The 20 Coolest Web, Application And Email Security Companies Of 2023: The Security 100
From vendors offering developer-friendly code security tools to those protecting websites against cyberattacks, here’s a look at 20 key web, email and application security companies.
Coolest Web, Email And Application Security Companies
Cybersecurity companies focused on blocking cyberattacks via the web, emails and applications remain as pivotal as ever. A report from IBM Security X-Force found that when it comes to the ways that attackers are gaining initial access into a victim’s systems, phishing remains on top, with 41 percent of incidents in 2022 having involved phishing. Coming in second was exploitation of public-facing applications, accounting for 26 percent of incidents last year, according to the X-Force Threat Intelligence Index 2023.
[Related: Cloudflare Earnings Takeaways: Zero Trust, Generative AI Security, Channel Growth]
In 17 percent of incidents in 2022, attackers succeeded at deploying ransomware, the report found. What that tells us is that the best way to protect against the onslaught of attempted ransomware attacks is to shut down a phishing attack before it can advance any further, and address application vulnerabilities and misconfigurations that can be exploited.
Without a doubt, tools for web, email and application security have had to evolve to keep up with the attackers. In particular, the rise in headline-making critical vulnerabilities, such as Log4Shell and ProxyShell, is a prime piece of evidence that many organizations need to double down on their application security efforts. Tools for spotting vulnerable code earlier in the software development process, often referred to as “shifting left,” have been one major advancement in the application security sphere. Key vendors aiming to enable this shift include Checkmarx, Contrast Security, Lacework, Snyk and Veracode.
Meanwhile, well-established email security vendors such as Barracuda Networks, Mimecast and Proofpoint have also been enhancing their offerings as attackers have refined their phishing tactics.
And in web security, notable vendors with solutions such as secure web gateway (SWG), web application firewall (WAF) and distributed denial-of-service (DDoS) mitigation include Akamai Technologies, Cloudflare, Imperva, F5, Menlo Security, Netskope and Zscaler.
What follows are the 20 web, email and application security companies that made our Security 100 for 2023.
Akamai Technologies
Tom Leighton
Co-Founder, CEO
Akamai’s cybersecurity offerings include application and API security, such as capabilities for blocking malicious web activity. Other capabilities include protection against DDoS attacks, abuse and fraud protection, and technologies for enabling a zero-trust security posture.
Barracuda Networks
Hatem Naguib
President, CEO
Barracuda serves small and midsize enterprises with a broad suite of security offerings, including email protection, application security, network security and data protection. The company has expanded into extended detection and response with its Barracuda XDR service supported by a 24/7 Security Operations Center.
Checkmarx
Emmanuel Benzaquen
CEO
Checkmarx, an application security testing tool company, recently expanded its portfolio with the introduction of API security. The offering, which builds on the Checkmarx Fusion vulnerability correlation platform, aims to comprehensively inventory and remediate all APIs in use, including “shadow” APIs.
Cloudflare
Matthew Prince
Co-Founder, CEO
Cloudflare has a sizable portfolio of security services for the modern network, spanning DDoS mitigation, zero trust network access, cloud security access broker, secure web gateway and browser isolation. The company has also moved into email security with its acquisition of Area 1 Security.
Contrast Security
Alan Naumann
Chairman, President, CEO
Contrast Security offers its Secure Code Platform that aims to enable security to be baked into applications more easily as well as scanning capabilities for identifying and fixing vulnerabilities via Contrast Scan. Contrast Assess, meanwhile, detects and prioritizes vulnerabilities on a continuous basis.
F5
François Locoh-Donou
President, CEO
Recent additions to the F5 security portfolio arrived via the debut of F5 Distributed Cloud Services. The suite includes application security offerings such as Web Application and API Protection, combining web application firewall, DDoS protection and API security.
iboss
Paul Martini
Co-Founder, CTO, CEO
The iboss security platform, focused on enabling a zero-trust security posture, includes a range of capabilities such as authorization and access controls, cloud access security broker, data loss prevention, malware and ransomware defense, and browser isolation.
Imperva
Pam Murphy
CEO
Imperva’s portfolio of application security products includes web application firewall, advanced bot protection, API security, DDoS protection, runtime protection and serverless protection. Within data security, Imperva’s lineup includes protection for sensitive data and advanced data governance.
Lacework
Jay Parikh
CEO
Lacework offers a data-powered cloud security platform that collects and analyzes data from across cloud environments and supplies customers with key insight. The platform is powered by Lacework’s Polygraph machine learning engine that aims to significantly reduce alert volumes while identifying the most pressing threats.
Menlo Security
Amir Ben-Efraim
Co-Founder, CEO
Menlo Security’s cloud-native platform includes products such as secure web gateway, remote browser isolation, cloud access security broker, email isolation, data loss prevention and cloud firewall. A key focus of the platform is on preventing threats that are particularly evasive to security controls.
Mimecast
Peter Bauer
Co-Founder, CEO
Mimecast recently launched its X1 Platform, aimed at reducing security risks from the growth of hybrid work. Features include X1 Precision Detection, which applies “the right detection capabilities at the right time,” and X1 Data Analytics, which ingests and correlates the huge data volumes generated by its products.
Netskope
Sanjay Beri
Founder, CEO
Originally known for its cloud access security broker technology, Netskope has expanded to offer a full secure access service edge platform—which, in addition to CASB, offers secure web gateway, zero trust network access, cloud firewall, data loss prevention, remote browser isolation and advanced analytics.
Proofpoint
Ashan Willy
CEO
Proofpoint expanded its threat protection platform with new capabilities for improved visibility and detection of email fraud and recently integrated its advanced email protection offering with Microsoft Defender for Endpoint. In December, the company unveiled a deal to acquire identity threat detection and response vendor Illusive.
Qualys
Sumedh Thakar
President, CEO
Qualys has a range of offerings across cloud security, asset management, IT security, compliance and web application security. Last year, it launched its extended detection and response platform that uses unique context gleaned from the Qualys asset inventory, patch management and vulnerability management systems.
Salt Security
Roey Eliyahu
Co-Founder, CEO
Salt Security’s API Protection Platform aims to identify and remediate vulnerabilities and other risks in APIs, prior to exploitation by attackers. The platform works by creating a baseline from millions of users and APIs, detecting malicious reconnaissance activity and then blocking the activity.
Snyk
Peter McKay
CEO
Snyk has products for scanning and remediating code security issues that are designed to be developer-friendly to help enable application security issues to be caught and addressed earlier in the process. The company has also expanded into cloud security posture management with the acquisition of Fugue.
Talon Cyber Security
Ofer Ben-Noon
Co-Founder, CEO
Talon’s secure Chromium-based browser, TalonWork, is aimed at helping to protect organizations with hybrid environments. The browser is hardened against zero day exploits and isolates the work environment from device malware while also providing visibility and governance over SaaS applications and offering advanced network inspection capabilities.
vArmour
Timothy Eades
CEO
vArmour offers its Application Policy and Protection Module, which creates a baseline from the behaviors and relationships of data, apps, services and users and then enables the orchestration of policies in the event of abnormal behavior. Other products include the Data Flows Module to increase control over multi-hop application relationships.
Veracode
Sam King
CEO
Veracode product enhancements have included updates to its Continuous Software Security Platform, which have brought new features to developers such as extended integrations that support software composition analysis and an API for improving application visibility through a software bill of materials.
Zscaler
Jay Chaudhry
Founder, Chairman, CEO
Among the many product updates by Zscaler last year were enhancements aimed at simplifying data loss prevention through “zero configuration” capabilities, AI-powered capabilities for its Zero Trust Exchange including phishing prevention and segmentation, and zero trust network access capabilities such as enhanced lateral movement detection.