on 11/14/2022, by Jean Elyan with IDG News Service, Security, 935 words
Recently created, the start-ups of this selection have ventured into areas that most established security providers have not yet sought to invest in.
By looking to solve problems not yet addressed by more prominent vendors, cybersecurity startups are often a bit ahead of the mainstream. They can move faster than most of these companies to fill gaps or emerging needs. They can often innovate faster because they are not constrained by an install base. Sometimes with a downside: the lack of resources obviously, but also the lack of maturity. It is therefore a risk for a company to be involved in a start-up’s product or platform and this implies another customer/supplier relationship. But the benefits can be enormous if the company gains a competitive edge or can devote fewer resources to its security. All founded in or out of stealth mode in the last couple of years, the start-ups in this selection are some of the most interesting companies in the industry.
Akto comes to secure APIs
Founded in 2021, Akto.io focuses on API security. The company says its platform, running locally or in the cloud, discovers and tests internal, external and third-party APIs. It then quickly finds vulnerabilities during runtime. Akto supports major API data sources such as AWS, Google Cloud and Kubernetes. According to the vendor, their platform can be deployed in just one minute.
BreachQuest tracks attacks
This start-up, created in 2021, works on an incident response platform called Priori, capable of quickly collecting and analyzing security event data in order to prolong and contain attacks, but also to accelerate recovery. Priori continuously monitors systems for malicious activity. In the event of a breach, the BreachQuest platform immediately sends an alert with information about potentially compromised endpoints. For now, BreachQuest has not yet delivered a final, commercial version of its platform.
Automatically fill security forms with Conveyor
Also founded in 2021, Conveyor offers, in the form of online service, a solution that facilitates the completion of security questionnaires. Vendors can upload relevant security documents and answers to common questions on Conveyor’s trusted customer platform. Customers can access this content through Conveyor’s trusted vendor secure platform. A confidentiality agreement is required to benefit from access to the service. Customers can also compare the security posture of various vendors.
Hush is committed to protecting your private data
Launched in 2021, this start-up offers AI-powered digital privacy services to individuals and families. But it also has an enterprise-grade employee privacy product. Once the Hush service is implemented by the company, employees can manage their own Hush profiles, which may include monitoring and reporting of privacy issues and resolving issues that put their privacy at risk. Hush also provides Customer with a Privacy Lawyer who can be contacted by phone or online.
Naxo Labs, a private cyber police
Founded in 2022 by a group of renowned experts and former FBI agents, Naxo Labs provides investigative and forensic services. The company works with cybercrime, in particular insider threats or theft of intellectual property, and collects evidence for legal authorities or to resolve disputes. Naxo also provides blockchain and crypto analytics services as well as data recovery.
Nudge Security builds a SaaS asset topology
Nudge Security’s solution manages software-as-a-service (SaaS) security in a distributed workplace. Its platform allows you to discover SaaS assets in the cloud, created without having to modify the network, use endpoint agents or browser extensions. The startup says its solution offers visibility across the entire SaaS attack surface, including managed and unmanaged accounts, OAuth connections, and resources. It also sends a notification when new SaaS accounts are created. Nudge was founded in 2022.
SnapAttack simulates attacks to identify them
Founded in 2021, SnapAttack provides a purple clustering platform which, according to the company, handles the entire threat detection process. In cybersecurity jargon, Purple-Team designates a temporary team whose transitional role is to oversee and optimize the exercise of the red and blue teams. The platform includes an attack signals library that lists threats and attack simulations. Red and blue teams can create their own attack sessions. SnapAttack allows purple teams to identify gaps in MITER’s ATT@CK matrix and build detection logic with a codeless detection builder.
Valence Security to control SaaS access
Incorporated in 2021, this start-up offers a platform to address SaaS security risks related to third-party integration, identity, misconfiguration, and data sharing. Valence Security’s platform provides its own data model and cross-SaaS permissions to maintain access control. It also comes with a set of automated SaaS security remediation workflows so configuration can be done with a minimum of specialized knowledge.