KCOS Logo

Vendors
Axonius
Axonius is a well-funded mid-stage startup with cybersecurity asset management (CAM) and SaaS management (SM) solutions supporting cloud asset compliance, policy enforcement, software asset management, and vulnerability management. Axonius was founded in 2017 and is headquartered in New York City. Axonius CAM is SaaS-delivered from public IaaS data centers on four continents.
Why worth watching
Axonius offers virtual appliances for on-premises support and can run in Amazon AWS, Google Cloud Platform, and Microsoft Azure. Tiered licensing models are based on the number of discovered and de-duplicated assets.
Balbix
Balbix is a VC funded mid-stage start-up that was established in 2015 and is headquartered in San Jose, California.
Why worth watching
Balbix has connectors for many asset management, cloud (for example, AWS, Azure, GCP), CMDB, EPDR/XDR, CSPM, vulnerability assessment, patch management, IoT/OT, Incident Management and ITSM, BAS, SASE/NAC, and Networking solutions. Balbix Security Cloud customers can federate in from Microsoft Azure AD, Okta, and PingID.
Bishop Fox
Founded as ‘Stach & Liu’ in 2005 by Vincent Liu and Fran Brown, the company was rebranded in 2013 as Bishop Fox. They are headquartered in Tempe, Arizona, with additional offices in Mexico, Spain, and the UK.
Why worth watching
In addition to ASM, Bishop Fox offers penetration testing covering applications, IoT, network, and cloud security, as well as red teaming services.
Bitsight
Bitsight Technologies launched in 2011. They are headquartered in Boston, Massachusetts. Bitsight offers ASM in their Security Performance Management solution, as well as solutions for third party and vendor risk management and cyber insurance. Bitsight has specific products for cyber insurers and national governments.
Why worth watching
Bitsight Technologies launched in 2011. They are headquartered in Boston, Massachusetts. Bitsight offers ASM in their Security Performance Management solution, as well as solutions for third party and vendor risk management and cyber insurance. Bitsight has specific products for cyber insurers and national governments.
CYFIRMA
CYFIRMA is headquartered in Singapore and has additional offices in India, Japan, and the US. The company was established in 2017. DeCYFIR is their ASM (External Threat Landscape Management) solution, and they also have digital risk evaluation services and a mobile app defense product. CYFIRMA External Threat Landscape Management (ETLM) model integrates cyber intelligence, attack surface discovery, vulnerability intelligence, brand intelligence, situational awareness, and digital risk protection, providing organizations with a comprehensive view of their threat landscape. CYFIRMA’s solutions are SaaS-delivered from public IaaS facilities in the APAC region and the US. Pricing is per monitored domain.
Why worth watching
CYFIRMA External Threat Landscape Management (ETLM) model integrates cyber intelligence, attack surface discovery, vulnerability intelligence, brand intelligence, situational awareness, and digital risk protection, providing organizations with a comprehensive view of their threat landscape.
Cymulate
ymulate was founded in 2015 in Israel, and has multiple offices across Asia, Europe, Latin America, and the US. Cymulate is a mid-stage VC-funded company with a platform that includes ASM, exposure analytics, continuous automated red teaming, and BAS.
Why worth watching
Cymulate can detect some application misconfigurations, includes built-in vulnerability assessment and management, and can ingest data from third-party software.
Darktrace
Darktrace was founded in 2013 in Cambridge, UK. Darktrace is a publicly traded cybersecurity company with many offices around the globe. Darktrace acquired Cybersprint, an ASM specialist vendor, in 2022.
Why worth watching
Their product suite components are named and aligned with the phases of cyber defense: PREVENT, DETECT, RESPOND, and HEAL. The ASM functionality is in the PREVENT solution. PREVENT/ASM is completely cloud-hosted, and there are no agents to install on premises. Licensing terms were not disclosed.
Detectify
Detectify was founded in 2014 in Stockholm, Sweden. It has offices in Boston, Massachusetts, and Stockholm, Sweden. They are a VC-funded EASM and application security specialist firm having a background in Dynamic Application Security Testing (DAST). The primary components are Attack Surface Monitoring and Application Scanning delivered in a unified platform. Their EASM services are SaaS-delivered, and there are no on-premises agents or appliances to install.
Why worth watching
Detectify offers free 2-week trials for customer prospects.
Fortinet
Fortinet is a public, US-based cybersecurity company founded in 2000 and headquartered in Sunnyvale, California, with a single, global SOC staffed by analysts in the US, Canada, UK, Germany, India, Philippines, and Japan. Most customers are US-based, followed by EMEA, predominantly in the medium enterprise segment, followed by mid-market enterprises.
Why worth watching
Fortinet MDR is a cloud-based service that includes some on-premises elements such as a virtual appliance and agents or collectors installed on endpoints.
Group-IB
Privately held Group-IB was founded in 2003 and their global HQ is located in Singapore. Beyond FRIP services, Group-IB offers threat intelligence, Attack Surface Management, business email protection, and anti-piracy products. Group-IB Fraud Protection has functionality in compromised credential and device intelligence, UBA, behavioral biometrics, and bot detection.
Why worth watching
Group-IB Fraud Protection has advanced features in device intelligence, user behavioral analysis, behavioral biometrics, and bot management.
Hadrian
Hadrian is an early-stage startup that launched in 2021. They are based in Amsterdam, Netherlands. The Hadrian platform covers asset discovery and management, ASM, continuous automated red teaming, and exposure management. Hadrian’s platform is SaaS, and there are no agents available for on-premises installation. Subscription pricing is based on the number of uniquely identified assets.
Why worth watching
Hadrian offers out-of-the-box integrations with AWS, GCP, Jira, Slack, and ServiceNow. Hadrian supports REST API and Webhooks integration with external IT and security systems.
Halo Security
Privately owned Halo Security started up in 2013. The company is based in Miami Beach, Florida.
Why worth watching
In addition to its ASM platform, Halo offers integrated web application scanning, PCI-DSS compliance reporting, and penetration testing services.
IBM
IBM Corporation is a multinational technology and consulting company headquartered in Armonk, New York, USA. Founded in 1911, IBM has evolved from a computing hardware manufacturer into offering a broad range of software solutions, infrastructure hosting, and consulting services in such high-value markets as business intelligence, data analytics, cloud computing, virtualization, information security, and identity and access management. With a strong global presence and customers and partners across the globe, IBM is a major player in the market.
Why worth watching
Organizations that are looking for mature, highly scalable, and secure enterprise authentication solutions built on state-of-the-art micro-services architecture should put IBM on the list of solutions to consider.
IONIX
IONIX (formerly Cyberpion) launched in Israel in 2017. In 2023, the company rebranded as IONIX, a VC-funded startup focused on ASM and risk remediation.
Why worth watching
IONIX integrates with JIRA and ServiceNow for ITSM and Incident Management; Microsoft Sentinel and Splunk SIEMs; and Palo Alto Networks XSOAR. IONIX does not have integrations with commercial asset management, EPDR/XDR, or VMS at present. IONIX features are accessible via REST API.
JupiterOne
JupiterOne was founded in 2020 and is headquartered in Morrisville, North Carolina. Its product, JupiterOne, is a cyber asset attack surface management (CAASM) platform that provides visibility into the security of an organization’s cyber assets.
Why worth watching
JupiterOne supports REST API, GraphQL, and Webhooks. The solution has a large number of integrations covering application security, cloud infrastructure and workload protection, code management, UEM, EPDR, SIEM, IAM, ITSM, and VMS.
KELA
KELA is headquartered in Tel Aviv, Israel and has additional offices in London, Madrid, New York, Singapore, and Tokyo. The company was established in 2015 and is privately owned. In addition to serving the EASM market, KELA provides cyber intelligence for fraud prevention and law enforcement investigations. The solution is SaaS-based and agentless, but there are options for on-premises installation. Pricing is based on the number of concurrent users and sizes of customer organizations.
Why worth watching
KELA has integrations for Splunk SIEM and SOAR, Palo Alto Networks XSOAR, Threat Intelligence Portals, and Snowflake for Cybersecurity. Connectors for other IT and security systems can be coded by KELA’s customer success team or by customers themselves using the API.
Palo Alto Networks
Palo Alto Networks, founded in 2005 in Santa Clara, California, is the pioneer in Next Generation Firewall (NGFW) technology. Palo Alto Networks also offers endpoint security, SASE, SOAR, XDR, threat intelligence feeds, Cloud Native Application Protection Platform (CNAPP), and other security products.
Why worth watching
Palo Alto Networks has connectors for Axonius, ServiceNow, Sevco, and Venafi Asset Management; JIRA and ServiceNow ITSM; Brinqa Risk Management; IBM QRadar and Splunk SIEM; Cisco, Ivanti, Qualys, Rapid7, and Tenable VMS; and deeper integrations with other products in the Palo Alto Networks’ portfolio.
Panaseer
Panaseer was founded in 2014 and is headquartered in London, UK. Panaseer is a VC-funded company.
Why worth watching
Panaseer has about 40 connectors for Active Directory, Microsoft Azure, asset management, DLP, EPDR, XDR, VMS, and ITSM solutions.
Sweepatic, an Outpost24 Company
Sweepatic is a privately owned EASM specialist firm based in Belgium, founded in 2016 and acquired by cyber risk management vendor Outpost24 in 2023.
Why worth watching
Sweepatic has integrations with AWS, Azure, and GCP for cloud discovery; Axonius for asset management; Palo Alto Networks XSOAR; JIRA and ServiceNow ITSM and Incident Management; and Microsoft Teams and Slack for notifications.