• United States



by CSO Staff

Security startups to watch for 2022

Oct 14, 202214 mins
CSO and CISOData and Information Security

Security startups are often innovation leaders. These are some of the most interesting ones to watch as they tackle issues around cloud security, asset management and more.

rocket launch startup cloud success growth badge
Credit: Getty Images

The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base.

The downside, of course, is that startups often lack resources and maturity. It’s a risk for a company to commit to a startup’s product or platform, and it requires a different kind of customer/vendor relationship. The rewards, however, can be huge if it gives that company a competitive advantage or reduces stress on security resources.

The vendors below represent some of the most interesting startups (defined here as a company founded or emerging from stealth mode in the past two years).

[Editor’s note: This article, originally published February 4, 2022, is periodically updated as new startups emerge.]


Recently emerging from stealth, 443ID offers a real-time risk API for open-source intelligence (OSINT) data. OSINT Risk produces a score that rates an individual’s or entity’s risk to a business based on signals that the customer chooses. Customers may start with 443ID-provided templates or custom build their own. The product then drives workflows through the authentication process, triggering actions such as a secondary authentication factor depending on the risk score.


BastionZero offers a cloud service that uses a “cryptographic multi-root zero-trust protocol” that the company claims provides more secure remote access without the need for privileged access. By “multi-root,” it means that BastionZero splits control of targets between a single sign-on (SSO) solution and its own service. two roots of trustIts service integrates with Linux, Kubernetes, webservers, databases, and SSO tools. BastionZero was founded in 2020.

Blueshift Cybersecurity

Blueshift Cybersecurity offers an extended detection and response service for small- to medium-sized (SMB) businesses and the defense industry. Blueshift XDR provides its unique detection and prevention capabilities as a service with a 24/7/365 security operations center (SOC). It uses layered security, advanced automation and machine learning to prevent, repel and remediate cyber threats. The company was founded in 2021.

Cado Security

Cado’s main product is a cloud investigation and response platform, Cado Response, that provides forensic-level detail into cloud, container and serverless environments. It automatically collects data from cloud provider logs, disk storage, memory, and other sources. Patent-pending parallel-processing technology allows for faster processing of that data. Rulesets and reports are customizable. Cado was founded in 2020.

Canonic Security

Emerging from stealth this February, Canonic Security offers a third-party SaaS app governance platform that allows organizations to test third-party apps in a sandbox before they are put into a production environment. The Israel-based company claims its platform can identify over-privileging, what the app connects to, and whether it has been compromised. It can also test functionality to determine if it does what the vendor claims.

Cider Security

Launched in December 2020 and emerging from stealth in March 2022, Cider Security sells what it calls the world’s first AppSec operating system. The platform provides security teams with a unified view of the engineering ecosystem, including the technologies, systems and processes unique to every engineering environment. It also offers controls and solutions to optimize security and achieve resilience across the CI/CD pipeline from code to deployment. Cider claims the platform will eliminate friction between security and engineering teams,


CoGuard provides automated tools to scan configuration files for infrastructure as code (IaC), containers, default templates, and applications and their dependencies to identify misconfigurations that attackers could exploit. It does so prior to deployment, describing configuration paramenters and vulnerabilities found as well as offering remediation advice. CoGuard was founded in 2020.


Cyera offers a cloud-native data security platform that can discover data across all cloud instances and datastores to identify which of it is most sensitive. The goal is to help companies assess cloud security risk and better enable remediation efforts. It also offers advice for what actions to take to mitigate risks. Cyera emerged from stealth mode on March 29 and was founded in 2021.

Endor Labs

Exiting stealth mode in October 2022, Endor Labs has launched its Dependency Lifecycle Management Platform. It is designed to help security and development teams evaluate, maintain, and update software dependencies and reduce security and operational risks from using third-party code. The company claims its product provides better context on how dependencies are being used than traditional SCA tools can provide.

Flow Security

The Flow data security posture management (DSPM) solution automatically finds and categorizes assets, data stores and flows, shadow databases, third parties, and external services in an application environment. The company claims it can identify services and databases that contain sensitive data and detect risks associated with that data. The product works with both cloud and on-premises environments. Flow was founded in 2021.

Grip Security

As organizations use more software-as-a-service (SaaS) platforms, security teams can find it hard to monitor and guard against the risks they present. Grip Security’s product promises to provide greater visibility across all SaaS platforms used in an organization. According to the company, this allows for better enforce security policies and identify security blindspots. The Grip platform can work standalone or with a cloud access security broker (CASB).


Island emerged from stealth mode in February with a secure browser for the enterprise. Based on Chromium, the Island browser offers familiar functionality but gives businesses more control for greater governance over how employees use it. It also provides visibility into what users do on the internet so that when an incident occurs, it can be traced down to user, device, time and place.


The cloud-native JupiterOne cyber asset attack surface management platform promises to bring more context to a range of security processes including vulnerability management, compliance, and identity and access management (IAM). The company also claims that its platform can better enable organizations to comply with security regulations. Enabling this are JupiterOne’s integration capabilities, which allow it to work within the existing security environment.


Visibility into data assets across the cloud has been difficult for security teams. Laminar claims its Cloud Data Security Platform provides observability across the entire public cloud, and that it prevents data leakage from “everything that you build and run in the cloud.” The agentless product can discover, classify and control data, as well as detect and remediate risks, according to Laminar. The company emerged from stealth mode in November 2021.


Lightspin offers a cloud-native application protection platform (CNAPP) that the company claims can identify, prioritize and remediate attack paths within the cloud stack. The platform will work in any cloud hosting environment including Amazon Web Services (AWS), Azure and Google Cloud Platform (GCP). The Lightspin platform works across all phases of DevOps. For example, it can perform IaC and API scanning during build, identify misconfigurations and exposed secrets during production, and provide malware and runtime protection during runtime.

Naoris Protocol

Naoris Protocol, launched in 2020, offers what it calls a decentralized cybersecurity mesh that “converts centralized and untrusted devices, previously considered ‘single points of failure’ to the wider network, into cyber-trusted points of defense that identify, evaluate and mitigate threats in real-time under distributed consensus, making networks stronger as they grow instead of weaker.” Its platform, based on blockchain and Swarm AI technology, operates as a separate security layer within an existing architecture.  


Neosec provids a SaaS platform for application security. It is designed for organizations that expose its APIs to third parties. The platform allows for greater visibility into the entire API dataset to better understand user-entity relationships or potential threats, and the overall API landscape. Neosec stores historical data for threat hunding or for future use after a security event. Neosec was founded in 2020.

Noetic Cyber

Noetic Cyber sells what it calls a “continuous cyber asset management and controls platform.” The company claims that this platform can provide greater visibility into the network, improved controls monitoring, and a better understanding of the relationship network entities. On the last point, Noetic’s platform can map relationships among assets to help identify security gaps. Noetic also offers integration with orchestration and automation workflows.


Emerging from stealth mode in September 2022, novoShield offers an anti-phishing extension for iPhone users. The company claims it can identify and alert users to suspicious email messages. The product comes in both consumer and business versions. The latter may be automatically deployed to employees’ devices and managed from a single dashboard.

Nudge Security

Emerging from stealth mode in October 2022, Nudge Security focuses on SaaS security at the employee level. It’s product identifies, inventories, and monitors all cloud and SaaS accounts that employees have created with the intent to gain visibility into SaaS supply chain risks. It also provides cues to employees to “nudge” them toward more secure behaviors.


Israeli company OneLayer emerged from stealth mode on March 15. It offers a platform to provide security to LTE/5G cellular networks. The company claims its product can provide visibility into assets connected to the network, automate enforcement of corporate NAC policies, detect and respond to anomalous device behavior or traffic, and “zero trust” authentication while enabling new devices.


Oort offers an identity threat detection and response platform that promises to provide “one-click access” to the authentication history of any identity on the network. It also shows each identity’s demographics and risk factors. An Identity Security Checks feature is designed to let you see and reduce the identity attack surface within an organization. The platform can also identify authentication anomalies for both internal and third-party users.

Polar Security

Tracking what Polar Security calls “shadow data” across the cloud can be a challenge. The company attempts to meet that challenge with its data security posture management (DSPM) solution, which it claims is the first automated data security and compliance platform. According to Polar Security, its platform will automatically map and follow data and data workflows of cloud-native data to better prevent vulnerabilities and meet regulatory compliance. Once the platform identifies data, an automated labeling feature allows for classifying sensitive data.


QuSecure officially launched on May 19, 2022, with what it claims as the first end-to-end quantum resilient orchestration platform. Nucleus Platform is post-quantum cryptography software designed to protect encrypted communications and data using a quantum-secure channel. It protects against known vulnerabilities using zero trust, next-generation encryption, active monitoring, and attack remediation deliverd by the cloud to devices and over existing infrastructure.

Red Access

Emerging from stealth mode on May 24, Red Access offers a SaaS solution that promises to “make every web session secure.” That protection applies to all web applications, browsers and devices. The company claims its service can inspect and analyze both cloud and endpoints to block threats to browsing, files, identity and data. The service has an agentless architecture that Red Access says enables quick deployment and helps create a good user experience.

Red Vector

Red Vector, which made its public debut at this year’s RSA conference, offers a n automated platform called Fulcrum to manage insider threat risk. Fulcrum “synthesizes behavioral, information technology, and open-source intelligence data to perform advanced predictive analysis on key indicators of threat and risk.” The company also offers solutions targeted to critical infrastructure sectors.


Revelstoke offers what it claims is the first low-code security orchestration, automation and response (SOAR) platform. The company’s aim is to simplify the implementation and management of SOAR. It does so by offering low-code playbooks to automate security processes, pre-built integrations built on a unified data layer, case management though what it calls “guided investigations”, and a dashboard-based user interface.


Launched in 2020, SafeBase’s Smart Trust Center claims to simplify security and compliance reviews, more easily communicate a company’s security posture, and automate non-disclosure agreements (NDAs). Its goal is to speed the sales process at a time when corporate customers have heightened concerns about third-party risk. SafeBase claims the Smart Trust Center can automate access and provide compliance information for security and privacy standards and regulations such as SOC2, GDPR and HIPAA.


SecondSight exited stealth mode in October 2022 with what it claims to be the first AI-driven platform for “inside-out” underwriting of cybersecurity insurance. According to the company, the platform will give companies and their insurance providers greater clarity on companies’ true digital risk. The SecondSight platform automatically discovers, classifies, and analyzes an organization’s assets and creates risk profiles to help match insurance coverage to actual need.


Seemplicity claims to automate, optimize and scale all risk reduction workflows into a single workspace. It integrates with all commercial and open-source scanners, providing a normalized, aggregated list of findings. Seemplicity also automates identification of remediation owners and tracks remediation progress. All workflows can be customized to the needs of a given security team. Seemplicity was founded in 2020.


Sentra, founded in July 2021, offers a data security posture management (DSPM) solution that helps security teams discover, manage and mitigate cloud-based data security risks. The company claims its product enables a data-driven approach to security by providing greater visibility into an organization’s critical data assets.


The Sevco cloud-native security asset management platform promises to provide real-time asset intelligence to better identify security gaps. Its goal is to give a more complete picture of all the security tools deployed across the enterprise. Sevco’s asset telemetry technology maintains change event records of assets and key attributes for use in investigations and tracing. Sevco was founded in 2020.


StrikeReady recently came out of stealth mode with two products: Cognitive Security Platform, a cloud-based securuty and operations management platform, and Cyber Awareness and Response Analyst (CARA). The company claims that CARA is the world’s first digital cybersecurity analyst, and it is the engine behind the Cognitive Security Platform. CARA “learns in read-time from the institutional knowledge and practical experience of defenders around the world” to assist security teams to better manage incidents and alerts, and to better understand the threat landscape.


Stytch provides a collection of APIs that serve as an authentication platform for developers. It provides APIs for onboard, authenticating, and engaging users. Althought the company positions itself as a passwordless authentication provider, some of its offerings are designed to improve the security user experience around traditional passwords. The company was founded in 2020.


Talon claims to have created the first enterprise browser designed to provide a high level of security for distributed workforces. It does so through policies, which can be custom or selected from a predefined list. The browser can be deployed with a single integration and the company promises no additional operational overhead. Talon was founded in 2021.


Theom advertises its cloud data security product as a “data bodyguard” that identifies and follows high-value data wherever it goes. That data is protected with security controls while it is stored, moved, copied or transacted. It can also prioritize risks around cloud data based on the value of the data and who is accessing it. Theom was founded in 2020. 

Tidal Cyber

The Tidal Cyber platform provides “threat-informed defense” that has information about adversaries’ tactics, techniques and procedures. The company claims the platform helps organizations assess, organize and optimize their security defenses by giving them a deeper understanding of the threats most relevant to them. The information used in the platform is based on the MITRE ATT@CK knowledgebase and other publicly available threat intelligence sources.


The Torq no-code platform was designed for security automation. Workflows may be set up through a drag-and-drop designer, but the platform also includes hundreds of templates. The company claims the platform can connect to any security tool. Torq and its workflows may be used for threat hunting, phishing detection and response, identity lifecycle management, cloud security posture management, and more. The company was founded in 2020.