6 Execs Reveal The Cloud Security Startups They're Most Excited About

CRN asks six cybersecurity technical and research leaders which cloud security startups that believe are delivering the most product innovation.

Up And Comers

Eight cybersecurity technical and research leaders spoke with CRN about which cloud security startup or startups they believe are driving the most significant change.

Some security leaders flagged container security specialists who are focused on securing east-west movement within Kubernetes and defending against internal or lateral attacks. Other praised cloud security startups that are able to scale to meet increased traffic loads thanks to cloud-native design rather than merely repurposing on-premise tools.

Other executives favored startups that use automation to construct security-compliant infrastructure at the operating system (OS) level or analytics to recognize commonalities or patterns around threat data. As part of CRN's Cloud Security Week 2019, here's a look at the cloud security startups that leaders are expecting to make waves in the months and years ahead.

Tim Jefferson, SVP of Data Protection, Network and Application Security, Barracuda Networks

Frederick, Md.-based Fugue has been focused on building a cloud operating system (OS) management layer that makes it possible for developers to construct security-compliant infrastructure in an automated manner, Jefferson said. Automating security controls is consistent with best practices to avoid the potential for human error, according to Jefferson.

Having Fugue provide a framework and tools to automate and manage the deployment of infrastructure is ideal in the public cloud, and beneficial to the company's ecosystem partners, according to Jefferson. Fugue's use of the software-defined data center to manage security infrastructure is efficient, easy to scale back, and can scan for policy violations such as a role or credential that shouldn't be used, he said.

Anurag Kahol, Chief Technology Officer, Bitglass

San Francisco-based Okta and San Jose, Calif.-based Zscaler are the two best-performing cloud security startups, Kahol said. Zscaler has done a really good job of taking market share from on-premise security providers by centralizing the secure web gateway functions in the cloud and making it possible for security policies to be updated in one central place, according to Kahol.

Zscaler handles scale very well, Kahol said, and is capable of processing large volumes of traffic in real-time while still applying extensive policies around malware or other types of threat protection. Having a truly multi-tenant solution rather than just moving an existing on-premise box to the cloud has allowed Zscaler to effective scale as traffic increases, according to Kahol.

Okta, meanwhile, has made identity management and single sign-on very easy for businesses working with multiple different cloud services thanks to pre-existing integrations with many different apps, Kahol said. Having different identity management tools for each cloud services makes password management, provisioning new accounts, and providing multi-factor authentication difficult, he said.

John Maddison, EVP of Products & Solutions, Fortinet

Tel Aviv, Israel-based Alcide has set itself apart from the competition by focusing on securing east-west lateral movement within Kubernetes, Maddison said. Companies need to protect their data flow, and while other Kubernetes tools focus on north-south activity, Maddison said Alcide's ability to secure lateral movement inside the workload is important as well.

Alcide is very small today, and has a long road ahead of them, Maddison said. But the company's focus on different types of data movement within Kubernetes containers provides Alcide with a niche that enables the company to grow its presence in the market.

Maddison said he's also keeping an eye on startups that address the security challenges around serverless computing as well as the API-based technology used to control native cloud instruments.

Tim Mackey, Principal Security Strategist, Synopsys Cybersecurity Research Center

San Jose, Calif.-based NeuVector excels at monitoring containerized applications deployed at a large scale for 'bad behavior' such as internal attacks and lateral attacks, Mackey said. Specifically, Mackey said NeuVector considers what the container environment should look like, what the aberrations are that exist, and whether or not what's running there should actually be there.

NeuVector has differentiated itself from competitors by examining what it means to secure Kubernetes at scale rather than just focused on how an existing competency can fit into the container space, Mackey said. The company has invested heavily in both technology and people with the intent of making Kubernetes more secure, scalable, and operable, according to Mackey.

Legacy offerings require the installation of an agent on all container images, which Mackey said isn't scalable enough to keep up with all the data and results in a larger attack surface. NeuVector's container readability, ability to run replicas, and lack of an interactive log-in really set the company apart from the pack, according to Mackey.

Aditya Joshi, EVP, Products and Technology, Threat Stack

JASK has been doing interesting things in security analytics, and excels at taking security signals and effectively integrating and analyzing them to quickly pinpoint where a problem might be as well as what to look at, according to Joshi. While other SIEM (security information and event management) players deploy-on premise, Joshi said JASK is cloud native and multi-tenant.

As a result, Joshi said JASK is able to aggregate information from multiple customers and develop a mind map of what's happening more broadly. The company is also able to take information from multiple customers, anonymize it, and make is accessible for every customer to share and leverage, according to Joshi.

Sharing data across hundreds of clients that no single company could ever possibly compile on their own gives JASK customers a much better sense of what's happening in their environment, Joshi said.

Reuven Harrison, Co-Founder and CTO, Tufin

A relatively new generation of security vendors like Ramat Gan, Israel-based Aqua, San Francisco-based Tigera, and Portland, Ore.-based Twistlock realize that most workloads and applications will be deployed in a containerized environment going forward and have built their businesses accordingly, Harrison said.

Delivering security in containers allows businesses to abstract away from the underlying platform, which Harrison said is useful for agility purposes. Specifically, Harrison said this makes it possible for a company's IT teams to operate independent without having to depend on underlying infrastructure.

As a result of running at such a high-level abstracted layer, Harrison said companies need specialized tools to truly understand what's happening. Traditional network tools aren't able to understand that higher layer, Harrison said, so businesses have pursued alternatives that provide greater network visibility.