The top 10 security companies helping Amazon Web Services customers protect their data, according to security and IT professionals
- Helping Amazon cloud customers with cybersecurity is a lucrative opportunity for Silicon Valley.
- Analysts say the new CEO is likely to beef up AWS’s own security products — a potential risk to partners.
- Here are the top cybersecurity companies and products in the AWS ecosystem, according to review site G2.
- See more stories on Insider’s business page.
In the cloud world, security threats are constant and ever-evolving: A recent Sophos survey found that 70% of companies using Amazon, Microsoft, and Google’s clouds had been breached in the last year. That means more tools are required to maintain companies’ security approach, and those tools are becoming more sophisticated, powerful, and abundant.
With the cloud security market expected to grow to anywhere from $9 billion to $200 billion within the next few years — depending which analyst estimate you go by — dozens of startups and large security companies have emerged over the past decade. The need has only gotten more urgent in the wake of large-scale incidents like the SolarWinds supply chain hack, which saw government agencies and businesses alike left vulnerable to state-backed hackers.
From specialized products to all-encompassing security platforms, these companies also serve certain segments of the cloud market — some focused on a specific cloud provider like Amazon, or, increasingly, partnering with all three major cloud players as well as legacy giants like IBM and Oracle.
But as the market leader, Amazon Web Services is still the one to beat, and the one that most startups and companies want to partner with, analysts said. With new AWS CEO Adam Selipsky set to join the company in a little over a month, analysts have told Insider that security is an area where it could beef up its own offerings.
However, the $51 billion cloud infrastructure leader will face the same challenge as archrival Microsoft and others before it: As it grows its own body of security products, it will potentially pose a competitive risk to these same partners who as serve customers on the AWS platform itself.
G2, a site where technology professionals can review the software they use, scores vendors and products using reviews and data from online sources and social networks. The site uses what it calls a “unique algorithm” to calculate customer satisfaction and market presence scores based on that data.
Insider looked at the highest-rated cloud security products that work with AWS in G2’s “Cloud Security Software” category — giving a look at the most prominent cybersecurity companies in Amazon’s cloud ecosystem.
The companies listed are the top-rated product, based on user satisfaction, within each subcategory under that header, and range from data security to helping protect against distributed denial-of-service (DDoS) attacks. Notably, the list includes a mix of relatively small startups, more established players, and even products from often-rivals like Google.
Here are the top 10 security companies that built their business on Amazon Web Services or integrate with its platform, according to security and IT professionals who rated their products on G2.
Market cap: $1.54 trillion
Rating: 4.9/5 stars
Product: Google Apigee Sense
G2 user satisfaction score: None
Category: API Security Software
Google, the tech giant whose cloud platform goes up against AWS, bought the startup Apigee for $625 million in 2016 to bolster its cloud offering.
Now integrated with Google’s services, Apigee offers an application programming interface (API) management platform, and the Apigee Sense product secures APIs against bot attacks and identifies suspicious API activity. In a further sign of Google pushing its multi-cloud message, Apigee works with Google Cloud, AWS, and Microsoft Azure.
Customers on G2 praised Apigee Sense for its strong design and protection against API attacks. One customer, a web analyst, called Apigee Sense a great option for companies without a security team. But, a customer in government administration criticized false positives in the product’s behavior detection, and others said there was a learning curve in getting started.
Market cap: $198.1 billion
Rating: 4.5/5 stars
Product: CloudSOC Cloud Access Security Broker
G2 user satisfaction score: 90/100
Category: Cloud Access Security Broker (CASB) Software
Purchased by chipmaker Broadcom in 2019, Symantec’s enterprise security offerings are now under its new owner’s umbrella, including its CloudSOC product. The CloudSOC product secures cloud applications and provides visibility, data security, and threat protection on AWS, Microsoft Azure, and Google Cloud.
Customers on G2 found the CloudSOC product easy to use and configure, and praised the support team’s assistance. One customer, an administrator, said the product provided a granular level of detail on issues. But others found the product performed too slowly at times, and doesn’t easily integrate with other Symantec tools.
Valuation: $2.14 million (according to PitchBook)
Rating: 4.8/5 stars
G2 user satisfaction score: 97/100
Category: Cloud Compliance Software
San Francisco-based Vanta was founded in 2017 and raised a $2.95 million seed round in 2018, according to PitchBook. The startup works with AWS, Azure, and Google Cloud, and helps simplify the process of compliance with standards like SOC 2. It also gathers information from customers’ cloud services for security audits.
One customer on G2, an IT administrator, praised Vanta for its simplicity and automated monitoring and notifications. Another customer, an engineer, appreciated that Vanta requires only limited access to customers’ accounts. But others found the product’s features for managing employees lacking, and some said the user interface could be improved.
Market cap: $15.61 billion
Rating: 4.5/5 stars
Product: CloudGuard Dome 9
G2 user satisfaction score: 81/100
Category: Cloud Data Security Software
Founded in 1993, Check Point is based in Tel Aviv, Israel and San Carlos, California. The nearly three-decade-old company’s annual revenue is $2.1 billion. Its CloudGuard product works with AWS, Microsoft Azure, and Google Cloud, and helps companies take stock of their cloud security and enforce best practices and compliances.
One customer on G2, a consultant, said CloudGuard provides “complete visibility” of AWS and Azure accounts, and enables customizable queries for incident detection. Another customer praised the product for its ease of use. But others criticized CloudGuard for its added complexity with additional configurations, and some who utilize multiple cloud providers found the product too focused on AWS.
Market cap: $21.89 billion
Rating: 4.4/5 stars
Product: DDoS Protection
G2 user satisfaction score: 71/100
Category: Cloud DDoS Mitigation Software
Founded in 2009, San Francisco-based Cloudflare went public in 2019. With a revenue of $431 million, Cloudflare protects websites from distributed denial-of-service (DDoS) attacks, which target the traffic of a server, service, or network. It works with AWS, Microsoft Azure, and Google Cloud. At the time it launched a privacy tool to take on Google Analytics last year, CEO Matthew Prince told Insider that Google’s tracking is “just creepy.”
Customers on G2 praised Cloudflare’s product for being flexible enough to use within small organizations, and others found it reliable — offering peace of mind to administrators and security teams. Still, other customers criticized Cloudflare for showing false positives, and for its cost.
Valuation: $39.9 million (as of 2016, according to PitchBook)
Rating: 4.8/5 stars
Product: Cloud Email Security
G2 user satisfaction score: 96/100
Category: Cloud File Security Software
New York-based Avanan was founded in 2014 and has raised $41.1 million. Its latest round was a $25 million Series B in 2018. The company’s cloud email security product blocks phishing and malware attacks on employee email accounts, and secures cloud software like Slack and Office 365. Avanan also has a cloud security offering for AWS, Microsoft Azure, and Google Cloud, with malware detection, file scanning, and security audits.
One customer on G2, an IT manager, found Avanan’s product competitively priced and easy to use. Others liked Avanan’s real-time notifications and praised its email security service. But, some criticized its AI capabilities, and said the product lacked a better way of sorting alerts.
Valuation: $480 million (according to PitchBook)
Rating: 4.5/5 stars
Product: Sysdig Platform
G2 user satisfaction score: 89/100
Category: Cloud Security Monitoring and Analytics Software
San Francisco-based Sysdig was founded in 2013 and has raised $191.5 million. Its latest round was a $70 million Series E last January, and CEO Suresh Vasudevan previously told Insider the “vast majority” of its sales are from large enterprises.
Its product secures containers on AWS, and specifically the open source Kubernetes software, and provides monitoring, security, and regulatory compliance. It integrates with a dozen AWS products, including Security Hub and CloudWatch, and also works with Azure, Google Cloud, and IBM Cloud.
One Sysdig customer on G2, a software engineer, found its product easy to set up, and others praised its dashboards and visualizations. However, some took issue with the same dashboards returning errors, and certain data being prone to misinterpretation.
Valuation: $1 billion (according to PitchBook)
Rating: 4.6/5 stars
G2 user satisfaction score: 93/100
Category: Cloud Workload Protection Platforms Software
Lacework has raised nearly $600 million since it was founded in 2015, and its latest funding was a $525 million Series D in January — one of the largest cybersecurity funding rounds of the past year.
The San Jose, California-based company secures cloud workloads (a blanket industry term for web servers, databases, and applications) and containers (a way of packaging software to ensure it works from a developer’s laptop to the cloud), and helps provide compliance with data privacy regulations for AWS, Azure, and Google Cloud.
One customer on G2, an engineering director, said they “can’t imagine managing infrastructure security and compliance without Lacework,” and others compared using Lacework to the equivalent of hiring six team members. But, some took issue with certain user interface errors, and criticized the lack of integration for logging.
Market cap: $45.38 billion
Rating: 4.7/5 stars
Product: Falcon: Endpoint Protection
G2 user satisfaction score: 94/100
Category: Extended Detection and Response (XDR) Platforms Software
California-based CrowdStrike was founded in 2011 and went public in 2019. Its annual revenue is $874.4 million. CEO George Kurtz recently gave Senate testimony on how the company helped SolarWinds recover from its breach — and analysts expect CrowdStrike to perform well in the aftermath of that breach.
Though CrowdStrike also integrates with Microsoft Azure and Google Cloud, it has been described to Insider as a potential buy for AWS because of the strength of their partnership. Its Falcon product monitors AWS workloads and protects against malware on computers and devices.
One security manager on G2 said the Falcon platform provides “peace of mind,” and others praised its low performance impact and customizable reports and dashboards. But, one IT pro took issue with the lack of updates for Apple’s macOS, and a security engineer found the product overly complicated.
Valuation: $5.27 billion (according to PitchBook)
Rating: 4.3/5 stars
G2 user satisfaction score: None
Category: Service Mesh Tools Software
Founded in 2012, San Francisco-based HashiCorp has raised $349.2 million and its latest round was a $175 million Series E last March. CEO Dave McJannet recently told Insider the company racked up unprecedented Q4 revenue due to pandemic-driven demand for cloud automation. Its Consul product provides cloud networking automation for AWS, Microsoft Azure, and Google Cloud.
Customers on G2 praised HashiCorp’s Consul for its extensive user interface and said the product is simple to maintain and works well for developers. Others, however, criticized Consul for lacking a wider community of users and found initial configuration difficult in larger IT environments.
Source: Read Full Article