15 cybersecurity startups to keep an eye on in 2023

Startups specializing in security are often at the forefront of innovation. Here are some of the more interesting ones to follow as they address issues related to cloud security, asset management, and more.

The problems that young cybersecurity vendors are trying to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovate faster because they are not limited by an installed base. The downside, of course, is that these young shoots often lack resources and maturity. It is risky for a company to engage in a start-up’s product or platform and requires a different type of customer/supplier relationship. However, the benefits can be significant if they give the client company a competitive edge or reduce pressure on security resources. Darktrace is a good example.

The editors below represent some of the more interesting startups (defined here as a company founded or coming out of stealth mode in the last couple of years).


Released in 2021, 443ID offers a real-time risk API for open source intelligence (OSINT) data. OSINT Risk produces a score that assesses an individual or entity’s risk to a business based on signals chosen by the customer. They can start with the templates provided by 443ID or create their own templates. The product then directs workflows through the authentication process, triggering actions as a secondary authentication factor based on the risk score.

443ID leverages various Open-Source Intelligence (OSINT) signals to predict an individual’s risk to the business. (Credit: 443ID)


Since its inception in 2020, CoGuard has provided automated tools to analyze infrastructure-as-code (IaC) configuration files, containers, default templates, applications, and their dependencies to identify configuration errors that attackers can exploit. It does this before deployment, describing configuration settings and vulnerabilities found, and offering remediation advice.

With CoGuard, companies can reduce risk by identifying and automating IaC, container, and application security in development workflows before deployment. All this while detecting derived and missing features after deployment. (Credit: CoGuard)

Endor Laboratories

Released from stealth in October 2022, Endor Labs released its dependency lifecycle management platform. It is designed to help security and development teams assess, maintain, and update software dependencies and reduce operational and security risks from using third-party code. The company says its product provides better context on how dependencies are used than traditional SCA tools.

Users can evaluate and select more durable dependencies to reduce risk and long-term maintenance. (Credit: Endor Labs)

flow security

Started in 2020, Israeli startup Flow Security offers a data security posture management (DSPM) solution. It automatically finds and categorizes assets, data stores and flows, shadow databases, third parties and external services within an application environment. The company says it can identify services and databases that contain sensitive data and detect risks associated with that data. The product works with both cloud and on-premises environments.

Flow automatically detects data-centric risks with full context for remediation. (Credit: Flow Security)


Launched in 2020 in Dallas, USA, Island offers a secure browser for businesses. Based on Chromium, Island Browser offers familiar features but gives companies more control for better governance of how employees use it. It also provides visibility into what users are doing on the Internet so that when an incident occurs it can be traced back to the user, device, time and location.

With Island, everyone can decide what the browser does and doesn’t do, like controlling where and when users copy/paste data in or out of apps, checking the device’s location before granting access to it. app, prevents unauthorized screenshots. (Credit: Island)

Naori protocol

Launched in 2020, the Naoris Protocol offers what it calls a decentralized cybersecurity fabric that “converts centralized, untrusted devices, previously considered ‘single points of failure’ for the wider network, into sensitive cyber defense points that identify, assess and mitigate threats in real-time as part of a distributed consensus, making networks stronger as they grow, rather than weakening them.” Its platform, based on blockchain technology and Swarm AI, operates as a separate security layer within an existing architecture.


With the launch of stealth mode in September 2022, novoShield offers an anti-phishing extension for iPhone users. The company says it can identify and alert users to suspicious email messages. The product exists in a consumer version and a professional version. This can be automatically deployed to employee devices and managed from a single dashboard.

Only available on the App Store for iPhone, the novoShield app is a phishing protection tool. (Credit: novoShield)

push safety

Nudge Security focuses on employee-grade SaaS security. Their product – available from early October 2022 – identifies, inventories and monitors all cloud and SaaS accounts that employees have created in an effort to gain visibility into SaaS supply chain risks. It also provides tips to employees to encourage them to adopt safer behaviors.

In minutes, Nudge Security discovers, lists and continuously monitors all cloud and SaaS accounts that employees have created. (Credit: Nudge Security)


An identity threat detection and response platform, Oort promises to provide “one-click access” to the authentication history of any identity on the network. It also shows the demographic and risk factors for each identity. An identity security verification feature is designed to help see and reduce the identity attack surface in an organization. The platform can also identify authentication anomalies for internal and third-party users. The start-up announced on October 6 the completion of a $15 million funding round, including Seed and Series A investments. The young company will use these funds to develop and accelerate its go-to-market strategy. The round was co-led by .406 Ventures, an early-stage cybersecurity venture capital firm based in Boston, and Energy Impact Partners (EIP), a global investment platform based in Boston, New York. and included Cisco Investments. They join existing investors including 645 Ventures, Bain Capital Ventures and First Star Ventures.

Oort gives security teams one-click access to authentication history, demographics, and risk factors for any identity with its comprehensive User 360 screen solution. (Credit: Oort)

Red Vector

Following a public presentation at this year’s RSA conference, Red Vector offers an automated platform called Fulcrum to manage the risk of insider threats. Fulcrum “synthesizes open source behavioral, computational and intelligence data to perform advanced predictive analytics on key threat and risk indicators.” The company also offers solutions for critical infrastructure sectors.

Fulcrum seamlessly integrates contextual, human behavioral and IT security monitoring indicators to provide a highly accurate insider threat mitigation solution. (Credit: Red Vector)

second sight

SecondSight has also just debuted with what it claims is the first AI-driven platform for inside-out underwriting cybersecurity insurance. According to the company, the platform will give companies and their insurers greater clarity about the true digital risk of the business. The SecondSight platform automatically discovers, categorizes and analyzes an organization’s assets and creates risk profiles to help tailor insurance coverage to real needs.


Founded in July 2021, Sentra offers a Data Security Posture Management (DSPM) solution that helps security teams discover, manage and mitigate data security risks in the cloud. The company says its product offers a data-driven approach to security, providing better visibility into an organization’s critical data assets.

Sentra provides the context for any company to fix security controls, including identifying the data owner and recommendations on how to fix it as quickly as possible. (Credit: Sentra)


Since its release in 2020, Stytch has provided a collection of APIs that serve as an authentication platform for developers. It provides APIs to onboard, authenticate and engage users. While the company positions itself as a passwordless authentication provider, some of its offerings are designed to improve the user’s security experience over traditional passwords.

“Build simple integration and authentication experiences with Stytch’s flexible API and SDKs.” (Credit: Stitch)


Founded in 2020, Theom advertises its cloud data security product as a “data bodyguard” that identifies and tracks high-value data wherever it goes. This data is protected by security controls when stored, moved, copied or exchanged. It can also prioritize risk around data in the cloud based on the value of the data and the people accessing it. In early September, Theom closed a $16.4 million seed funding round to expand its cloud data security solution. Ridge Ventures led the round with M12, Microsoft’s venture capital fund.

Theom identifies PII, PHI, financial information and trade secrets using agentless analytics and NLP classifiers, which support custom taxonomies. (Credit: Theom)

Tide Cybernetics

The Tidal Cyber ​​platform provides “threat-based defense” that has information about adversaries’ tactics, techniques, and procedures. The company says the platform helps organizations assess, organize and optimize their security defenses, giving them a deeper understanding of the threats most relevant to them. The information used on the platform is based on MITER’s ATT@CK knowledge base and other publicly available threat intelligence sources.

Leave a Comment