Top Cybersecurity Startups to Watch in 2022

Information security products, services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. Investors recognize the potential too, as funding for cybersecurity ventures more than doubled from previous years to almost $22 billion in 2021.

There remains a massive shortage of experienced security professionals available to fill open positions – and with no shortage of innovative startups entering the marketplace, that makes the competition for talent even tougher. With evolving attack methodologies due to machine learning, quantum computing, and sophisticated nation-state hackers, security startups are receiving record funding. Investors, business clients, and more continue to look for secure application access for remote workers, provide real-time visibility into cyberattacks, and protect data as it travels from the cloud to edge networks and end-users and back.

This article looks at the top 40 cybersecurity startups to watch in 2022 based on their innovations in new and emerging technologies, length of operation, early funding rounds, scalability, and more. Jump to our section on investor considerations and cybersecurity startup trends for more information. We’ll start with the top 10 overall and then look at other noteworthy startups in a number of markets. Also see our picks for the top cybersecurity companies.

Top 10 Cybersecurity Startups

StartupEstHeadquartersStaffFundingFunding Type
Abnormal Security2018San Francisco, CA261$74.0Series B
Apiiro Security2019Tel Aviv, Israel65$35.0Series A
BluBracket2019Palo Alto, CA27$18.5Series A
Cado Security2020London, UK26$11.5Series A
Confluera2018Palo Alto, CA33$29.0Series A
Cycode2019Tel Aviv, Israel56$81.0Series B
Open Raven2019Los Angeles, CA45$19.1Series A
Perimeter 812018Tel Aviv, Israel159$65.0Series B
SECURITI.ai2018Santa Clara, CA305$50.0Series B
Wiz2020Tel Aviv, Israel186$230.0Series B

Abnormal Security

Abnormal Security is an advanced cloud email security platform that offers integration with Office 365 and Google Suite for the cloud era. Abnormal Security applies artificial intelligence to catch suspicious identities, relationships, and context within email communications and can help organizations securely migrate from legacy to cloud infrastructure.

Apiiro logo

Apiiro Security

Boasting itself as the world’s first Code Risk Platform, Apiiro Security offers risk visibility across design, code, and cloud segments. Apiiro can connect across hybrid infrastructure through a read-only API and promises real-time inventory and actionable remediation for risks in addressing DevSecOps.

Read more: And the Winner of the 2021 RSAC Innovation Contest is… 

BluBracket Logo

BluBracket

As source code exploits become a growing concern, BluBracket offers a deep scan of organization codebases for enhanced visibility into code mistakes, lingering tokens, and problematic commit history. Clients can use BluBracket’s Risk Score to measure vulnerability and take informed steps to improve application security.

Cado logo

Cado Security

Cado Security made a name by offering the first cloud-native forensics and response platform. The Cado Response platform gives security teams the capability to respond to threat incidents in cloud or container environments rapidly. Most traditional tools used for investigating cyber attacks cannot assess potential impacts on these environments.

Confluera logo

Confluera

Confluera focuses on another attractive factor for remote workforces – autonomy. The cybersecurity startup offers an extended detection and response (XDR) solution that tracks network traffic and automatically combines the information with machine-comprehended threat detection. It uses this data to show a complete narrative of an attack in real-time.

Cycode logo

Cycode

In a year where the supply chain was on trial, Cycode is a startup filling the vulnerability gap often present in the software supply chain and DevOps pipeline. Cycode focuses on all phases of the software development lifecycle (SDLC) with solutions for Infrastructure as Code, source control and code leakage, hardcoded secrets, and code tampering.

Also read: SBOMs: Securing the Software Supply Chain

Open Raven logo

Open Raven

Open Raven is committed to data security visibility and compliance for the cloud and brings much cybersecurity industry experience to the table. Open Raven analyzes data at rest, classifies inventory, and automates data governance as these become critical capabilities for the hybrid infrastructure’s security posture.

Perimeter81 logo

Perimeter 81

Perimeter 81 is already a well-known vendor and offers a robust security stack that includes zero trust, SASE, FWaaS, and SD-WAN solutions. Clients can take advantage of Perimeter 81’s industry-leading technologies related to unified networking and security while capitalizing on the least privileged access trend.

Securiti logo

SECURITI.ai

SECURITI’s solutions help organizations secure data while automating privacy and compliance using AI and machine learning tactics. With sizable growth in a short span and the market presence to show for it, SECURITI.ai was recently named a Leader in the Forrester Wave’s Privacy Management Software, Q4, 2021.

Wiz logo

Wiz

Recognizing cloud security doesn’t come down to one single misconfiguration, Wiz helps organizations migrating to the cloud guard against a web of potential vulnerabilities with the proper visibility. Wiz addresses a growing awareness of insecurity in the public cloud with an agentless solution.

Read more: Top Enterprise Network Security Tools for 2022


Best Threat Detection Startups

StartupEstHeadquartersStaffFundingFunding Type
Anvilogic2019Palo Alto, CA34$14.4Series A
Cyble2019Alpharetta, GA67$4.0Seed
Deduce2019New York, NY22$17.3Series A
SenseOn2017London, UK61$26.4Series A
SnapAttack2021Columbia, MD15$8.0Series A
Stairwell2019Palo Alto, CA31$24.5Series A
Anvilogic logo

Anvilogic

Anvilogic’s namesake platform offers continuous assessment, detection automation, and hunt, triage, and response capabilities for security teams. Designed to automate SOC operations and reduce alert noise, Anvilogic is a no-code, user-friendly solution with out-of-the-box policies aligned to 500+ MITRE ATT&CK framework.

Cyble logo

Cyble

Powered by machine learning and human analytics, Cyble is a threat intelligence startup offering solutions for attack surface management, third-party risk scoring, and monitoring for brand reputation and dark web exposure. Cyble Vision can integrate with an existing SIEM or SOAR and provide incident response, threat analysis, and vulnerability management.

Deduce logo

Deduce

Deduce is an identity-focused cybersecurity startup with two core solutions: Customer Alerts for protecting users and their data from account takeover and compromise, and Identity Insights for validating legitimate users and stopping fraud. Deduce offers actionable identity intelligence through event-level telemetry to act against abnormal user activity.

Also read: Top Endpoint Detection & Response (EDR) Solutions for 2022

SenseOn logo

SenseOn

SenseOn is a cybersecurity startup with an “AI Triangulation” technology that emulates actual security analyst behavior for detection, investigation, and response. SenseOn products are available as a network appliance, lightweight endpoint agent, or cloud-hosted microservices, with an Enterprise solution for deployment across multiple global sites.

SnapAttack logo

SnapAttack

SnapAttack is a threat hunting and detection startup recently spun out from Booz Allen’s DarkLabs incubator. SnapAttack seeks to empower clients with proactive threat intelligence, behavioral analytics, and attack emulation through a collaborative platform. Enterprise and service providers are currently available, with a free community subscription coming soon.

Stairwell logo

Stairwell

Stairwell is an advanced threat detection startup presenting its Inception platform for threat intelligence, SOC functionality, and incident response capabilities. Inception helps collect files across environments, analyze historical and real-time data, investigate abnormal behavior, and connect security systems through the Inception API.


Best DevOps and AppSec Startups

StartupEstHeadquartersStaffFundingFunding Type
Ethyca2018New York, NY44$27.5Series A
Evervault2018Dublin, Ireland12$19.4Series A
GitGuardian2017Paris, France63$56.0Series B
Satori2019Tel Aviv, Israel62$25.3Series A
Ubiq Security2019San Diego, CA25$6.4Seed
Wabbi2018Boston, MA14$2.2Seed
Ethyca logo

Ethyca

Ethyca is compliance-focused as regulatory enforcement becomes an essential part of data privacy. With Ethyca, clients get a bundle of tools for privacy by design in the development process. Ethyca can automate compliance tasks, including real-time data mapping, automated subject requests, consent management, and subject erasure handling.

Gitguardian logo

GitGuardian

GitGuardian is a developer favorite offering a secrets detection solution that scans source code to detect certificates, passwords, API keys, encryption keys, and more. Ranked as the top-downloaded security app on GitHub, GitGuardian’s products include solutions for internal repository monitoring and public repository monitoring for prompt remediation.

Evervault logo

Evervault

Evervault is on a mission to make encrypting sensitive data seamless with its security toolkit for developers. The developer-friendly startup offers Relay to encrypt field-level data and codes to isolate and process code as needed. With robust encryption policies, Evervault can help reduce insurance premiums and offers PCI-DSS and HIPAA compliance automation.

Also read: Top Code Debugging and Code Security Tools

Satori logo

Satori

Satori is a data access startup for monitoring, classifying, and controlling access to sensitive data. Satori’s platform creates a layer of protection and visibility between data users and data stores to guard against vulnerabilities related to transferring sensitive data. Ultimately, Satori aims to provide data access control, visibility into usage and traffic, and compliance fulfillment.

Ubiq logo

Ubiq Security

Ubiq Security offers an API-based platform that integrates data encryption directly into application development. Without the need for experienced developers, encryption expertise, or excessive manual hours, Ubiq Security makes securing applications during the development process seamless, allowing personnel to focus on what’s most important.

Wabbi logo

Wabbi

Wabbi is a cybersecurity startup with a continuous security platform offering solutions for managing vulnerabilities, application security policies, and release infrastructure. As rapid software development is the new norm, Wabbi aims to help organizations securely deliver software to clients and achieve continuous authority-to-operate (ATO).

Read more: Application Security is Key to Stopping Ransomware, Vendor Says


Best Cloud Security Startups

StartupEstHeadquartersStaffFundingFunding Type
DoControl2020New York, NY37$13.4Series A
Grip Security2021Tel Aviv, Israel25$25.0Series A
Isovalent2017Mountain View, CA48$29.0Series A
Lightspin2020Tel Aviv, Israel43$20.0Series A
Privafy2019Burlington, MA79$22.0Venture
Strata2019Boulder, CO47$7.5Series A
DoControl logo

DoControl

DoControl is a startup specializing in SaaS data access control with a platform offering cloud asset management, automated security workflows, and continuous cloud infrastructure monitoring. As organizations increasingly rely on SaaS applications for data storage and transfer, DoControl helps guard against unauthorized access of sensitive data.

Grip Security

Grip Security boasts a solution that beats traditional cloud access security brokers (CASB), providing clients with a complete SaaS inventory upon deployment for visibility, governance, and data security. No matter the device or location, Grip’s solution helps enhance and automate security policy enforcement across an organization’s cloud infrastructure.

Isovalent logo

Isovalent

Isovalent’s flagship product, Cilium, is powered by the open-source eBPF kernel technology and offers infrastructure services for networking, monitoring, and security for organizations. Isovalent’s solutions were designed with scale in mind to secure mission-critical and complex workloads in cloud environments, including Kubernetes.

Also read: Twitch Breach Shows the Difficulty of Cloud Security

Lightspin logo

Lightspin

Lightpsin is a cloud-native application protection platform (CNAPP) offering agentless tools to protect cloud and virtual environments, including Kubernetes infrastructure. With graph-based analytics into existing relationships, the startup’s solutions help visualize prospective attack routes so clients can prioritize sensitive remediation within their cloud stack.

Privafy logo

Privafy

Privafy aims to serve a valuable corner of the market – securing data-in-motion. As up to 80 percent of data breaches occur while data moves between cloud networks, Privafy offers security for cloud infrastructure as well as a list of edge computing solutions to securely deploy IoT devices and edge networks in the years to come.

Strata Identity logo

Strata Identity

Strata Identity offers an identity orchestration solution, the Maverics Platform, which aims to solve enterprise organizations’ complex identity and access management (IAM) problems. By integrating identity systems across the modern infrastructure, organizations can easily create and replicate orchestrations for apps.

Read more: Cloud-based security: SECaaS


Best Cyber Asset and Attack Surface Management Startups

StartupEstHeadquartersStaffFundingFunding Type
Horizon32019San Francisco, CA56$38.5Series B
JupiterOne2018Morrisville, NC87$49.0Series B
Noetic Cyber2020Waltham, MA29$20.0Series A
Randori2018Waltham, MA73$29.8Series A
SpiderSilk2019Dubai, UAE22$2.8Seed
Horizon3.ai logo

Horizon3.ai

Horizon3.ai presents its solution, the NodeZero, as Autonomous Penetration Testing as a Service (APTaaS) for identifying an organization’s potential attack vectors. Whether on-premises, cloud, IoT, internal, or external attack surfaces, NodeZero can identify vulnerable controls, maximize security infrastructure, and leverage the latest threat intelligence.

JupiterOne logo

JupiterOne

JupiterOne is a cyber asset management startup providing clients with a cloud-native solution for insights into relationships, governance and compliance, and empowering security engineering. JupiterOne helps aggregate cyber assets for central visibility and faster investigations with increasing complexity in security operations and assurance.

Noetic logo

Noetic Cyber

Noetic Cyber offers a continuous cyber asset management and controls platform to give clients a comprehensive view of systems, policies, and the relationship between entities. Real-time visibility means organizations can identify and act on misconfigurations and coverage gaps and maximize existing infrastructure with a proactive remediation strategy.

Randori logo

Randori

Randori bills itself as the world’s first automated breach and attack simulation (BAS) platform. By mirroring malicious attackers in a real-world attack, Randori provides an up-to-date assessment of an organization’s attack surface and identifies vulnerabilities and their potential impacts.

SpiderSilk logo

SpiderSilk

SpiderSilk offers an impressive proprietary internet scanner that maps out a company’s assets and network attack surface to detect vulnerabilities. Over the years, SpiderSilk’s research has informed several high-profile breaches, and for clients, the vendor can simulate cyberattacks to ensure organizations take preventive measures before the real thing.

Also read: Overcoming Zero Trust Security Challenges


Other Top Cybersecurity Startups

StartupEstHeadquartersStaffFundingFunding Type
BreachQuest2021Dallas, TX30$4.4Seed
Cape Privacy2018New York, NY25$25.0Series A
Cowbell Cyber2019Pleasanton, CA124$23.6Series A
Neosec2021Palo Alto, CA62$20.7Series A
SolCyber2020Dallas, TX12$20.0Series A
Talon Cyber Security2021Tel Aviv, Israel29$26.0Seed
Unit212018San Francisco, CA84$47.0Series B
BreachQuest logo

BreachQuest

BreachQuest is a digital forensics and incident response (DFIR) startup preparing to launch its Priori Platform for active continuous monitoring, detection, and recovery capabilities. With plenty of cybersecurity experience at the helm – including NSA, DoD, and U.S. Cyber Command – BreachQuest has client preparedness for attacks top of mind.

Cape Privacy logo

Cape Privacy

Cape Privacy addresses secure communication between organizations by building machine learning models on encrypted data. Currently ideal for industries like financial services managing sensitive data, Cape Privacy’s Snowflake is an innovative multi-party computation (MPC) platform that prevents single points of failure and ensures compliance.

Cowbell Cyber logo

Cowbell Cyber

Cowbell Cyber is a dedicated cyber insurance company that relies on continuous risk assessment, AI data analytics, and real-time underwriting to give clients pre- and post-breach services. The risk management startup offers visibility into exposures dubbed Cowbell Factors, giving clients opportunities for potential remediation and better coverage.

Neosec logo

Neosec

Neosec is a cybersecurity startup using behavioral analytics to address rising concerns surrounding vulnerabilities in APIs. By maintaining an inventory of an organization’s APIs, Neosec can determine the risk posture presented by a critical portion of the traffic. Neosec’s leadership has strong industry roots, further supporting the vendor’s likelihood of success.

Read more: OAuth: Your Guide to Industry Authorization

SolCyber logo

SolCyber

SolCyber is the newest managed security service provider (MSSP) on the block to reduce cyber risk, wastage, and complexity. Led by a C-suite with solid industry and technical experience, SolCyber currently offers foundational and extended coverage to meet varying needs in building out cybersecurity systems and adequate SOC capabilities.

Talon Cybersecurity logo

Talon Cyber Security

As organizations increasingly adopt remote personnel, Talon Cyber Security addresses web and browser-based threats with a secure, corporate browser. Based on Chromium OS, Talon’s browser-centric security solution aligns with its larger strategy to protect the distributed workforce and enable secure access to hybrid infrastructure.

Unit21 logo

Unit21

Boasting a simple-to-use API and dashboard, Unit21 is a hot startup for enterprise organizations looking to mitigate fraud and money laundering risks without the extensive engineering personnel. Unit21 is a no-code platform with operations and case management solutions, transaction monitoring, identity verification, and analytics and reporting for compliance.

Also read: Choosing a Managed Security Service: MDR, Firewalls & SIEM


Investor Considerations for Cybersecurity Startups

Potential to Scale, Lean R&D

Scalability will always be one of the most critical factors for investing in a successful startup. When there are growth opportunities, startups should and usually do capitalize on them.

Investors are also looking for startups that can continue to improve their products without the need for substantial capital investment. Lean research and development (R&D) show efficiency, even with limited resources. Investors can evaluate how the product and business model evolve before investing more capital. This fact makes any startup’s quality of personnel and leadership a critical factor in the organization’s success.

A Solid Business Plan

Another factor investors have always looked for is an air-tight business plan. They want assurance that there is a marketable problem that the product solves. Investors also want to see financial reports and revenue growth projections backed up by market analysis.

Read more: Top Database Security Solutions for 2022

Compliance Mindset

Regulatory compliance, such as HIPAA, GDPR, and CCPA, is essential for organizations collecting and protecting user information, including virtually all enterprise-level companies. Investors will be looking for startups that can ensure customers will maintain compliance.

Remote Work Experts

Remote work is and will continue to be, for the foreseeable future, a top-of-mind factor for venture capitalists. Even with vaccines, a largely remote workforce is likely here to stay.

Startups that can immediately impact the remote worker ecosystem will garner much attention. Specifically, startups with SaaS (software-as-a-service), those that provide automation, and products that include endpoint protection will fall into this category.

Cybersecurity Startup Trends

As organizations, clients, and end-users increasingly rely on cyberinfrastructure, the need to protect these systems will only deepen.

Given the relative newness of IT industries at large, cybersecurity remains a budding marketplace with plenty of opportunities for new vendors. Some of the best cybersecurity companies are longtime technology stalwarts. Still, many have proven the right solution and service can catch on fast with eager investors ready to help worthy startups scale.

Also read: Top Cybersecurity Companies for 2022

Most Popular Cybersecurity Startup Solutions in 2022

  • Application Security
  • Attack Surface Management
  • Cloud Security
  • Cyber Asset Management
  • Digital Forensics and Incident Response
  • Identity and Access Management
  • Governance, Risk, and Compliance
  • Risk Scoring and Assessments
  • Software Development Lifecycle (SDLC)
  • Threat Detection (EDR, XDR)

Endpoint Security and Protection Against Ransomware

Endpoint security, including traditional endpoint detection and response (EDR), managed EDR (MDR), and increasingly, its advanced iteration, extended detection and response (XDR) continue to be in high demand in light of the boom in remote work.

Products like EPP, EDR, MDR, and XDR solutions secure the devices spanning a remote ecosystem and will continue to be invaluable. The healthcare segment alone saw significant investment in cybersecurity due to the adoption of telehealth and teleworking models.

Also read: Antivirus vs. EPP vs. EDR: How to Secure Your Endpoints

Most Popular Headquarters for Cybersecurity Startups

The United States, Israel, Canada, and the United Kingdom continue to be popular national locations for cybersecurity startups, with most of the funding directed between the first two.

Within the United States, the San Francisco Bay Area remains the hottest region for startups. The second-largest contingent of cybersecurity startups is a continent away from Palo Alto, in New York City. The industry newcomers benefit from the proximity to partnerships, skilled IT personnel, and funding opportunities.

Though it’s hard to compare to the presence of San Francisco and New York, other U.S. cities holding multiple top contenders this year include:

  • Atlanta, GA
  • Austin, TX
  • Boston, MA
  • Chicago, IL
  • Dallas, TX
  • Los Angeles, CA
  • San Diego, CA
A graphic image showing the top cybersecurity startup locations of 2022. Designed by Sam Ingalls.

Top Startup Selection Criteria

  • Time Operating: less than 5 years; established between 2017 and 2021
  • Funding: minimum $1 million raised through seed, Series A, or Series B rounds
  • Autonomy: independent organizations (not recently acquired)
  • Solutions: presents innovative cybersecurity product or service
  • Business Model: viable business plan with evidence of scalability

Graduated Startups

Several security companies making previous eSecurity Planet top startup lists continue to be prominent vendors heading into 2022, whether as well-funded growing companies or the newest acquired team for other top IT service providers. These companies include:

StartupEstHeadquartersStaffFundingFunding Type
Axis Security2018San Mateo, CA108$99.5Series C
Bitglass2013Campbell, CA170$150.1Acquired by Forcepoint
Cato Networks2015Tel Aviv, Israel400$532.0Venture
Cybereason2012Boston, MA1,100$713.6Series F
Darktrace2013Cambridge, UK1,600$230.5IPO: “DARK” on LSE
Illumio2013Sunnyvale, CA461$557.5Series F
Immuta2015Boston, MA180$158.2Series D
OneTrust2016Atlanta, GA2,000$926.4Series C
Orca Security2019Los Angeles, CA271$482.0Series C
SentinelOne2013Mountain View, CA1,080$696.5IPO: “S” on NYSE
Vdoo2017Tel Aviv, Israel900$70.0Acquired by JFrog

Read more: Cybersecurity Outlook 2022: Third-party, Ransomware and AI Attacks Get Worse

This article was originally published on January 29, 2021 by Kyle Guerico and updated by Sam Ingalls on January 11, 2022.

Sam Ingalls
Sam Ingalls is an award-winning writer and researcher covering enterprise technology, cybersecurity, data centers, and IT trends, for eSecurity Planet, ServerWatch, Channel Insider, and Webopedia.

Top Products

Top Cybersecurity Companies

Related articles