The information security market is in a continuous state of consolidation, yet it is never fully consolidated. Over and over, we see security startups with clever technologies thrive, grow and then get purchased by one of a handful of Infosec giants - only to be replaced by the next bunch of innovative security startups.

In the last few months alone McAfee - which was itself acquired by Intel in 2011 - bought next generation firewall vendor Stonesoft, Cisco purchased security vendor Sourcefire - the company behind the open source Snort intrusion prevention system - and IBM acquired anti-malware vendor Trusteer.

Security Startup's Lifecycle

The lifecycle of a security product inevitably seems to go something like this: Someone has a good idea, a startup company is formed to develop that idea into an innovative product and, if the product genuinely provides enhanced security, it appeals to a small number of companies who are willing to take on a relatively immature product.


"Companies with very low risk tolerances will engage with smaller security companies if the product is good enough. If it helps them lower their risk to the level that they want, then they will accept the lack of integration with other products and perhaps a fairly poor user interface," says Mario de Boer, an analyst at Gartner.

As the technology and the product gets better developed and more mature, it begins to appeal to a more mainstream customer base. At that point it is likely to attract interest from the larger vendors.

"They can make the product more effective by integrating it with their other security products and their management console, and perhaps with the threat intelligence networks that smaller companies don't have," says de Boer. Rather than having to run multiple security agents, integration means that organizations only need to install a single security agent on their endpoints, he adds.

There are plenty of new technologies that are being developed by companies in Silicon Valley and around the world right now, and many of them are bound to end up being integrated into the security offerings of larger companies.

13 Hot Security Startups

Among the hottest areas are application and data virtualization/containerization, data encryption and tokenization and secure authentication. Here are some of the most exciting startups to keep an eye on:

  • Armor5. Armor5 is a cloud service that virtualizes applications, data and content such as Office documents and PDFs on any mobile device with no configuration and zero data leakage. This reduces the possibility of the mobile device being infected by documents embedded with malware or confidential corporate data being cached on the device where it can later be compromised.
  • Averail. The Averail Access mobile app combines with a cloud-based management console to create a trusted environment to protect files, regardless of where they are stored.
  • Bromium. Bromium's vSentry uses Intel CPU features for virtualization and security to hardware-isolate each user task that accesses the Internet or untrusted documents. Its architecture is designed to defeat advanced targeted attacks and automatically discard malware when the task is completed.
  • CipherCloud. CipherCloud delivers security controls including encryption, tokenization, cloud data loss prevention and cloud malware detection. It also includes activity monitoring for cloud applications including Salesforce, Force.com, Chatter, Box, Google Gmail, Microsoft Office 365 and Amazon Web Services.
  • Cylance. Cylance's Infinity offers intelligent, predictive threat analysis of good vs. bad objects using a non-signature, non-heuristic and non-behavioral based mathematical approach.
  • FireEye. FireEye provides automated threat forensics and dynamic malware protection against security threats, including advanced persistent threats (APTs) and spear phishing.
  • Invincea. Invincea's application can be deployed on Windows endpoints to protect against untrusted content by moving browsers, PDF readers, Office suite, zip files and other chosen executables into a secure virtual container. (Note: Invincea's technology is used in Dell's Data Protection - Protected Workspace product.)
  • NetCitadel. NetCitadel's threat management platform provides security analytics and threat context for intelligence and incident response.
  • Nok Nok Labs. Nok Nok Labs develops two-factor authentication systems for desktops, mobile devices and servers. The company is also a founding member of the Fido Alliance www.fidoalliance.org, an organization developing standards for authentication.
  • PrivateCore. PrivateCore vCage secures server data in use through memory encryption, helping enterprises and service providers deploy applications in untrusted environments while protecting sensitive data.
  • Skyhigh Networks. Skyhigh Networks' cloud security software helps businesses secure their data in the cloud by discovering the cloud services employees are using, analyzing risk and enforcing cloud security policies.
  • Stormpath. Stormpath is a cloud service that helps developers build secure authentication and access control into any application, via a robust REST+JSON API or client libraries.
  • Trustware. Trustware's BufferZone virtualization technology creates a separate environment called a Virtual Zone where all Internet activity and programs from external devices are contained and virtualized.

Paul Rubens has been covering enterprise technology for over 20 years. In that time he has written for leading UK and international publications including The Economist, The Times, Financial Times, the BBC, Computing and ServerWatch.