IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Six cyber security companies to watch in 2022

The companies breaking new ground in data retention, software development, training, risk management, and automation

Abstract image representing cloud cyber security showing a cloud with a keyhole in the middle in front of a yellow and blue circuit board background

This article originally appeared in issue 29 of IT Pro 20/20, available here. To sign up to receive each new issue in your inbox, click here

Post a call asking for industry experts – and their press teams – to share the innovative security tools they’re working on and you’ll get, shall we say, a varied response. Among them were a global certificate authority claiming to have fixed the “major obstacle to secure email” and a Californian enterprise announcing a platform expansion to protect data at the end-point device level. We even heard from a small business that’s developed a product with the same initials as Dance, Dance Revolution

Cyber security is saturated with increasingly desperate threats coupled with big names promising increasingly ingenious antidotes. However, whether it’s by harnessing artificial intelligence (AI) or bolstering cloud computing protections, much of this might be important incremental steps in cyber security, but far from revolutionary. 

With the threat escalating, we throw the spotlight onto six of the most exciting companies in this space with innovations that could shape the cyber security landscape in future.

Concourse Labs

Concourse Labs logo

Getty Images

Website link

The idea behind Concourse Labs’ principal product is that, in their words, it “encompasses the creation, enforcement, remediation, and life cycle of security, as code”. It’s based on the idea that security should be integral to software development, and treated like other forms of code.

With backing from large-scale venture capitalists like 83North, and part of the Amazon Web Services (AWS) marketplace, Concourse’s cloud-native application protection platform (CNAPP) lets chief information security officers (CISOs) visualise cloud risk.

The firm markets its platform as a way to “enforce security guardrails” amidst the onslaught of cyber threats facing runtime environments. This CNAPP platform offers protection across the full application lifecycle, security for apps, protection across diverse cloud environments, and rich security-as-code architecture.

Like many companies in this bracket, Concourse takes the, “let’s solve a foundational industry issue at the deepest level” approach. Part of what they hope to do is simplify security for both developers and security professionals, asking clients to ditch the command line interface (CLI) in favour of a graphical user interface (GUI).


the Lightspin logo
ExpertiseGraph security
Website link

Few tools are as ubiquitous on the technology landscape as code repository Github. That’s why Israeli firm Lightspin, founded in 2020 and recipient of a $20 million funding round last year, and their integration with Github to scan infrastructure as code (IaC) files, appears promising. 

Lightspin’s tool lets developers scan IaC files and find security flaws and infrastructure misconfigurations before these are deployed to production. The scanning component claims to give DevSecOps teams confidence in ensuring code is robust from the start of the development cycle, with its so-called prioritisation engine revealing attack pathways from build to runtime. 

Like many of the tools on this list, Lightspin’s goal is to find and fix issues before they start – what it calls a “shift-left” approach to security. It wants to get rid of the clutter that comes with security alerts, which is perhaps what put them on Forbes’ 2021 Top 20 Startups to Watch list. 


The Cyberhaven logo
ExpertiseData detection and response (DDR)
Website link

When I heard about a cyber security product called DDR, I couldn’t help but think of the staff at California-based Cyberhaven dancing around their offices at a frantic pace while simultaneously trying to protect personal data. Yes, I know it’s silly to compare an offering intended to provide a transformative approach to protecting intellectual property (IP) and user data, with a video game first released more than 20 years ago – and yet, here we are. 

What DDR actually stands for is Data Detection and Response, and Cyberhaven promises a platform that can allow a company – to give one example – to know when one of their employees is copying proprietary data onto a spreadsheet and uploading it to their personal machine. They call data loss prevention (DLP) tools like signatures and network perimeters “obsolete”. Indeed, Cyberhaven has published four separate white papers with more information on the concepts powering DDR, three of which tackle holes they believe are part and parcel with data loss prevention systems. The company prefers, instead, to organise on first principles that include gathering all the event data possible, building context for those events, and then moving onto policy implementation. 

XM Cyber

The XM Cyber logo
ExpertiseTracking attack pathways
Website link

Acquired less than eight months ago by Schwarz Group, Israel-based XM Cyber offers a platform called Attack Path Management (APM). Used by large-scale companies like Swisscom, the Hamburg Port Authority, and Lidl, the still-independent outfit focuses on predicting and managing risks before they happen. 

The platform lets organisations visualise pathways to their critical assets, and shines the light on hidden links between misconfigurations, flaws and overly permissive identities that might compromise assets. The most interesting part of APM is the functionality to visualise and simulate how an attacker might move through the business.

XM Cyber also claims the software as a service (SaaS) based platform is compatible with a range of hybrid cloud environments as well as third-party services. These include cloud infrastructure platforms like AWS, Microsoft Azure, Google Cloud and HashiCorp, as well as end-point security, ticketing, vulnerability management and SIEM platforms. A wealth of internal research, alongside a product that provides attack scenarios, risk reporting, and vulnerability prioritisation are all part of the reason XM Cyber’s sale fetched a cool $700 million. 


ExpertiseAPI protection
Website link

Here’s a question: what do the phrases ‘vulnerable’, ‘misconfigured’, and ‘logic abuse’ all have in common within a cyber security environment? According to 2020 startup Neosec, all three are issues facing application programming interfaces (APIs)

With $20.7 million in early funding secured in autumn 2021, Neosec says it’s reinventing API Security by providing a platform that integrates with a wide range of products, including AWS, Microsoft Internet Information Services (IIS), and Google Cloud. 

Neosec’s data analytics platform analyses an entire API dataset over 30 days, baselines behaviour, and understands usage over time. The platform then builds dynamic profiles for every entity in the API estate. The Neosec team says it applies extended detection and response (XDR) principles to API security to detect abuse and any potential security lapses.

Neosec offers a partnership model, which it says unifies security professionals and developers around the goal of delivering new features while heightening cyber security protections and protecting against flaws and behavioural abuse. 

AwareGO and mitigating the human risk

The AwareGO logo
ExpertiseCyber security training
Website link

With many cyber security companies offering ‘automated this’ and ‘person-less that’, the Icelandic AwareGO takes a different approach. They call people “the greatest asset in cyber security”, and in line with this theme, the company launched a human risk assessment platform for small and medium-sized businesses (SMBs) in May. 

Related Resource

Securing endpoints amid new threats

Ensuring employees have the flexibility and security to work remotely

Whitepaper cover with image of female employee working at home on laptopFree Download

From the company that’s also released cyber security awareness training tools, this platform allows clients to continuously track the risks associated with people across a broad range of threats. Human Risk Assessment measures and tracks employees’ cyber security knowledge and behaviour, generating a resilience score taking into account dangers like phishing, flexible working, passwords and physical security, among others.

As opposed to many other products in this space that purely identify and address issues without considering the human element, AwareGo includes small training videos that aim to boost employees’ baseline understanding of cyber security. Workers can also be tested in realistic and personalised scenarios. High-profile clients include Deloitte, Trend Micro and McLaren.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Most Popular

Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
Google is now spending a staggering amount on blockchain
Business strategy

Google is now spending a staggering amount on blockchain

17 Aug 2022
UK water supplier confirms hack by Cl0p ransomware gang

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022