The Periodic Table Of Early-Stage Cybersecurity

Cybersecurity attacks are rapidly evolving and becoming increasingly severe. Once niche areas of digital security such as defending against social engineering attacks, detecting insider threats, and more are now top-of-mind for CEOs across nearly every industry — from banking to logistics, and beyond.

In tandem, early-stage (seed – Series A) startups are rising to address a myriad of these cyber challenges. We put together a periodic table of early-stage cybersecurity that spotlights the industry’s most promising young startups, emerging industry categories, and most active investors. Investors were selected based on number of early-stage deals to cybersecurity companies since 2012.

The table is meant to serve as a guide to navigate the key early-stage players in the industry. The companies and investors in the table were chosen using CB Insights data and analytics on company momentum, financial health, and investor quality.

Click on the image below to enlarge. The categories in our table are not all mutually exclusive, and the table is not meant to be exhaustive of early-stage companies in this industry.

NAVIGATING THE PERIODIC TABLE OF early-stage CYBERSECURITY

The table’s top section lists early-stage cybersecurity startups, while the bottom two rows show the most active investors in early-stage cybersecurity startups. We broke down our list of startups into 17 categories:

Fraud Prevention: Fraudulent online transactions are on the rise, in part due to an increase in international transactions that rely on processing multiple currencies and new payment types. Companies in this space include Singapore based CashShield, which helps companies stop fraud — especially in e-commerce transactions. Others include Next Caller, which verifies caller identities, validates phone numbers, and flags call spoofing to isolate high-risk interactions. Elliptic identifies illicit and fraudulent financial activity on the Bitcoin blockchain.

Automated Cybersecurity: There is a shortage of qualified personnel in the cybersecurity industry. Startups such as Intezer and Jask Labs offer software that utilizes advanced algorithms to efficiently and instantaneously respond to security threats, augmenting the work of security analysts.

Cloud Security: Corporations are increasingly hosting cloud applications and operating across hybrid-cloud infrastructures. This means that sensitive data is housed in both public and private enterprise cloud environments, which creates new security concerns. Startups in this category such as Obsidian Security are applying artificial intelligence to security specifically for hybrid-cloud environments.

Identity Management: Identity theft is on the rise, especially in the United States. Companies in this category have a core product that determines a user’s identity by authenticating their credentials and authorizing them for appropriate access to digital resources. Companies like CallSign protect consumer identities to minimize the impact of compromised credentials. Others such as Authenteq enable users to verify and create their own digital ID’s stored on blockchain technology.

IIoT Security: Startups in this category are developing tools to help protect the internet connected elements of critical infrastructures — power, water, transportation, etc. Dragos offers the ability to proactively hunt for threats in industrial control systems, and more.

Insider Threat Detection: Insider threats come from people within the organization, such as employees, former employees, contractors, or associates, who have unique access to an organization’s security practices, proprietary data, and networks. Startups helping enterprises tackle this emerging threat include Securonix and Wiretap.

Data Confidentiality: Increasingly, companies that depend on the manipulation of sensitive data want to be able to share that data both internally and externally, while also maintaining the confidentiality of their users and intellectual property. Often, this type of data is encrypted and needs to stay encrypted. Startups enabling the sharing of confidential data include Enveil, which enables third-parties to perform operations on confidential data such as searches and analytics without decrypting anything. Others include Fortanix, which allows users to run applications securely in public clouds with complete privacy from the cloud provider.

Development Security Operations (DevSecOps):  This category is focused on cybersecurity tools for software engineers. One of the most notorious cyber breach types is known as a zero-day exploit, which takes advantage of previously unknown vulnerabilties in code that can give attackers access to networks and systems. Consequently, there is a need to address cybersecurity concerns at the software development level of production. Companies in this space include Tanker, which provides developers with an encryption solution and a key management platform. Others include Virgil Security, which enables developers to build cryptographic features into their software.

Threat Intelligence: Advancements in machine learning and predicitive analytics hold promise for the ability to predict when and how cyber attacks will occur. Companies in this space parse various internal and external data feeds to help analysts predict and thwart impending attacks. Startups include 4IQ, which configures alerts and visualizes threat trends from sources like the visible web, social media, & the Deep and Dark web.

Social Engineering Defense: Most cyber attacks are traced back to the theft of login credentials that enable attackers to gain entry into proprietary networks and systems. Often, credentials are stolen through sophisticated social engineering campaigns that are designed to fool victims into unwittingly offering up their passwords. Startups that are helping to thwart these types of attacks include IRONSCALES, which offers an approach to prevent, detect, and respond to a common social engineering attack known as phishing, often perpetrated through emails.

Deception Security: Corporations and government agencies are widely accepting the reality that they will be (or already have been) breached in a cyber attack. As a result, there is an increasing need for tools that deal with attackers that are already operating maliciously inside networks and systems. The startups in this category offer cybersecurity systems that deploy decoy-assets in a network as bait for attackers, to then identify, track, and disrupt security threats — such as advanced automated malware attacks — before they do damage. Companies in this category include Minerva Labs, among others.

IoT Security: Internet connected devices are often not built with cybersecurity in mind, and as a result can be both attacked and used in attacks. Startups in this category such as Senrio offer products and services to authenticate IoT devices and encrypt data transmitted throughout IoT systems and networks.

Healthcare Security: Hospitals and medical equipment are increasingly vulnerable to cyber attacks. Startups that are helping to defend these facilities and their machines include MedCrypt, which enables medical device vendors to implement cybersecurity features into their products. Others include Protenus, which allows security teams to protect health data from misuse.

Digital Privacy & Anonymity: Surrendering personally identifiable information (PII) is becoming more common than ever across social media, e-commerce, and more. In tandem, corporate hacks have unleashed unprecedented amounts of PII into the wild. The high-level of tracking and profling combined with the insecurity of our PII has prompted the rise of a new class of cybersecurity startups that help users operate online while ensuring their digital privacy and anonymity. Companies in this category include Orchid, an open-source project committed to ending surveillance on the internet.

Cyber Posturing & Insurance: Startups are rising to offer products and services for quantifying cyber risk and for negotiating cyber-insurance premiums. Seed-stage startup ThreatInformer provides cyber underwriters with actionable security risk metrics, tailored to their products. Other startups such as Balbix are focused on cyber posturing, which entails helping organizations pinpoint risk and remediate cyber vulnerabilities.

Firmware Security: Firmware is computer software that provides control for a device’s hardware components. Attackers exploit vulnerabilities in firmware to siphon data that can completely destroy machines at will, among other malicious outcomes. Eclypsium is developing technology for organizations to defend their systems against firmware, hardware, and supply chain attacks. ReFirm Labs is developing products to detect security vulnerabilities in firmware that runs on Internet of Things devices.

Automotive Cybersecurity: Cars are becomming increasingly connected and autonomous. Startups are developing tools to prevent attackers from breaching connected cars including Upstream Security, which offers a cloud-based shield that blocks cyber-attacks before they reach the vehicle’s network.