ArchiveBusinessOODA Original

The 2020 OODA Cybersecurity Watch List

Every year during the RSA season OODA provides an updated list of what we see as the tech firms with the greatest potential to disrupt the cybersecurity market and improve an organization’s ability to manage cyber risk. We base the firms we track in this list off of our own continuous market research and then use the activities around RSA to interview company leaders and other industry professionals to select the firms we believe warrant special focus by the community.

The resulting list can serve multiple stakeholders. Investors can find firms that have demonstrated good product-market fit and are good candidates for follow-on funding. CISOs can find companies that have demonstrated real disruptive technology potential and at least enough traction to prove they are worth considering. And larger tech firms can find interesting businesses worth tracking for potential partnering and, perhaps later in the firm’s lifecycle, for potential M&A.

What we are going for with this list is the unusual and the relatively unknown. We intentionally did not review some of the very exciting announcements by bigger players as those are widely known but rather focus on the emerging disruptive companies.

Note: The firms here are also tracked in the OODA Cybersecurity Market Tracker, which provides more detailed assessments on hundreds of key players in cybersecurity. For more insights on any firm in the cybersecurity market reach out to OODA for more information in how the tracker can support your due diligence or M&A initiatives.

We categorize these firms by the segments of our OODA Market Tracker based on a model used by our partner Boston Meridian.  Those categories include:

  • Network: Includes firewalls, IDS and high end packet based devices
  • Data Security: Methods to protect enterprise data
  • IAM: Includes directory services and methods to validate identity
  • GRC: All tools to ensure compliance and visualize risk and governance
  • Endpoint: Operating on devices
  • Operations: Helping to orchestrate and automate and collaborate for operations
  • IoT Security: security for distributed devices especially new IoT and IIoT
  • MSSP: Providing security as a service
  • Application Security: security over the full lifecycle of development and fielding
  • Security Analytics: Analysis over data and visualization of actionable results
  • Fraud Prevention: Wide ranging tools to detect and stop fraud
  • Threat Intelligence: Insights into adversary action and capabilities
  • Email Security: special tools for this most critical business application
  • Training: all aspects of user training and behavior improvement
  • Deception: Means to delay adversary action while monitoring them
  • Testing: Focused on continuous testing for security

Here are the companies that attracted our attention at RSA 2020.


  • Centripetal Networks allows companies to automate defensive actions from threat intelligence feeds and other key network intelligence.
  • Banyan helps secure the modern enterprise by delivering continuous Zero Trust Access for hybrid and multi-cloud environments. Modeled after the BeyondCorp architectural framework, Banyan’s Continuous Zero Trust Platform replaces legacy remote access VPNs with a least privilege, network independent, contextual remote access solution.
  • Odo provides a zero trust access platform gives security teams the control they need to deliver least-privilege access to internal resources (both on-prem and cloud-hosted), with minimal effort, maximum connectivity – and without compromising security and without the need for VPNs.
  • Zero Networks: Provides advanced controls to deny unauthorized access to a network or any devices under enterprise control.

Data Security

  • Armorblox uses natural language processing and deep learning to analyze content, context, and metadata on all business communications. Armorblox protects against targeted email attacks, prevents accidental or malicious data disclosure, and stops insider threats.
  • Atakama invented the third layer of defense. They are a data security platform. Unlike MFA and authentication-based encryption, Atakama uses distributed key, file level encryption that does not rely on passwords or servers. Without disrupting existing workflows, Atakama deploys within an existing security stack to ensure data is secured even when the network or cloud is compromised.
  • Kindite assembled a unique set of confidential computing technologies into a single data-protection platform, which ensures data is encrypted end-to-end, even while being processed. Furthermore, Kindite’s platform keeps the encryption keys within the organization’s trusted environment, creating a true zero-trust relationship with any infrastructure while maintaining full business continuity.
  • Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud. They show you all the ways data has been accessed and can be accessed in the future. Their platform delivers a complete risk model of all these identity and data relationships, including activity and movement across cloud accounts, providers, and data stores.
  • SplitByte Inc., Using next generation cryptography, SplitByte protects sensitive corporate data by allowing it to rest in pieces. Splitbyte secures sensitive information and delivers it only to the intended party. By splitting the data and then geo-dispersing it, they achieve a greater level of data protection.
  • QuintessenceLabs: Generate keys from quantum effects to quantum proof your critical data.
  • Immuta: Provides automated data governance and configuration control over algorithms.


  • Ermetic enables enterprises to mitigate identity-based threats to cloud data and resources. The solution leverages continuous visibility into identities, entitlements and usage, to power access policy definition and enforcement at scale. With continuous insight into business needs as well as risk, Ermetic makes granular, least privilege access a reality even in complex IaaS/PaaS environments.
  • LEVL Uses radio waves from phones for immutable authorization.


  • Ardent empowers enterprises to efficiently comply with data privacy regulations CCPA,GDPR and FISMA while reducing the enterprise risk. They provide nimble,easy to use and high speed data minimization solution to discover,identify, inventory,map and minimize personal data.
  • Concentric provides a Semantic Intelligence solution which mitigates risk by identifying business-critical documents that are overshared and at risk. They autonomously find the riskiest documents in the millions of contracts, source code files, personnel files, and strategic plans an organization owns. They do this without rules, complex policies or end user help and wherever the data resides.
  • Shujinko brings cloud compliance know-how together with automation to make compliance and audits fast and easy for our customers. Shujinko helps its customers confidently prepare for an audit by automating the vast majority of the technical controls that are error-prone to set up in a compliant way, as well as the evidence collection and documentation that takes thousands of hours to complete.
  • Balbix provides machine learning  for architecture optimization, threat response, and vulnerability mitigation/prioritization


  • Byos is an Endpoint Security Platform that provides an endpoint micro-segmentation solution that allows employees and devices to safely and securely connect to any network, regardless of their location or network environment. Byos lets IT teams deliver cost-effective security management to the highest risk, highest frequency remote employees and connected devices.
  • Sepio Systems focuses on rogue device mitigation. Stop any device from accessing corporate resources, including stopping any unauthoirized device from connecting to a corporate computer.


  • CloudVector is the first full-featured API Threat Protection (ATP) platform that provides Deep API Risk Monitoring and Remediation. CloudVector continuously discovers, monitors, and secures APIs across services and clouds with zero-impact to applications and provides complete coverage of application environments ranging from legacy applications, containerized, and server-less applications.
  • Delve provides a complete, automated, AI-Driven vulnerability management solution that includes Delve’s exclusive contextual prioritization to automate VM tasks. The solution includes discovery, scanning, web application security testing, our exclusive context-driven prioritization, and remediation planning in a single package for external and internal vulnerability operations.
  • Eclypsium is the industry’s leading enterprise firmware protection platform—providing a new layer of security to protect laptops, servers and network devices from firmware attacks. Eclypsium identifies vulnerabilities and defends against threats hidden within firmware that are invisible to most organizations today, ensuring devices remain safe in the supply chain, while deployed and during travel.
  • Wickr Pro provides enterprise grade secure collaboration and communication with fully featured file sharing, rooms, and integration APIs.  While not a new company, Wickr Pro continues to be the most reliable, effective, and secure communication tool in the OODA arsenal.
  • Infinipoint provides a cloud-based Endpoint Visibility and Control platform that enables enterprises of all sizes to easily manage their assets and align them with IT and security policies. It continuously discovers all assets – conventional endpoints, IoT, mobile and cloud workloads – and enables IT and security teams to see, query and control everything in real-time, at scale.
  • Ionate provides cyber security solution with AI-Ops and AI-Security for cloud-native : container firewalls, WAF for microservices, container and microservices vulnerabilities detection and prevention, security vault and anomaly and breach detection and prevention.
  • Jet Patch is an early-stage cybersecurity company offering an innovative cloud-based vulnerability remediation platform. Using advanced algorithms, intelligent workflow engine and machine learning capabilities, JetPatch reduces enterprise’s cyber risk by governing and automating the complex process of vulnerability patching, while achieving significant operational efficiencies and cost savings.
  • SpectX is a powerful log parser and query engine for investigating incidents. It creates a virtual view across raw log files from multiple sources like log servers, AWS, Azure, Hadoop, ELK, etc. Even if the data is volatile or broken, SpectX is a perfect tool for ad hoc queries, negative searches, going back years in time and making sense of data dumps. No data ingestion, unlimited volumes
  • PlexTrac is the premier purple teaming platform that provides a single interface through which red and blue teams may report and remediate security issues.
  • Polyverse develops leading-edge cyber-technology to build diversity across multiple system dimensions, increasing the complexity and cost for attackers and stopping cybersecurity attacks before they start. This technology is used by the US Government and Enterprise customers, embedded into devices and hardware, and built into security solutions.
  • Salt Security protects SaaS, Web and Mobile applications using big data and patented AI to address the OWASP API Security Top 10 and prevent the growing threat of API breaches. Deployed in minutes, you’ll automatically and continuously discover all APIs and exposed PII, prevent API breaches without configuration or customization, and eliminate vulnerabilities with prioritized, actionable insights.
  • Styra enables enterprises to define, enforce, and validate security across their cloud and Kubernetes environments. Our Declarative Authorization Service provides compliance guardrails based on dynamic business context, and implemented as policy-as-code. Styra’s simple graphical policy library lets Security and Devops teams mitigate risks, reduce human error, and accelerate development.
  • Devo aims to disrupt the SIEM market by incorporating advanced scaling and real-time analytics combined with machine learning to detect and manage advanced threats.
  • Scythe offers dramatically improved automation for red teaming and announced a marketplace for security researchers to monetize their exploits for use in security testing.
  • PFP prevents counterfeit technology and identifies unauthorized code on devices.
  • Iconiclasm moves malware reverse engineering into the close with advanced collaboration tools to allow for distributed analysis and team-based code analysis.

IoT Security

  • BotRx protects business websites, mobile applications, and IoT devices from the threat of automated bot attacks. Powered by artificial intelligence, behavioral analysis, and patented dynamic transformation technology, BotRx’s solutions deliver enterprise-grade bot detection and mitigation for all businesses – defending against credential stuffing, account takeover, content scraping, and more.
  • Acreto  provides advanced approach to security of all distributed devices.

Application Security

  • Build38 is an innovative provider of the next generation AI-based app protection and management platform. They deliver in-app protection, monitoring and app life cycle management technologies and protect apps and backend from known and unknown attacks. Can be easily integrated into any iOS and Android app.
  • BluBracket is a comprehensive security solution for code in the enterprise—so developers can innovate and collaborate. Using BluBracket, companies can view, monitor and secure their code, without altering developer workflow.
  • GitGuardian helps secure the vulnerability area caused by modern software development technologies and processes, and the rise of cloud and SaaS adoption. It has raised $12m from top-tier VC firms as well as GitHub co-founder, Scott Chacon, and Docker founder, Solomon Hykes. GitGuardian has already helped more than 100 of the Fortune 500 find exposed sensitive information on GitHub.
  • Isovalent builds open source technologies like eBPF and Cilium ( that are revolutionizing security for the era of modern microservices applications. Enterprises with the most demanding security requirements can have deep security visibility and enforcement based on application identity and API-awareness within their Kubernetes and other Linux-based microservices environments.
  • K2 provides a Next Generation Application Workload Protection Platform that protects web & binary applications from sophisticated attacks. K2’s deterministic approach eliminates false positives and provides runtime protection against OWASP top 10 attacks. Using proprietary OCFI technology to create a “DNA” map of each application, K2 provides exact location of vulnerability saving significant time and effort.
  • LevelOps is an application security platform that helps security teams manage the security lifecycle, across multiple products and from requirements to operations. Leverage LevelOps for visibility, governance, and automation at every stage.LevelOps integrates with existing tools in your SDLC and provides a way for security teams to scale, without compromising engineering velocity.

Security Analytics

  • Galaxie is an AI company with multiple use cases and an ability to serve multiple workloads, including cybersecurity workloads. See:

Threat Intelligence

  • Cyware Labs is a product-based cybersecurity provider. Cyware offers a full stack of innovative cyber fusion solutions for threat intelligence sharing, security automation, and threat response. Cyware’s solutions have enabled leading financial services, healthcare, energy organizations, ISACs, and MSSPs to automate threat intelligence workflows in their environment.
  • RiskIQ is a long-term leader is attack surface management and is now providing executive protection risk intelligence services.
  • Recorded Future: This is not a new company, but continues to innovate and we continue to track their capabiltiies. They have developed a platform that serves multiple security and IT operations functions including vulnerability management, incident response, hunt teams, strategic planning and security operations.

Email Security

  • Abnormal Security stops targeted email attacks. Abnormal Behavior Technology models the identity of both employees and external senders, profiles relationships and analyzes email content to stop attacks that lead to account takeover, financial damage and organizational mistrust. Abnormal sets up in minutes with Office 365 and G Suite, has no end-user friction, and does not disrupt email flow.


  • Elevate Security shifts the security training and awareness market towards the use of behavior change techniques and tailored metrics to reduce the human element of cyber risk.



  • Fuzzbuzz is a fuzzing platform and set of tools that enables dev & sec teams to effortlessly find severe bugs and vulnerabilities by integrating fuzzing into the SDLC. Fuzzbuzz saves developer time by eliminating false positives, ensuring bugs are never reintroduced, and automatically generating fuzz harnesses.


*Disclaimer.  The OODA LLC venture arm OODA Ventures has makes active investments in cybersecurity companies, including some covered in this report.  For more details, please visit


Bob Gourley

Bob Gourley

Bob Gourley is the co-founder and Chief Technology Officer (CTO) of OODA LLC, the technology research and advisory firm with a focus on artificial intelligence and cybersecurity which publishes Bob is the co-host of the popular podcast The OODAcast. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency.