cut back B2B fee fraud by “a holistic strategy to beat the fragmentation of fee processes by offering a versatile resolution that seamlessly integrates into present organizational workflows.” The platform makes use of a novel belief community that unites crowd-sourced information from hundreds of distributors and companies to assist uncover vulnerabilities and detect suspicious alerts to maximise safety for enterprise funds.
Valence Safety
Valence Safety, based in 2021, affords a platform to remediate SaaS security dangers round third-party integration, id, misconfiguration, and information sharing. The platform offers its personal cross-SaaS information and permissions mannequin to assist keep entry management. It additionally comes with a set of automated SaaS security remediation workflows to reduce the necessity for specialised information to set them up.
Vanta
Belief administration platform developer Vanta has launched its Vendor Danger Administration product, offering third-party vendor security opinions and due diligence. The providing is designed to scale back the time and value of reviewing, managing, and reporting on third-party vendor threat. The corporate launched in 2018.
Vaultree
Vaultree, based in 2020, has developed what it claims is the primary “totally practical” data-in-use encryption software program growth package (SDK). The product is designed to get rid of the chance of information being leaked or stolen in plaintext kind. Based on Vaultree, can course of, search, and compute information at scale with out surrendering encryption keys or decrypting on the server aspect.
Veza
Veza offers an authorization platform for information to be used in hybrid, multi-cloud environments. The corporate claims it permits organizations to higher perceive, handle, and management who can and will take actions on information. It focuses on streamlining information entry governance, implementing information lake security, managing cloud entitlements, and modernizing privileged entry. Veza was based in 2020.
Wing Safety
Wing’s platform is designed to detect and routinely remediate SaaS software threats. It repeatedly screens utilization for each person, app and file. The platform can shut down what it considers dangerous app-to-app connections, limit and govern information shared with exterior customers over SaaS apps, and handle vulnerabilities round dangerous person conduct. It could possibly additionally handle tokens and permissions of SaaS purposes. Wing was based in 2020.
