kromkrathog -

5 cybersecurity vendors to watch in 2020

A number of cybersecurity startups earned tens of millions of dollars in venture capital investments last year. Here are five such vendors poised to emerge and grow in 2020.

With billions of dollars invested every year in cybersecurity vendors, and billions more being spent on products and services, there's no shortage of startups emerging to meet new challenges.

A number of such startups received significant venture capital (VC) funding in 2019. According to a study from Strategic Cyber Ventures, a VC firm based in Washington, D.C., global investments in cybersecurity companies for 2018 grew to $5.3 billion, and that growth was expected to continue this year and beyond.

SearchSecurity looks at five emerging companies that have raised significant funding in the last year and are poised to break out in 2020.


Clumio was founded in 2017 by Poojan Kumar in Santa Clara, Calif. The startup, which recently raised a whopping $135 million in series C funding, is a cloud-native backup as a service (BaaS) provider that is built on top of AWS. Clumio's aim is to provide data protection along with a secure backup service.

"We're a security-first company," CTO Chad Kinney told SearchSecurity. "We really spent a lot of time thinking about what we're doing as a core platform setting ourselves up for success."

Clumio has done this by implementing an always-on encryption model where data is encrypted at every step of the way.

"And the way it starts, which I think is a critical feature of the platform, is that the data is encrypted before it leaves the customer environment; it's encrypted in the customer environment, it's transmitted over a secure channel and then it's stored securely in S3. And there's different encryption keys used in each of those steps," CSO Glenn Mulvaney said.

Read SearchSecurity's full Q&A with Clumio here.


Siemplify is a New York-based startup founded in 2015 by Alon Cohen, Amos Stern and Garry Fatakhov. The company is a Security Orchestration, Automation and Response (SOAR) provider that hopes to, through its platform, provide a Salesforce-like hub for the security operations centers (SOCs). The platform ties various third-party products together, streamlining both the data and overall experience for enterprises.

"It became very clear to [the company's founders] that the way that security operations teams work is highly flawed," said Nimmy Reichenberg, chief strategy officer at Siemplify. "There are so many things that can be improved about how these teams work, and they had this idea: Why don't we build this product and start a company that will solve what we're seeing from training security operations teams around the world? And they founded Siemplify."

Reichenberg said it's becoming harder to integrate third-party security products today, which makes it more difficult for SOCs to aggregate and correlate security data. Luckily, Siemplify recently raised $30 million in Series C funding and is planning to further scale its platform, as well as its go-to-market operations.

Read SearchSecurity's full Q&A with Siemplify here.


Founded in 2015, BigID offers a platform that helps enterprises manage and protect data, as well as comply with new privacy laws like the California Consumer Privacy Act (CCPA) and GDPR. The company's ethos is simple: If an enterprise wants to protect customer data, then it first needs to understand the data.

"BigID's aim is to help organizations better understand what data they store about their customers and in general, and then allow them to take action on top of that and comply with regulations and better protect the data and better manage it to get more value out of the data," co-founder and chief product officer Nimrod Vax said.

The company recently won the 2018 Innovation Sandbox contest at RSA Conference, and on Sep. 5, 2019, the company raised $50 million in a Series C funding round (BigID has raised just under $100 million total).

Read SearchSecurity's full Q&A with BigID here.


CyCognito, which was founded in 2017, is built on the premise that the best way to defend against cyberattacks is to see what potential attackers see. This is done through what the startup calls a "Shadow Risk Elimination" platform, which obtains publicly available threat information and runs noninvasive attack simulations using bots to identify weaknesses in customers' defenses.

CyCognito co-founder and CEO Rob Gurzeev said threat actors' ability to perform reconnaissance on targeted organizations' environments and assets gives them a "black box" advantage over both enterprises and traditional security vendors.

"We understood and learned that this reconnaissance process is what gives attackers advantage over the defenders every single time, and no matter how many tens of millions of dollars you invest in defending the assets you know, it's the assets you don't know or don't control that will eventually be targeted by attackers," Gurzeev said.

The company has raised $23 million across two funding rounds -- most recently an $18 million Series A in November.

Stay tuned for SearchSecurity's full Q&A with CyCognito.

Signal Sciences

Signal Sciences, founded in 2014, is a next-generation web application firewall (WAF) company based in Culver City, Calif. The startup, which also provides runtime application self-protection (RASP), raised $35 million in Series C funding earlier this year.

Compared to other WAF companies, Signal Sciences believes its primary differentiator is its ability to protect cloud-native applications, as well as legacy apps. The company's next-gen WAF can also be deployed in the customer's web server or alongside the application runtime.

"We are able to give them coverage over the new types of applications in software development in the cloud," founder and CEO Andrew Peterson said. "So, you can get coverage over any type of application architecture you're developing, which a lot of these legacy [WAF] companies have frankly had a hard time understanding what these new architectures mean."

Stay tuned for SearchSecurity's full Q&A with Signal Sciences.

Dig Deeper on Security operations and management

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing