Top 10 XDR software

Latest news about XDR software

2023. Okta snatches up security firm Spera for over $100M



Okta, a company specializing in identity and access management, is set to acquire the security firm Spera. This strategic move aims to enhance Okta's existing capabilities in identity threat detection and response (ITDR), providing customers with advanced technology to enhance their identity security, posture management, and the ability to identify, detect, and remediate risks effectively. The Spera platform offers tools for identifying silos in software-as-a-service and infrastructure applications, enabling the discovery of vulnerabilities across user populations. It also aids in prioritizing security issues based on regulations, attack vectors, and industry best practices. Beyond security benefits, Spera serves an additional purpose by assisting companies in reducing license costs through the identification and deactivation of dormant accounts.


2023. Microsoft 365 Defender is becoming Microsoft Defender XDR



Microsoft has integrated cloud workload alerts, signals, and asset information from Microsoft Defender Cloud into Microsoft 365 Defender - it's cloud-based service designed to help protect on-premise, cloud and hybrid environments. This integration now removes any infrastructure blind spots in an organization’s digital landscape. As part of this integration, the company is rolling out new correlations and content tailored to cross-workload correlations and cloud-specific content, giving you a richer, more contextual understanding of the threats, your organization faces. In the Defender portal, SOC analysts can now run end-to-end investigations if they’re faced with this type of cyberattack. They can monitor, triage, and investigate multicloud alerts across Azure, AWS, and GCP. This end-to-end prioritization of information and alerts streamlines the investigation process and greatly improves SOC efficiency. With the incorporation of cloud signals, the company has renamed Microsoft 365 Defender to Microsoft Defender XDR to better represent its capabilities that broadly span multiplatform and multicloud assets.

2023. Arctic Wolf acquires cybersecurity automation platform Revelstoke



Arctic Wolf, a cybersecurity firm, has acquired Revelstoke, a company specializing in the development of a Security Orchestration, Automation, and Response (SOAR) platform. This strategic acquisition enhances Arctic Wolf's platform, enabling it to swiftly and comprehensively detect and respond to cybersecurity attacks. Arctic Wolf's primary software consolidates data from a company's endpoints, cloud environments, and networks, offering a cohesive perspective on potential threats. Revelstoke's solutions complement this approach seamlessly. As a result, Arctic Wolf can now deliver advanced technology and profound security operations expertise to customers, simplifying SOAR outcomes and making them practically effortless for clients.


2023. Cybersecurity firm Lumu raises $30M to detect network intrusions



Lumu, a startup specializing in aiding enterprises in the detection and containment of security breaches, has secured $30M. Lumu distinguishes itself by its focus on identifying network threats and furnishing comprehensive information on compromised assets, detailing the timing and methods of compromises and offering specific response recommendations. Notably, Lumu enables customers to automate defensive actions through their existing cybersecurity tools and analyze up to two years' worth of network metadata for potential signs of suspicious activities. While Lumu's approach is valuable, it is not entirely groundbreaking, as several other vendors, such as Ordr (recently raising $40 million), Cyrebro, Darktrace, and Vectra (last valued at $1.2 billion), offer similar capabilities.


2023. CrowdStrike acquires Bionic.ai for $350M



CrowdStrike has acquired Bionic.ai — a security posture management platform for cloud services — for $350 million. Bionic.ai's primary function is to provide security teams with a comprehensive overview of a company's technology and IT landscape, helping them identify vulnerabilities. It's worth noting that Bionic.ai's annual recurring revenue (ARR) was below $10 million, a pivotal metric in the Software as a Service (SaaS) sector for assessing business performance. CrowdStrike primarily focuses on services related to endpoint security, threat intelligence, breach response, and it already offers its own security posture management service under the brand "Falcon." The acquisition of Bionic.ai is expected to provide CrowdStrike with an enhanced level of visibility and observability for security operations teams.


2023. Incident response management platform Rootly secures $12M



Rootly, an emerging startup dedicated to crafting a platform aimed at streamlining and automating companies' reactions to critical events like website outages, has successfully secured $12 million in a Series A funding round. Rootly's core mission centers around automating substantial portions of incident management and resolution processes. This encompasses activities ranging from orchestrating the collaboration of responders during an incident within the Slack communication platform, to suggesting potential subsequent steps for resolution. Notably, the platform exhibits the ability to autonomously generate status updates and post-mortem reports, aiding users in identifying interconnected incidents. Rootly operates within the context of a competitive landscape in the incident response software market, which was projected to hold a value of $29.21 billion in 2022, as reported by The Business Research Company. Among its peers, Rootly contends with other players such as FireHydrant and Blameless, as well as Incident.io, which secured a notable $28.7 million in venture capital funding the previous year.


2023. Gem Security wants to secure your cloud infrastructure, raises $11M



Gem Security, an Israeli-based startup focused on developing a cloud threat detection, investigation, and response (TDIR) platform, has emerged from stealth mode and recently announced a seed funding round of $11 million. Gem Security offers comprehensive support for major cloud platforms such as AWS, Azure, Google Cloud, and Kubernetes. The company aims to provide security teams with a unified and efficient tool to identify all their cloud assets and ensure real-time threat detection and contextualized alerts, thereby enhancing overall security. Additionally, Gem Security automates a significant portion of a company's cloud security operations, contributing to streamlined processes.


2022. GreyNoise to expand its threat intel collection after securing $15M in funding


GreyNoise Intelligence, a cybersecurity startup specializing in analyzing internet scanning traffic to assist organizations in distinguishing threats from the vast amount of internet "background noise," has successfully raised $15 million in Series A funding. The funding will be utilized to expand GreyNoise's threat collection capabilities and bolster its ability to safeguard organizations from emerging vulnerabilities. GreyNoise positions itself as an "anti-threat intelligence" company, functioning as a spam filter for internet threat alerts. Just as inboxes are inundated with unwanted emails and irrelevant messages, security operations analysts often face a barrage of never-ending and often inconsequential alerts. GreyNoise aims to alleviate this issue by providing effective filtering and prioritization of security alerts, allowing analysts to focus on meaningful threats.


2022. IBM acquires attack surface management startup Randori



IBM has recently announced its acquisition of Randori, a Boston-based startup specializing in offensive security. Randori combines attack surface management (ASM) with continuous automated red teaming (CART) to assist organizations in strengthening their cybersecurity defenses. ASM, which involves the ongoing discovery, inventory, classification, and monitoring of an organization's IT infrastructure, has become essential for businesses of all sizes. The pandemic-induced shift to remote and hybrid work has led to a significant increase in potential vulnerability points in hybrid cloud operating environments. According to ESG data, 67% of organizations have witnessed the expansion of their external attack surface in the past two years due to the growing adoption of cloud services, third-party platforms, and Internet of Things (IoT) devices.


2022. Seemplicity emerges from stealth with $32M to consolidate security notifications and speed up response times



Seemplicity, an Israel-based startup, has secured $32 million in funding as it emerges from stealth mode. The company aims to address the overwhelming challenge faced by DevOps teams in handling a deluge of data and alerts related to cyber attacks. Seemplicity offers a platform that orchestrates and analyzes these alerts, determining their relationships, urgency, and potential impact. By intelligently bundling and prioritizing the alerts, Seemplicity aims to streamline the response process and enable effective resolution, even by addressing underlying issues that may contribute to multiple alerts.


2022. Prelude raises $24M to help organizations harden their cybersecurity defenses



Prelude, positioning itself as the pioneering autonomous platform designed for continuous red-teaming, has recently secured $24 million in Series A funding. Prelude's primary objective is to bolster an organization's defense capabilities by consistently challenging and assessing critical assets. It achieves this by simulating denatured cyberattacks that adapt to the latest vulnerabilities and cyber events. By transforming complex technical descriptions into user-friendly, deployable questions, Prelude effectively fortifies an organization's security posture and enhances its ability to counter potential threats.


2022. Google is acquiring security intelligence firm Mandiant for $5.4B



Google has announced its acquisition of Mandiant, a security intelligence company, which will grant Google access to advanced security data gathering capabilities and a team of experienced security consultants. Following the completion of the acquisition, Mandiant will be integrated into Google Cloud. Mandiant is dedicated to ensuring the security of every organization against cyber threats and instilling confidence in their preparedness. The company's distinctive approach combines machine intelligence, adversary insights, and operational cyber threat intelligence to gain a comprehensive understanding of the attack lifecycle. This enables proactive protection against the pertinent threats that organizations may face, aligning with Google's commitment to enhancing security measures.


2022. McAfee Enterprise and FireEye are now called Trellix



In March, Symphony Technology Group (STG) acquired McAfee Enterprise for $4 billion, followed by the purchase of FireEye for $1.2 billion in June. After the merger of the two cybersecurity firms was completed in October, they were rebranded as Trellix. The new entity will concentrate on threat detection and response using machine learning and automation. Taking inspiration from the humble trellis, Trellix aims to develop "living security," a security technology that learns and adapts to safeguard operations from advanced threat actors. While Trellix encompasses most of McAfee Enterprise's offerings, the secure service edge portfolio, including cloud access security broker, secure web gateway, and zero trust network access, will be separated later this quarter.


2022. Hunters raises $68M for its security operations platform



Cybersecurity startup Hunters has successfully secured a significant Series C funding round amounting to $68 million. Hunters is at the forefront of assisting enterprises in replacing traditional Security and Information Event Management (SIEM) solutions with its advanced tools. Given the heightened sense of urgency in the market, it comes as no surprise that investors are eager to support companies like Hunters. This funding will enable Hunters to aggressively pursue the tremendous opportunity at hand and establish a strong presence before this window of opportunity closes. The presence of strategic investors such as Databricks, Cisco Ventures in this round, and Snowflake Ventures in the previous round further reinforces the significance and potential of Hunters' approach. With plans to develop a sales strategy similar to its successful partnership with Snowflake, Hunters is well-positioned to further expand its market presence and drive innovation in the cybersecurity landscape.


2021. Torq raises $50M for its no-code security automation platform



Torq, formerly known as StackPulse, is a security automation startup that operates on a no-code principle, and it has recently secured a $50 million Series B funding round. While no-code and low-code platforms have gained significant popularity, they are less common in the security domain. Torq, however, stands out by offering an intuitive graphical interface that enables security teams to automate routing workflows across various security products. Some notable organizations, including NS1, eToro, Armis, and Healthy.io, are already leveraging Torq's platform. While Torq shares similarities with Microsoft Power Automate in terms of workflow automation, it distinguishes itself by placing a strong emphasis on security.


2021. Attack surface management startup CyCognito raises $100M



CyCognito, a startup dedicated to mitigating cyber attacks, has successfully secured $100 million in Series C funding. While operating as an attack surface management company, CyCognito distinguishes itself from others in its field through its comprehensive approach. By employing machine learning-based attack surface management, it thoroughly assesses a company's range of assets, identifying potential security gaps. Notably, CyCognito is the pioneering company capable of automating security testing on a massive scale, encompassing millions of assets.


2021. Breach simulation startup AttackIQ raises $44M



AttackIQ, a cybersecurity startup specializing in breach and attack simulation solutions, recently secured $44 million in funding. AttackIQ offers an automated validation platform that executes various scenarios to identify any vulnerabilities in an organization's defenses. This empowers organizations to test and evaluate the effectiveness of their security posture and receive actionable guidance on addressing any weaknesses. In essence, AttackIQ's platform equips security teams with the ability to anticipate, prepare for, and proactively search for potential threats that could impact their business, ensuring they stay one step ahead of hackers.


2021. Cybersecurity company Arctic Wolf secures $150M



Arctic Wolf, a managed cybersecurity company renowned for its "security operations-as-a-concierge" service, has successfully raised $150 million in Series F funding. The company has experienced remarkable growth in the past year, primarily due to the challenging cybersecurity landscape intensified by the disruptions caused by the pandemic and the widespread adoption of remote working. Arctic Wolf offers 24/7 security monitoring services through its cloud security operations platform, catering to the needs of small and mid-sized organizations. The company's revenues have doubled thanks to rapid platform adoption, with nearly 60% of its 3,000 customers utilizing three or more of its security operations solutions. This accomplishment positions Arctic Wolf as the fastest-growing company at scale within the rapidly expanding cybersecurity market segment.


2021. Tines raises $26M for its no-code security automation platform



Tines, an automation platform that operates without the need for coding, has successfully secured a Series B funding round of $26 million. Tines is dedicated to empowering frontline employees by enabling them to prioritize essential business tasks and enhance their overall well-being. By automating manual workflows and increasing the efficiency, effectiveness, and engagement of existing teams, Tines aims to alleviate the burden of mundane tasks, commonly known as 'busy work.' The primary objective is to liberate analysts from the time-consuming nature of repetitive responsibilities, allowing them to redirect their efforts towards areas where they can make the most significant impact. Tines offers a wide range of pre-configured integrations with various business and security tools, and advanced users have the flexibility to connect with virtually any API, providing a comprehensive solution for diverse automation needs.


2021. Cloud cybersecurity startup Lumu raises a $7.5M



Miami-based cybersecurity startup Lumu has successfully secured $7.5 million in Series A funding. Lumu specializes in providing a cloud-based service that enables companies to proactively detect and respond to data compromises in real-time. The company's approach involves collecting and standardizing metadata from various network sources, including DNS queries, network traffic, access logs, perimeter proxies, firewalls, and spam box filters. By leveraging AI technology, Lumu correlates threat intelligence from these diverse data sources to identify confirmed points of compromise. In addition to assisting companies in preventing breaches, Lumu offers the capability to automate response actions, further enhancing their cybersecurity defenses.


2021. CYE raises $100M to help companies shore up their cyber-defenses



Israeli cybersecurity startup CYE has recently secured a funding round of $100M. CYE specializes in assisting companies in bolstering their security posture. A significant aspect of their approach involves conducting offensive operations, with the explicit consent of their customers, to identify vulnerabilities in their network defenses before malicious hackers exploit them. In addition to offering incident response and security consulting services, CYE provides its flagship product, Hyver. Hyver is a cloud-based cybersecurity optimization platform designed to enable organizations to comprehensively assess their entire network and assets. By leveraging Hyver, companies can regain control over their cyber resilience and fortify their defenses against evolving threats.


2020. FireEye acquires AI security expert Respond Software for $186M



Cybersecurity firm FireEye has completed the acquisition of Respond Software, a company specializing in assisting customers with security incident investigations and analysis, while reducing the dependency on highly skilled security analysts, who are often in short supply. FireEye was particularly interested in Respond's Analyst product, which will be integrated into its Mandiant Solutions platform. Similar to many companies in the industry, FireEye is leveraging machine learning to enhance its solutions and introduce automation in data analysis, enabling the identification of real security issues and the elimination of false positives. The acquisition provides FireEye with an immediate infusion of machine learning-driven software.


2020. Intezer raises $15M for its DNA-style approach to identifying malware code



Israeli startup Intezer has secured $15 million in funding for its innovative approach to malware analysis, inspired by the principles of DNA sequencing. Intezer refers to its technique as "genetic malware analysis," leveraging the understanding that all software, both legitimate and malicious, is composed of pre-existing code. By mapping out different malware and identifying code reuse and similarities, Intezer can effectively detect and counter new threats. Cybercriminals often reuse code for efficiency, but this practice also poses challenges for launching new attack campaigns. Starting from scratch becomes exponentially more difficult for them. Intezer's groundbreaking technology disrupts these efforts, enabling proactive measures against emerging threats.


2019. Cybersecurity automation startup Tines scores $4.1M



Tines, a startup based in Dublin, has secured $4.1 million in Series A funding. Tines specializes in enabling companies to automate specific aspects of their cybersecurity operations. By automating repetitive manual tasks typically encountered by security analysts, Tines allows them to redirect their focus towards other critical responsibilities. The company achieves this by employing six software "agents" that serve as versatile building blocks. Regardless of the specific process being automated, a combination of these six agent types, configured in various ways, can replicate the desired workflow.


2019. VMware acquired cybersecurity platform Carbon Black


VMware, a renowned technology company, has successfully acquired Carbon Black, a publicly traded security firm specializing in safeguarding contemporary cloud-native workloads. The acquisition price amounts to approximately $2.1 billion. Carbon Black offers essential security functionalities required for protecting modern applications and infrastructures. The strategic plan involves seamlessly integrating Carbon Black's cutting-edge cloud-native endpoint protection platform across all of VMware's control points. This remarkable initiative fulfills the long-standing expectations of the IT and security sectors, representing a significant milestone.


2019. Incident Detection and Response platform Confluera snaged $9M


Confluera, a startup focused on helping companies defend against a barrage of attacks, has announced a $9 million Series A investment led by Lightspeed Venture Partners. The company offers a solution that actively monitors the customer's infrastructure, identifies vulnerabilities, and provides recommendations to mitigate potential attacks. Leveraging its platform's comprehensive infrastructure visibility and leveraging security information from various sources, Confluera accurately determines the attacker's current location and suggests effective mitigation strategies. Although Confluera is in its early stages with only 19 employees and three current customers, it is poised to officially launch next week at Black Hat, a renowned cybersecurity event. Moving forward, the company will continue to enhance its product and demonstrate its efficacy in thwarting the recurring types of attacks we regularly encounter.