Categories Defining Security Companies

of one

Categories Defining Security Companies

Based on reports by Dark Reading, LinkedIn, CRN, and others, we identified five emerging or new product categories in cybersecurity to include Cloud Access Security Broker (CASB); Deception Based Security; Security Operations Automation and Orchestration (SOAR); Endpoint Detection & Responses (EDR); and Threat Intelligence & Signature Feeds. Recorded Future and ThreatConnect are key players of the Threat Intelligence & Signature Feeds category, while Carbon Black and Cybereason are the significant players of the Endpoint Detection & Responses (EDR) category.

Please, note that the key players included in this report were listed by Dark Reading based on the significant influence they had in each category. However, we also examined reports by PR Newswire, Gartner, and others, which identified notable achievements by the companies listed on Dark Reading's report before we included them in this research to the key players in each category.



Cloud access security broker (CASB) is a gateway used by companies to enforce data governance, prevent data leak, and other security policies on traffic flowing from an enterprise network to a cloud provider's infrastructure. Gartner's research revealed that by 2020, 60% of large enterprises would use a CASB, which has four pillars including visibility, compliance, data security, and threat protection, according to Netscope. A CASB vendor needs to have requirements such as risk management, security prevention, and zero-day protection from unknown and know sources, as per a report by Bitglass.

Bitglass and Netscope are key players in the CASB cybersecurity category, according to reports by Dark Reading and Gartner. Bitglass raised $45 million from its Series C funding in January 2017 to expand its CASB services into the US and EMEA, while Netscope has raised more than $231 million to become one of the most-funded CASB vendors.


Endpoint detection & responses is an emerging cybersecurity product that helps to detect, respond, and mitigate endpoint security threats. Through Endpoint Detection & Responses, companies can combat security threats by collecting, recording, and storing large volumes of data aggregated from endpoint activities to give security professionals complete visibility needed to detect, investigate, and thwart advanced cyber threats.

Significant players in the Endpoint and Detection & Responses category include Cybereason and Carbon Black, according to Gartner and Dark Reading. Carbon Black was rumored to have its IPO in 2018, while Cybereason has raised over $189 million with SoftBank investing $100 million in June 2017, to expand its EDR offering.


Threat intelligence & signature feeds include tools that help enterprises to provide better responses to security threats by adding context from external sources to internal threat data. This category of cybersecurity offers evidence-based knowledge for organizations in areas such as context, indicators, mechanisms, implications, and action-orientation regarding existing or emerging threats.

Recorded Future, with its significant presence in large organizations and total funding of $58 million is a key vendor of Threat Intelligence and Signature Feeds, according to a report by PR Newswire. The other key vendor is ThreatConnect, which was founded in 2011 and has integrations with over 100 curated and open source feeds, SIEM systems, and other products, as per Dark Reading's report.


Deception based security help organizations to hunt attackers, detects lateral movements, and automates incident responses. Technologies offered in this category disrupt attackers through the use of decoys, deceit, as well as misdirection to delay and prevent the progression of breaches across endpoints, data, network applications, and applications. Vendors in this category offer platforms that are automated, accurate, as well as provide insights into threats within internal networks that other types of cyber defense may not see.

Cymmetria is a key vendor of deception-based security; founded in 2014, the company offers personalized cloud-based services and was early to market in this sector. Another significant vendor in the Deception Dased Security category is Illusive Networks, which has strategic partnerships with the likes of Citi Ventures, Microsoft, and Microsoft, and has been deployed in organizations in the healthcare, financial services, energy, and other industries.


Security operations automation and orchestration (SOAR) is an emerging category of cybersecurity that provides tools to enhance faster response to security threats from different security processes and systems by collecting, connecting, and analyzing alert data from the sources that pose present and potential threats for organizations. This cybersecurity category enables automated decision-making across applications and device by integrating organizational data from already-existing enterprise security technologies.

Splunk Phantom and Swimlane are two significant vendors in the SOAR cybersecurity category. Splunk Phantom uses Playbooks to automate SOC responses extensively and has raised over $23 million in venture funding, while Swimlane completed a $6 million Series A financing in 2017 to accelerate its market growth and partners with HPE, McAfee, Trend Micro, CrowdStrike, and others.

Dive deeper

Only the project owner can select the next research question.
Need related research? Let's launch your next project!

  • "Cybereason automatically detects malicious activity and presents it in an intuitive way. It deploys easily with minimal organizational impact and provides end-to-end context of an attack campaign. Most organizations deploy Cybereason and start detecting attacks within 24 to 48 hours."
  • "Recorded Future Named "Most Innovative Threat Intelligence" by Cyber Defense Magazine Company Recognized for Second Consecutive Year for Technology that Provides the Only Complete Threat Intelligence Solution Powered by Machine Learning to Reduce Risk"