Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More
For many zero-trust founders and their teams, their sales pipeline is now their financial lifeline. With venture funding cooling off in 2023, founders are re-evaluating and, in some cases, pushing back on the growth-at-all-costs mentality investors urged them to pursue just a few months ago.
A Crunchbase query completed today shows that 342 cybersecurity-focused startups founded in January 2021 or later received $1.85 billion in funding. Startups founded in January 2022 or later number just 122, with total funding of $450 million.
CB Insights’ The State of Venture in 5 Charts report is worth a read for anyone interested in the startup community. It quantifies the challenges all startup founders face, even those in hot areas like cybersecurity and zero trust. Startup founders tell VentureBeat that the days of profligate spending are over. There’s more oversight of investments and spending, and better controls on expenses.
>>Don’t miss our newest special issue: Data centers in 2023: How to do more with less.<<
Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.
VentureBeat’s analysis of the top 20 startups considers product strategies, customer recommendations, trending data on their market growth, and revenue growth, all aimed at finding the most resilient, exciting zero-trust startups to watch in 2023.
What it takes to lead a zero-trust startup today
VentureBeat recently spoke with Avery Pennarun, founder and CEO of Tailscale. Tailscale’s mission is to make private, multipoint WireGuard networks easy to use, scalable and secure for any organization. Before Tailscale, Pennarun was a senior staff software engineer at Google Fiber and cofounder of EQL Data Inc.
Asked what the most valuable lessons are for running a zero-trust startup today, Pennarun said his previous experience founding a startup during an earlier economic downturn helped prepare him for leading a startup today. “I think what I noticed [about] the sort of the startups that are forged in the days of plenty versus startups that are forged in the days of not-plenty is that it’s easier to survive if you’re a ‘not-plenty’ company. Suppose there’s lots of money to start. It’s pretty hard to turn it around.”
Pennarun continued, “Tailscale was cautious in its early days, avoiding the ‘grow at all costs’ mindset and operating in the ‘safe zone.'” He added that “the company is focused on providing bottom-up product-led growth, enabling the incremental addition of its zero-trust infrastructure solution to existing networks without requiring a redesign.”
As Tailscale operates at the networking layer, customers can deploy zero-trust connections to legacy and modern systems without requiring their infrastructure to be modified.
VentureBeat asked him for the advice he gives startup CEOs just getting started. He said finding new ways to get customers to love their product is vital, along with removing barriers to providing them with what they want. Tailscale’s product development is driven by individual engineers working closely with customers and solving their problems, aiming to make customers love their products.
Simplifying the customer experience is always essential. “The big conundrum with zero trust is how do you lock down access without bringing productivity to a screeching halt and overhauling your entire tech stack?” Pennarun said. “Tailscale is the zero-trust easy button enterprises have been looking for. Unlike other solutions, we work with your existing infrastructure so it can be set up within minutes — a powerful tool to protect against unauthorized access and data breaches.”
Today, TailScale launched Tailscale Enterprise, its next-generation zero-trust networking solution for enterprises. It supports enhanced network logging; custom identity integrations for Okta, Azure AD and Google; and customers’ OpenID Connect (OIDC)-compliant identity providers of their choice, including JumpCloud, Auth0, Duo and GitLab. The new release also supports SSH session recording, enabling Tailscale Enterprise to authenticate and encrypt SSH connections between devices.
Tailscale is one of our top 20 zero-trust startups to watch in 2023. Read on for the full list (companies are listed in alphabetic order).
Top 20 zero-trust startups to watch
1. Airgap Networks
What makes Airgap Networks noteworthy is the pace of innovation it continues to achieve while signing up new customers for its unique zero trust–based solution. One recent notable customer win is specialty retailer Tillys. Airgap’s Zero Trust Network Access Everywhere solution treats each identity’s endpoint as a separate microsegment, enforcing a granular context-based policy for every attack surface, thereby eliminating the possibility of lateral movement within the network. AirGap’s Trust Anywhere architecture also includes an autonomous policy network that immediately scales microsegmentation policies network-wide.
DevOps and security are combined in the Anitian SecureCloud platforms for compliance automation and enterprise cloud security, which speed up cloud security and compliance. Anitian’s pre-engineered and automated cloud application infrastructure platforms are designed to enable enterprises to go from application to cloud to production 80% faster and 50% cheaper. The standardized cloud platforms are built from the ground up for zero trust and provide a full suite of security controls preconfigured for rigorous security standards like FedRAMP, NIST 800-53, PCI, CMMC and SOC 2.
Authomize’s ITDR Platform protects organizations from identity-based cyberattacks. Authomize collects and normalizes identities, access privileges, assets and activities from cloud services, applications and IAM solutions to detect, investigate and respond to identity risks and threats. Authomize helps customers see actual access, achieve least privilege across cloud services and applications, secure their IAM infrastructure, and automate compliance and audit preparations.
4. Block Armour
Block Armour solutions, powered by software-defined perimeter (SDP) architecture and blockchain technology, help organizations consolidate cybersecurity investments, enforce zero-trust principles and defend against next-generation cyberattacks. Block Armour’s platform can be delivered on-premises or in the cloud, helping customers secure their rapidly evolving distributed and hybrid enterprise-IT environments while complying with local and industry regulations.
Elisity’s zero-trust access security solution emphasizes identity-based segmentation and least-privilege access based on Elisity Cognitive Trust, which combines zero-trust network access (ZTNA) with an AI-enabled, software-defined perimeter. Cognitive Trust is a cloud-native, cloud-managed and cloud-delivered solution for identity-based microsegmentation and least-privilege access of users, applications and devices (managed and unmanaged).
Infinipoint provides device visibility and real-time security posture assessments to assist enterprises in implementing zero-trust security frameworks. Its platform automates continuous device risk assessments, helping enterprises identify and mitigate threats and enforce zero trust across the enterprise.
7. Mesh Security
Mesh Security is the creator of the industry’s first zero-trust posture management (ZTPM) SaaS platform, providing a single source of truth to implement a unified ZTNA on top of existing stacks. Mesh maps a company’s entire cloud XaaS estate without agents, providing context, control and protection to the distributed networks enterprises rely on.
8. Myota Io
Myota is an acknowledged industry leader in zero-trust architecture, as its CyberStorage platform has proven effective in defending enterprises against a wide variety of attacks, including ransomware. Myota improves an enterprise’s cyber-resiliency by rendering data immutable to attacks, replacing compromised storage nodes and offering a better alternative to data backup and recovery solutions.
9. NXM Labs
NXM Labs is an industry leader in zero trust. Its own zero-touch security solutions are designed to automate IoT security, making it easy to develop and deploy networks at scale. NXM’s Zero-Trust 2.0 and Zero-Touch 2.0 security platforms are designed for embedded endpoint devices, automating and streamlining security management throughout the entire device supply chain and product life cycle.
Ory offers zero-trust security via Ory Cloud, utilizing its open-source identity, authentication and authorization solutions. Ory is an open-source security software company that combines identity management, authorization and access control in a globally distributed cloud network. Its comprehensive security offering solidifies its position as a leading zero-trust security startup.
The Resiliant identity credential access management (ICAM) system offers authentication and digital identity verification through its proprietary blockchain-based digital identity, the IdNFT. This proprietary technology uses advanced facial liveness detection to ensure that an individual is a natural person. Once authenticated, the individual can securely access the appropriate applications and services.
12. Sonet Io
Sonet Io is a cloud service that can enable secure zero-trust access from any device without requiring any agents to be installed. The architecture is based on its unique approach to zero trust defined in its Trusted Access cloud service. It’s noteworthy from a zero-trust perspective because of its adaptability and flexibility, allowing enterprises to control access to SaaS, web applications and servers, prevent sensitive data theft and monitor user activity from any device without requiring any software installations.
13. Surf Security
Surf Security’s chromium-based zero-trust browser prevents attacks while protecting user privacy to strengthen organizational security. The platform lets workers work whenever, wherever and however they want. Surf requires identity-first access to all SaaS and corporate assets through its centralized platform, ensuring zero trust is consistently achieved across all browser endpoints.
14. Symmetry Systems
Symmetry Systems is the cybersecurity industry’s first hybrid cloud data security platform that safeguards data at scale in AWS, GCP, Azure services and on-premises databases while supporting a data-centric zero-trust model. In November of last year, the company launched its zero-trust data assessments, leveraging insights from hundreds of cloud data security posture management assessments across various industries.
Tailscale provides the flexibility of creating a zero-trust networking solution to connect and secure devices anywhere directly. It relies on WireGuard-based “always-on” remote access to ensure its customers receive a consistent, portable and secure experience, regardless of location. Tailscale protects thousands of corporate networks and facilitates collaboration and access to critical resources. To date, over 2,000 organizations have deployed Tailscale, including Instacart, Duolingo and Mercari.
Tigera provides the industry’s only active security platform with full-stack observability for containers and Kubernetes. The company’s platform prevents, detects, troubleshoots and automatically mitigates risks of exposure and security breaches using zero-trust capabilities. Tigera delivers its platform as a fully managed SaaS (Calico Cloud) or self-managed service (CalicoEnterprise).
Founded by former IT executives from Bank of America and Goldman Sachs, TrueFort is designed to kill any lateral movement across the data center and cloud. TrueFort Cloud extends protection beyond network activity by shutting down any potential abuse or breaches of service accounts. Unauthorized access, data exfiltration and other threats are detected and prevented by real-time telemetry and analytics.
Known for its authorization platform, which is seeing strong traction in multicloud and hybrid cloud environments, Veza has proven its expertise in data lake security, managing cloud entitlements and improving privileged access.
Worldr creates zero-trust security products for existing collaboration and communications platforms. While the user experience was designed to be extremely simple and practical, the backend was architected to be deployable as if it were an in-house application. Worldr is a solution for larger companies, especially regulated ones, which may be unable to use third-party collaboration applications because of the threat to their data security and lack of compliance transparency.
20. Xage Security
With a strong focus on delivering zero trust into distributed, edge-to-cloud and industrial IoT environments, Xage Security is an acknowledged leader in applying zero trust across operational technology (OT) and IT environments. Xage’s Security Fabric is a comprehensive security platform that provides end-to-end protection for industrial IoT and OT networks that require zero trust to stay compliant and secure.
Zero trust will continue to attract startups
The rapid adoption ZTNA continues to experience across organizations will attract more startups in 2023 and beyond. Startups will capitalize on gaps in the market and bootstrap their growth rather than sacrifice equity to gain venture capital or become too dependent on outside investors to stay in business. Gartner predicts ZTNA will be the fastest-growing network security market segment worldwide. It’s forecast to achieve a 27.5% compound annual growth rate between 2021 and 2026, increasing from $633 million to $2.1 billion worldwide.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.