Cybersecurity startups to watch for in 2023

These startups are jumping in where most established security vendors have yet to go.

iot security startups hot highlights planets rocket lock security
Who_I_am / Getty Images

The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base.

The downside, of course, is that startups often lack resources and maturity. It’s a risk for a company to commit to a startup’s product or platform, and it requires a different kind of customer/vendor relationship. The rewards, however, can be huge if it gives that company a competitive advantage or reduces stress on security resources.

The vendors below represent some of the most interesting startups (defined here as a company founded or emerging from stealth mode in the past two years).

[Editor's note: This article, originally published November 11, 2022, is periodically updated as new startups emerge.]

Aembit

Aembit produces a cloud-based identity platform that lets DevOps and security teams discover, manage, enforce, and audit access between federated workloads. The company helps organizations apply a zero trust security framework to workload access, similar to existing solutions for workforce access, by providing seamless and secure access from workloads to the services companies depend on, such as APIs, databases, and cloud resources. Aembit launched in 2023.

Akto

Founded in 2021, Akto focuses on API security. The company claims its platform, run locally or in the cloud, discovers and tests internal, external, and third-party APIs. It then finds vulnerabilities quickly during runtime. It supports key API data sources such as AWS, Google Cloud, and Kubernetes. The platform can be deployed in about a minute, according to Akto.

Axiado

Axiado develops trusted control/compute unit (TCU) processors that offer hardware-based and AI-driven security technologies. The company claims its semiconductors provide pre-emptive threat detection in an AI-driven approach to platform security against ransomware, supply chain, side-channel, and other cyberattacks against cloud data centers, 5G networks and other disaggregated compute networks.

Binarly

The Binarly SaaS Analytics Platform is designed to find security flaws at the hardware and firmware level. It does so through what the company calls "deep-code inspection technology at the binary level." The platform identifies, assesses, and prioritizes potential problems by inspecting device snapshots for malicious code patterns, anomalies and vulnerabilities, and misconfigurations. It then generates a report with actionable advice. Binarly was founded in 2021.

BoostSecurity

BoostSecurity offers a DevSecOps automation platform that it claims can help detect and remediate vulnerabilities while allowing DevOps to work at its own pace. It also facilitates the creation and governing of policies across code, cloud, and CI/CD flows. A single control plane provides visibility into software supply chain risks. BoostSecurity came out of stealth mode in 2022.

BreachQuest

BreachQuest’s Priori incident response platform promises to collect and analyze security event data quickly to scope and contain attacks as well as speed recovery. Priori continuously monitors systems for malicious activity. When a breach occurs, it immediately sends an alert with information on which endpoints have been compromised. The company was founded in 2021. As of this writing in November 2022, BreachQuest had not released Priori.

Camelot Secure

Threat identification and mitigation company Camelot Secure offers “an offensive approach” to cybersecurity offering vulnerability assessments, risk assessments, red teaming, cyber threat hunting, and cyber threat intelligence analysis employing artificial intelligence and machine learning. The company employs experts from the military, intelligence community, and private sector.

CommandK

Founded in 2022, CommandK offers management solutions for the end-to-end lifecycle of sensitive data within a company’s virtual private cloud. Its platform aims to ensure zero developer dependency in managing sensitive data, allowing security teams to attain a high order of security while letting developers focus on building features. CommandK is deployed as a managed solution within a company’s virtual private cloud, ensuring that sensitive data remains inside the company’s network.

Conveyor

Conveyor, founded in 2021, offers a way to make filling out customer security questionnaires easier. It is an online service where vendors can upload relevant security documents and answers to common questions in Conveyor’s Customer Trust Platform. Customers can then access that content through the company’s Vendor Trust Platform, which is gated and requires a non-disclosure agreement for access, or customers can compare the security posture of multiple vendors.

Descope

Descope is an authentication and user management platform for passwordless authentication. It offers tools for developers to easily add authentication, user management, and authorization capabilities to apps. The platform protects against bot attacks on login pages, account takeover fraud, and session theft by identifying risky user signals to enact step-up authentication. The company was founded in 2022.

DoControl

The DoControl platform provides automated, self-service tools for data access monitoring, orchestration, and remediation of SaaS applications. It has the ability to identify sensitive information and prevent it from leaving an organization's cloud instance. DoControl is an agentless, event-driven platform. The company was founded in 2020.  

Hush

Hush offers AI-based digital privacy services for individuals and families, but it also has an enterprise-grade product to protect workforce privacy. Once businesses deploy the Hush service, their employees are able to manage their own Hush profiles. This allows them to monitor for and report privacy issues and remediate issues that put their privacy at risk. Hush also makes a “privacy advocate” available by phone or online. The company was founded in 2021.

Inside-Out Defense

Launched in 2023, Inside-Out Defense claims to be “the cybersecurity industry’s first platform to solve privilege access abuse.” The company’s offering provides access intent, real-time detection, and in-line remediation through a SaaS platform. “The platform enables the determination of the gaps between known and unknown abuse behaviors, thereby stopping privilege abuse in real-time, at scale,” the company says.

Interpres Security

Emerging from stealth mode in December 2022, Interpres Security offers a platform  that allows organizations to better manage their "defense surface." It will show what their current security tool set can detect and defend against. The platform also helps identify gaps and inefficiencies in cyber defenses, allowing security teams to use a data-driven approach to improving security posture.

Kintent

Kintent's Trust Cloud platform is intended to help companies pass audits, manage risk, and complete security reviews. It uses programmatic API-based control and risk verification, which can automate workflows and evidence collection. Trust Cloud can analyze a compliance program and map it to multiple standards. It also has an AI-based feature that helps fill out security questionnaires. Kintent was founded in 2020.

Naxo Labs

Naxo Labs was founded in 2022 by a group of noted experts and former FBI special agents to provide forensic and investigation services. The company works on cases involving cybercrimes such as insider threats or intellectual property theft and packages the facts for referral to law enforcement or for litigation. Naxo is also capable of performing blockchain and cryptocurrency analysis as well as data recovery.

Nudge Security

Nudge Security offers a solution aimed at managing the security of software as a service (SaaS) for distributed workforces. Its platform allows for the discovery of cloud SaaS assets created without the need for network changes, endpoint agents, or browser extensions. The company claims it provides visibility into the entire SaaS attack surface, including managed and unmanaged accounts, OAuth connections, and resources. It also notifies when new SaaS accounts are created. Nudge was founded in 2022.

Oligo Security

Founded in 2022, Oligo offers an open-source security platform that detects and prevents attacks such as Log4Shell by monitoring malicious activity at the library level. The company claims that its runtime monitoring of open-source libraries focuses only on vulnerabilities that are relevant. The platform works with most modern development languages such as Python, Go, Java, and Node and all cloud service providers such as GCP, Azure and AWS.

Piiano

Piiano offers two products: Piiano Scanner scans source code for references to personally identifiable information (PII), and Piiano Vault secures sensitive data while allowing it to be used. Scanner can scan any Java or Python GitHub projects on a single click, and is intended to improve collaboration between development and privacy teams. Vault's API-based infrastructure allows safe storage of sensitive data and provides compliance with GDPR and CCPA. Piiano was founded in 2021.

Privya

Founded in 2021, Privya's platform provides a cloud-native approach to data privacy by design. The company claims it will allow organizations to better enable privacy and data protection within the development lifecycle process. The Privya platform is able to discover and identify personal data across multiple data sources and map the data flow and business logic. It also provides an automated architecture to better meet compliance requirements.

Sharepass

Founded in 2020, Sharepass provides a means to share confidential information securely across platforms. The company claims its web-based product does not leave a digital trail when data is shared. Sharepass first encrypts the information being shared and sends a link to the recipient. That link becomes inactive once the recipient opens it. Senders can specify email addresses, set time limits for how long the link is valid, or require a PIN code. 

SnapAttack

SnapAttack provides a purple-teaming platform that the company claims to address the entire threat detection process. The platform includes an Attack Signal Library that catalogs attack threats and simulations. Red and blue teams can create their own attack sessions. SnapAttack allows purple teams to identify gaps against the MITRE ATT@CK matrix and to create detection logic with a no-code detection builder. The company was founded in 2021.

SquareX

SquareX is developing a browser-based cybersecurity product to keep consumers safe online. The company’s product aims to address threats such as phishing, identity theft, session hijacking, and other browser-based attacks using a browser extension that monitors and protects users while they go about their online activities. The company, founded in 2023, plans to launch a beta version beginning in May.

Valence Security

Valence Security, founded in 2021, offers a platform to remediate SaaS security risks around third-party integration, identity, misconfiguration, and data sharing. The platform provides its own cross-SaaS data and permissions model to help maintain access control. It also comes with a set of automated SaaS security remediation workflows to minimize the need for specialized knowledge to set them up.

Vanta

Trust management platform developer Vanta has launched its Vendor Risk Management product, providing third-party vendor security reviews and due diligence. The offering is designed to reduce the time and cost of reviewing, managing, and reporting on third-party vendor risk. The company launched in 2018.

Vaultree

Vaultree, founded in 2020, has developed what it claims is the first "fully functional" data-in-use encryption software development kit (SDK). The product is designed to eliminate the risk of data being leaked or stolen in plaintext form. According to Vaultree, can process, search, and compute data at scale without surrendering encryption keys or decrypting on the server side.

Veza

Veza provides an authorization platform for data for use in hybrid, multi-cloud environments. The company claims it enables organizations to better understand, manage, and control who can and should take actions on data. It focuses on streamlining data access governance, implementing data lake security, managing cloud entitlements, and modernizing privileged access. Veza was founded in 2020. 

Wing Security

Wing's platform is designed to detect and automatically remediate SaaS application threats. It continuously monitors usage for every user, app and file. The platform can shut down what it considers risky app-to-app connections, restrict and govern data shared with external users over SaaS apps, and manage vulnerabilities around risky user behavior. It can also manage tokens and permissions of SaaS applications. Wing was founded in 2020.

Copyright © 2023 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)