Cloud & App Security Product Insights

v1.17 Added vendors: CNAPP_Uptycs, Boundary-Breakers_AIStrike, Boundary-Breakers_nanovms, Boundary-Breakers_Security_Runners, Boundary-Breakers_Dropzone, Boundary-Breakers_Cloudfence, Boundary-Breakers_Chaser, Boundary-Breakers_Kosli, Remediation-Platforms_Vicarius, CSPM_CodeShield, LLM_Aim, LLM_Unbound, LLM_AppSOC, ASPMs_Phoenix_Security, ASPM_Soos, ASPM_Codacy, ASPM_StartLeftSecurity, ASPMUptycs, PT_Kulkan, Container-Runtime_Uptycs, RASP_Deepflow, SCA_Soos, SCA_StartLeftSecurity, IaC_StartLeftSecurity, Container-Vulnerability_Autonomous, Container-Vulnerability_Soos, Container-Vulnerability_StartLeftSecurity, Cloud-Identity_Oasis, Cloud-Identity_Token, MDR_Fortra, API_Aikido, Corporate_Identity_BalkanID, SAST_Soos, SAST_StartLeftSecurity

• Added AI Strike to Boundary Breakers - Unique combo of SIEM + CSPM with layered LLM throughout
• Added NanoVMs to Boundary Breakers - A dope implementation of unikernels - I didn’t know what these were
• Added Security Runners to Boundary Breakers - Neat project to test cloud detection rules, with misconfigured resources deployed with Go
• Added DropZone to Boundary Breakers - Security analyst but with LLMs
• Added Cloud-fence to Boundary Breakers - Too useable to be “just a CSPM”, great focus on practioner needs with network and identity in the cloud
• Added Chaser to Boundary Breakers - Unique enforcement of network egress traffic via security groups
• Added Kosli to Boundary Breakers - Granular attestation for files, which can be applied to a bunch of use cases
• Added Vicarius to Remediation Platforms - A modern tenable alternative
• Added CodeShield to CSPM - Attack simulation (attack paths) focusing on identifying risky permissions
• Added Aim Security to LLM - A fully featured LLM Security platform
• Added Unbound to LLM - A browser plugin and proxy based approach for sanitization and visibility
• Added AppSoc to LLM - More of an MLBOM approach to LLM security, focusing on the governance and risk of model choice
• Added Phoenix Security to ASPM - Francesco appeased me by adding enough of their own scanners to qualify - still a great choice on the vulnerability management side of ASPM
• Added SooS to ASPM, SCA, SAST, & Container - All in one code scanner
• Added Codacy to ASPM - Code health and security, a la sonarcloud, with rich integration support
• Added StartLeftSecurity to ASPM, SCA, IaC, SAST, and Container - All in one code scanner
• Added Uptycs to CNAPP, ASPM, Container Runtime, - Most fully featured CNAPP, even though that creates usability bloat. Good K8s visibility
• Added Kulkan to Pentesting - great pentesting shop specializing in hybrid environments
• Added Deepflow to ADR - open source application tracing and profiling
• Added Autonomous to Container Vulnerability - A great evolution of Docker Slim for creating low profile docker images, one might argue better than other approaches???
• Added Oasis to Cloud Identity - Comprehensive non-human identity scanning and access graphs
• Added Token to Cloud Identity - Identity scanner with some workload support, looking for identity configuration issues
• Added Fortra to MDR - A surprisingly robust set of homegrown features - from ELK to WAF - to provide comprehensive mid market security coverage
• Added Aikido to API Security - The homies squeak into this category with their RASP and DAST
• Added BalkanID to Corporate Identity - Platform for SaaS access management - from over-privileged detection to workflows

v1.16 Added vendors: CSPM_Kloudle, PT_Include_Security, DAST_Nightvision, API_Traceable, API_Nightvision

• Added Include Security to Pentest - offering in depth technical pentesting
• Added Nightvision to DAST and API Security - builds API docs based on your code and then tests them
• Added Traceable to API Security - in depth runtime focused API security that excels due to it’s numerous integration possibilities
• Added Kloudle to CSPM - simple on demand CSPM scanning

v1.15 Added vendors: CNAPP_Tenable, Boundary-Breakers_Formal, Boundary-Breakers_HoundDog, Boundary-Breakers_Mimic, Remediation-Platforms_Zafran, Remediation-Platforms_Cyclops, CSPM_CheckRed, LLM_Mindgard, Code-Fixers_DryRun, Code-Fixers_Seezo, CDR_StreamSecurity, Container-Runtime_Sweet_Security, Kubernetes_Aqua_Security, RASP_Miggo, RASP_Oligo, SCA_Netrise, SCA_ReversingLabs, SCA_Coana, SCA_Contrast_Security, Container-Vulnerability_Endor, Cloud-Identity_Andromeda, API_42Crunch, API_Firetail, API_noname, API_SaltSecurity, SAST_Contrast_Security

• Added Formal to boundary breakers - Very cool reverse proxy for inbound data flows
• Added hounddog to boundary breakers - Checking for sensitive data leaks
• Added Zafran to remediation platforms
• Added Cyclops to remediation platforms
• Added CheckRed to CSPM - CSPM with some neat SaaS rules
• Add Tenable Cloud to CNAPP - Ermetic with a rebrand
• Changed RASP to ADR, added Miggo and Oligo
• Added 42 Crunch to API security - built around OpenAPI specs
• Added Firetail to API security - API discovery and protection via SDK
• Added Noname to API security - a network engineer’s approach to API security
• Cleaned up boundary breakers a bit - moved DryRun, Grit, and Moderne to “code fixers”
• Added Mimic to boundary breakers - deception based ransomeware protection
• Reorded CDR in light of my new definitions
• Added Stream Security to CDR - agentless CDR with a bigger focus on integration and attack paths
• Added Andromeda to Cloud Identity - a more holistic attempt at making least privileged access a reality
• Added Procyon to cloud identity - JIT access
• Added Seezo to code fixers - turning design docs into security requirements
• Added some gaps I had with Sweet, Rad, and Sternum not being on container runtime
• Added Endor to container vulns
• Updated Chainguard description
• Added Mindgard to LLM
• Added Netrise, Reversing Labs, and Coana to SCA
• Added Contrast to SCA and SAST since they do that testing via the instrumentation

v1.14 Added vendors: Boundary-Breakers_Ophion, Boundary-Breakers_Zenity, PT_Ophion, PT_Inspecitv, SCA_Scribe

• Added Ophion to Boundary Breakers - the most in depth automated recon I’ve seen, the closest to an actual automated pentest instead of just bad DAST and nmap scanning
• Added Zenity to Boundary Breakers - Creating a security platform for no/low code solutions like Salesforce and Servicenow
• Added Inspectiv to Pentesting - Bug bounty and pentesting where they do some of the grunt work for you
• Added Scribe to SCA - in depth SBOM and attestation management

v1.13 Added vendors: Boundary-Breakers_Bedrock_Systems, LLM_Noma, Mobile_Approov, Container-Runtime_Sternum, Container-Runtime_Bedrock_Systems, Container-Vulnerability_Oligo_Security

• Added Bedrock Systems to Boundary Breakers and Container Runtime - an extremely nerdy level of security by providing a hypervisor for linux workloads
• Added Noma Security to LLMs - a very unique approach to LLM security that focuses on securing data pipelines instead of just LLMs themselves
• Added Approov to Mobile - a runtime oriented approach to validating the security of an app before fetching sensitive data
• Added Sternum to Container runtime - another nerdy level of container security, but focused on memory exploits and expanding into other CWEs
• Added Oligo to container vulnerability because somehow I only had them under container runtime and SCA before

v1.12

• Added Leen to Boundary Breakers - a unified API for vulnerability data
• Added Tracebit to Boundary Breakers - Honeypot infrastructure for your cloud
• Added Turbot to Cloud Identity, Secret Scanning, IaC, and CSPM - guard rails and enforcement on top of querying cloud data
• Added Cremit to Secrets Scanning - Secrets scanning + real time monitoring
• Added Pillar to LLM - Library based application detection and protection
• Added OpenRefactory to SAST - focusing on building an amazing SAST engine above all else

v1.11 Added vendors: Boundary-Breakers_Seedata, Remediation-Platforms_SecOps_Solution, Code-Fixers_Infield, Cloud-Identity_Sonrai, Corporate_Identity_Push_Security

• Added Seedata to Boundary Breakers - Honeypots as a service is dope and underrated
• Added SecOps Solution to Remediation Platforms - Network based vuln scanning and patching. It’s not the cleanest fit but I don’t have a separate category for general vuln scanning
• Added Infield to Code Fixers - Great team offering SaaS and services for painful version upgrades
• Added Sonrai to Cloud Identity - Probably the fastest way to get your cloud 80% more secure than it was before by focusing on boundaries instead of least privileged
• Added Push Security to Corporate Identity - Browser plugin for detecting unsafe SaaS use/risk from employees

v1.10 Added vendors: Boundary-Breakers_VulnCheck, Remediation-Platforms_RevealID, CSPM_Aikido, MDM_Fleet, PT_Intigriti, Container-Vulnerability_Aikido, DAST_Aikido, DAST_EdgeScan

• Added VulnCheck to boundary breakers - Excellent threat feed like enrichment of vulnerability exploit data
• Added REVEALD to Remediation Platforms - Not the cleanest fit, but trying to avoid creating a CTEM category
• Added Aikido to the gaps - hard to keep track of all the scanners when you’re 9-in-1
• Added Intigriti to Pen Testing - bug bounty but better
• Added EdgeScan to DAST - lots of pentesty services

v1.8 Added vendors: Boundary-Breakers_Myrror, Code-Fixers_Nullify, SCA_Myrror

• Added Myrror to SCA and Boundary Breakers
• Added Nullify to code-fixers

v1.7 Added vendors: Boundary-Breakers_Devici, SCA_Phylum, SCA_Tidelift, Cloud-Identity_InstaSecure, DAST_Akto, API_Akto

• Added Devici to boundary breakers - I think we’re going to see more tools dedicated to threat modelling. As people realize that developers handle application security testers better than security experts do, there will be a greater emphasis on the threat modelling and change processes.
• Added Phylum to SCA - Another provider focused on upstream malware detection, going far beyond CVE detection and response workflows
• Added Tidelift to Boundary Breakers & SCA - the only platform where you can work with maintainers directly, instead of mindlessly opening GitHub CVE issues never to get fixed

v1.6 Added vendors: Remediation-Platforms_Dependency_Track, Secret-Scanning_Legit_Security, Code-Fixers_Staris, PT_Staris, PT_MindPoint_Group, SCA_Socket, IaC_Legit_Security, Container-Vulnerability_Legit_Security, DAST_Staris, MDR_MindPoint_Group, SAST_Staris

• Added Legit Security to Container Vulnerability, IaC, SCA, Secret Scanning, and SAST
• Added Staris to Pentesting, Code Fixers, SAST, and DAST
• Added MindPoint Group to MDR and Pentest
• Added Socket to SCA

v1.5 Added vendors: Boundary-Breakers_Seal, Boundary-Breakers_Grit, Secret-Scanning_Qwiet, ASPM_Qwiet, Code-Fixers_Seal, Code-Fixers_Grit, Code-Fixers_Amplify, SCA_Seal, SCA_Xigeni, SCA_Qwiet, SCA_Checkmarx, IaC_Qwiet, IaC_Checkmarx, Container-Vulnerability_Qwiet, Container-Vulnerability_Checkmarx, DAST_Pynt, DAST_Checkmarx, API_StackHawk, API_Escape, API_Pynt, SAST_Qwiet

• Added Seal Security to Boundary Breakers, Code Fixers, and SCA - Truly ambitious plans to backport vulnerability patches to make auto-patching a reality
• Added Grit to Boundary Breakers and Code Fixers - Another ambitious project to create automation playbooks for major framework updates and changes
• Added Qwiet to ASPM, Secrets, IaC, SCA, SAST, and Container
• Added Amplify Security to Code Fixers
• Added Pynt to API Security and DAST
• Added Escape and StackHawk to API Security
• Added Checkmarx to DAST, SCA, and Container

v1.4 Boundary-Breakers_Xigeni, Code-Fixers_Latio, Container-Runtime_ARMO, Container-Runtime_Operant, Container-Runtime_Oligo_Security, API_Impart, API_Operant, API_Levo, API_AWS, API_Wallarm, API_Cloudflare, API_F5, API_Fortinet

• Removed Mobb, Pixee, and Corgea from Remediation Platforms and created a new category called Code Fixers
• Changed WAF to API Security
• Moved Code Fixers, ASPM, Remediation Platforms, and API Security to “Trending”
• Added Xigeni to Boundary Breakers - it took me a while of diving into the platform, but Xigeni has built a really unique solution to supply chain security instead of what have become the standard checkboxes for ASPM
• Added LAST to code fixers
• Added Armo to Container Runtime with KubeCop
• Added Operant to Container Runtime, API Security, and Kubernetes
• Added Levo to API
• Added TrustOnCloud to Boundary Breakers

v1.3 Added vendors: CSPM_Cycode, Container-Runtime_Upwind, IaC_Aqua_Security, Container-Vulnerability_Cycode, Container-Vulnerability_Mend, Container-Vulnerability_Apiiro, Container-Vulnerability_Veracode, SAST_Mend, SAST_Aqua_Security

• Added Mend to SAST and Container scanning - they’ve expanded into these capabilities from SCA
• Added Upwind to Container Runtime
• Added Cycode to container vulnerability and CSPM
• Updated Phoenix Security description
• Added Akitra to automated GRC
• Added Veracode to Container Vulnerability
• Added Aqua Sec to SCA, SAST, IaC
• Added Apiiro to container vulnerability

v1.2 Added vendors: Secret-Scanning_Xigeni, LLM_Harmonic, ASPM_Xigeni, IaC_Xigeni, Cloud-Identity_Abbey, Corporate_Identity_Veza

• Added Xigeni to ASPM and related categories - unique approach to detecting active threats in your supply chain
• Added Harmonic to LLM - focus on LLM security with an emphasis on identifying contextual data types
• Added Abbey to Cloud Identity - really great terraform workflow for access requests
• Added Veza to Corporate Identity - great ability to query and alert on user access and who has access to what

v1.1 Added vendors: Cloud-Identity_P0_Security, Corporate_Identity_Crosswire, Corporate_Identity_ConductorOne, Corporate_Identity_Opal

• Added P0 Security to Cloud Identity - awesome JIT access for dev resources
• Added Crosswire to Corporate Identity - great okta runtime alerting and config checking
• Added LeakSignal to Kubernetes Security - really great and needed kubernetes network security solution
• Updated DevOcean description - pushing the possibility of remediation platforms

v1.0

• Created RASP, LLM, CDR, Corporate Identity, and Cloud Identity categories
• Added DataDog to RASP
• Added Contrast Security to RASP
• Created LLM Category
• Added Prompt Security to LLM
• Added Apex Security to LLM
• Added Lakera to LLM
• Added Lasso Security to LLM
• Added BoostSecurity to ASPM, SCA, SAST, IaC, Secrets, and Container Vulnerability
• Added Cyscale to CNAPP and CSPM
• Added Elastio to CNAPP - this isn’t a really clean category fit
• Added Garantir to Corporate Identity
• Moved Mobb to Remediation Platform
• Added Pixee to Remediation Platform
• Added Backslash to ASPM, SCA, SAST, and Secrets
• Added Dazz to Secrets
• Added Probely to DAST
• Added Paraxial to SAST, SCA, and RASP
• Added Gokomo to Identity
• Added Argos to Pentest
• Moved a bunch of people to CDR
• Added Rezilion to ASPM, Container Vulnerability, and ASPM

v0.9

• Added Silk Security to Remedation Platforms
• Added Opus Security to Remediation Platforms
• Added Tromzo to Remediation Platforms
• Added Firemon to CSPM & CNAPP
• Added ChainGuard to Container Vulnerability
• Added Abira Security to Pentesting

v0.8

• Added button to link to Youtube and Long form newsletters
• Created new Kubernetes category to focus on companies that are providing unique value to k8s environments
• Added KSOC to Kubernetes
• Added ARMO to Kubernetes
• Added Accuknox to Kubernetes
• Added Tigera to Kubernetes
• Added Spyderbat to Kubernetes
• Added Sysdig to kubernetes
• Added Datadog to Kubernetes
• Updated Endor SCA description
• Added Nosey Parker to Secrets
• Added Plerion to CNAPP and CSPM
• Added Gem to CNAPP

v0.7

• Added Pangea to Boundary Breakers
• Made the executive decision that if you offer your own scanning focusing on complete coverage of app scanning, then you’re an ASPM. If you purely ingest vulnerabilities from other tools, then you’re a remediation platform. ASPM (broadly) is missing runtime visibility, and Remediation Platforms don’t intend to provide meaningful value from their own scanners.
• Added Deepfence to CNAPP
• Added Deepfactor to Container Runtime
• Added Prowler to CSPM
• Added Phoenix Security to Remediation Platforms
• Added Armorcode to Remediation Platforms
• Small wording changes
• Small positioning changes - I’m now comfortable saying that providers are positioned in a general order of how cool I think they are, with a sprinkle of “I want to give more attention to smaller companies.”

v0.6

• Created ASPM and Mobile Categories
• Added Ox Security to ASPM
• Added Arnica to ASPM
• Added Cycode to ASPM
• Added Oxeye to ASPM
• Removed Bionic from boundary breaker, added to ASPM
• Added Apiiro to ASPM
• Added JIT to ASPM
• Added Legit Security to ASPM
• Added Tromzo to ASPM
• Added Kondukto to ASPM
• Added Synopsys to ASPM
• Added Riscocity to Boundary Breakers
• Added Dry Run to Boundary Breakers
• Added Moderne to Boundary Breakers
• Added Tigera to CNAPP
• Added Rapidfort to Container Vulnerabilities
• Added Slim to Container Vulnerabilities
• Added Ox to SAST, SCA, Secret-Scanning, and IaC
• Added Oxeye to DAST, SAST, secret-scanning and SCA
• Added Arnica to IAC, SAST, secret-scanning and SCA
• Added Apiiro to SCA, IAC
• Added Mobb to SAST
• Added DeepFactor to SCA
• Added Fossa to SCA
• Added Impart to WAF
• Added Pangea to WAF
• Added Wallarm to WAF
• Added Corellium to Mobile
• Added Zimperium to Mobile
• Added Now Secure to Mobile
• Made sidebar scrollable

v0.5

• Added Query.ai to SIEM
• Added Cyrex to Pentest
• Added Raito to Identity
• Added Kudelski to MDR
• Added Docker Scout to Container Vulnerability

v0.4

• Add Entro to Identity
• Add Slauth to Identity and IaC
• Add Aikido to Boundary-Breakers
• Add Skyhawk to CNAPP
• Add Lumos to Identity
• Add Armo to Container Vulnerability
• Add Spyderbat to container runtime

v0.3

• Updated CIEM to Identity
• Added Axiom
• Added Astrix
• Added Kivera
• Added Stack Identity
• Added Teleport
• Added Kodem to Container-vulnerability
• Added Orca to CSPM

v0.2

• Legit Security description updated and moved to remediation platform
• SentinelOne description updated to better reflect their container capabilities
• Added AccuKnox to CNAPP and Container-Runtime
• Added Endor Labs to SCA
• Added Bionic to Boundary Breakers
• Added Bearer.sh to SAST
• Added hackerone to pentest
• Updated Seemplicity description
• Updated Avalor description
• Added Dig Security to Boundary Breakers
• Added Lakera as a Boundary Breaker

v0.1

• Added Wiz to Container-Runtime Security
• Removed Dazz from Boundary-Breakers and created new Category “Remediation Platforms”
• Added Seemplicity, Avalor, Dazz, DevOcean, Vulcan, and Nucleus to the new category along with category description
• Added Permiso to Boundary Breakers
• Added Semgrep and Legit Security to SCA
• Considered adding ASPM as a category, but not sure enough it’s a real thing
• Added Gomboc, Oak9, and Resourcely to IAC
• TODO: DLP Category