- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
- I converted this Windows 11 Mini PC into a Linux workstation - and didn't regret it
The 20 Coolest Web, Email and Application Security Companies Of 2024: The Security 100
From vendors offering code security tools to those protecting inboxes and websites against attacks, here’s a look at 20 key companies in web, email and application security.
Among the major disclosures in a recent AI security report from Microsoft and OpenAI was this doozy: It’s likely that nation-state hackers are, indeed, using GenAI to create phishing emails. While the potential for GenAI-powered phishing and social engineering has been widely discussed since the debut of OpenAI’s ChatGPT more than a year ago, the report suggests that it’s really happening in the wild.
[Related: 10 Cybersecurity Companies Making Moves: January 2024]
Notably, according to the report’s findings, attackers from nation-state groups in China, North Korea and Iran are among those taking advantage of Large Language Model (LLM) technology as part of their phishing campaigns. “Our analysis of the current use of LLM technology by threat actors revealed behaviors consistent with attackers using AI as another productivity tool on the offensive landscape,” Microsoft said in the report.
In other words, now bolstered by GenAI, phishing and social engineering tactics may pose an even bigger threat than in the past — and a huge opportunity for email security vendors and their partners to help with protecting organizations of all sizes.
Meanwhile, with vulnerability exploits constituting another big focus area for threat actors in 2024, the adoption of tools for eliminating vulnerabilities during software development remains a growing priority for many organizations. There’s been no subsidence in browser-based threats either, with the continued frequency of attacks such as cross-site scripting — leading to ongoing demand for web application firewalls and other web security tools.
What follows are the 20 web, email and application security companies that made our Security 100 for 2024.
Abnormal Security
Evan Reiser
Co-Founder, CEO
Email security vendor Abnormal Security uses AI-based behavioral analytics to detect anomalous activity across the company level and user level. Major product updates have included an expansion into securing the use of collaboration apps.
Akamai Technologies
Tom Leighton
Co-Founder, CEO
Big updates to Akamai’s security platform have included the addition of enhanced API security through the acquisition of Neosec. Meanwhile, the company debuted an offering that aims to disrupt websites used for phishing as well as brand impersonation.
Aqua Security
Dror Davidoff
Co-Founder, CEO
Aqua Security enhanced its cloud-native application protection platform with the introduction of AI-Guided Remediation, which uses GenAI to automatically produce remediation steps, as well as support for Amazon Security Lake, enabling cybersecurity professionals to more easily collect and correlate data across different sources.
Barracuda Networks
Hatem Naguib
President, CEO
Barracuda Networks launched new offerings for securing web apps and APIs with the debut of its application protection plans. Meanwhile, the company introduced its SASE platform, SecureEdge, which is targeted at the company’s small and midsize enterprise customers as well as at MSPs.
Checkmarx
Sandeep Johri
CEO
Checkmarx unveiled the launch of its Fusion 2.0 platform with updates including the introduction of an application risk management tool. The module brings together information on vulnerabilities with risk ratings as well as prioritization guidance for an organization’s entire software portfolio.
Contrast Security
Rick Fitz
CEO
Contrast Security has unveiled a new capability for security observability with the aim of enhancing visibility into the security of apps and APIs. Contrast’s security observability capability offers “total visibility” into security-related behavior of applications and APIs, the company said.
Cloudflare
Matthew Prince
Co-Founder, CEO
Major Cloudflare product launches included the introduction of its Magic WAN Connector, giving the Cloudflare One platform all the key elements of a single-vendor SASE offering. Cloudflare also updated its Area 1 email security product, including automatic isolation for suspicious links and attachments.
F5
François Locoh-Donou
CEO
F5 rolled out new capabilities aimed at providing comprehensive control and protection for management of applications and APIs. The ML-powered updates enable advanced API endpoint discovery as well as improved anomaly detection, behavioral analysis and telemetry.
Inky
Dave Baggett
Co-Founder, CEO
Email security vendor Inky stands out in the market by using AI to help users make smarter decisions about potentially malicious emails. Among the key updates to the Inky platform have included prevention capabilities against QR code phishing attacks.
Island
Michael Fey
Co-Founder, CEO
Island is making its mark by offering a Chromium-based browser that aims to provide businesses with a much greater level of visibility and control over the use of data inside SaaS applications. Key updates from the startup have included the debut of data loss prevention capabilities for ChatGPT and other GenAI applications.
Lacework
Jay Parikh
CEO
Lacework rolled out Lacework AI Assist, which aims to boost productivity for security teams while also helping to strengthen their relationships with DevOps teams. Meanwhile, the company has integrated its platform with two major ticketing systems, ServiceNow and Jira, with the goal of enabling better vulnerability mitigation.
Menlo Security
Amir Ben-Efraim
Co-Founder, CEO
Menlo Security unveiled new capabilities for preventing threats that are especially evasive to security controls with the debut of its HEAT Shield and HEAT Visibility products. The products aim to thwart evasive browser-based threats such as phishing attacks with the help of AI and ML advancements.
Mimecast
Marc van Zadelhoff
CEO
Mimecast expanded its threat protection capabilities to include collaboration apps such as Microsoft Teams joining its email security offerings. It also unveiled the acquisition of Elevate Security, which is focused on identifying high-risk users. It will be integrated with Mimecast’s security awareness training platform.
Noname Security
Oz Golan
Co-Founder, CEO
Noname Security unveiled its new API security testing tool, Active Testing V2, with capabilities for finding and testing all APIs by leveraging a complete understanding of each app’s business logic. The offering also provides development teams with dynamic API visibility across environments.
Orca Security
Gil Geron
Co-Founder, CEO
Orca Security has debuted “cloud to dev” capabilities with the aim of automatically tracing risks to cloud security that are uncovered in code. The offering enables reduced remediation efforts and can identify the source artifact as well as the developer who owns it.
Proofpoint
Sumit Dhawan
CEO
Proofpoint debuted new capabilities for its Aegis Threat Protection platform that offer proactive protection against GenAI-powered threats such as social engineering attacks. Other launches included improved visibility into cases where Proofpoint deems an email to represent a business email compromise threat.
Salt Security
Roey Eliyahu
Co-Founder, CEO
Salt Security has added advanced threat capabilities, as well as improved API discovery, to its API Protection Platform. The company said it utilizes “only patented AI algorithms for API security” in the industry to offer enhanced user intent detection along with enhanced analytics for API threat severity evaluation.
Snyk
Peter McKay
CEO
Recent platform enhancements from Snyk included an update to its application security posture management offering, AppRisk, with the debut of AppRisk Essentials. The tool provides automatic discovery of app assets that are code-based as well as management of security coverage and prioritization based on risk.
Veracode
Sam King
CEO
Veracode unveiled a new product that utilizes GenAI to provide remediation suggestions for application security flaws, including flaws in both code and open-source dependencies. Veracode Fix is designed to help developers and security teams identify and fix vulnerabilities more quickly and effectively.
Wiz
Assaf Rappaport
Co-Founder, CEO
Wiz recently unveiled the introduction of AI security posture management capabilities onto its platform with the aim of providing greater visibility and cybersecurity around the usage of AI technologies. Wiz also added the ability to pinpoint threats impacting workloads in real time with the debut of its Runtime Sensor.