Non Human Identity: I really like this space, i find it very intriguing, especially around autonomous token rotation. still learning a lot about both of these companies but I know companies like what they see from them both.
NOW ON TO CLOUD TECHNOLOGY:
ASPM / CTEM / UVM;RBVM : I don't know what to really call this space yet
1. Dazz - leading the way in the space, heavier focus on Vuln aggregation, prioritization, and automation for vulnerability remediation. I look at them almost like XDR+SOAR for the cloud. They are one of the few that do a great job Code to Cloud to On Prem. They have soild ASPM features but I don't know if they classify as an ASPM exactly. The market is still determining what ASPM actually even means.
2. ArmorCode - They are really strong. Scoring and reporting for ASPM is really great. Their leadership, vision, and investments into growth is showing. I would put them slightly behind Dazz. However, there are use cases where they may be a better fit.
3. Avalor - Used to really love them, bought by Zscaler, I am not sure what the long term innovation looks like but they are still strong player today as long as Zscaler doesn't run the cost up.
API Security:
1. Traceable: I like them the most in this space now, since No Name was acquired by Akamai. I really love what they are doing.
2. Salt: I will always have love for them, they were one of the first to start doing API security and they are strong player but I would argue that No Name and Traceable are still slightly above them.
3. No Name: I am never a fan of a company post acquisition. I just think companies tend to overthink and/or dont innovate the product into their organization as well as they should.
CSPM / CNAPP
1. Upwind: This is one of the most intriguing companies to me and a company that people rave about. I am curious to see more from them to give a better perspective but overall their messaging and technology is getting the DevSecOps people excited. They operate in run time and extend into different areas.
2. WIZ: we have all heard of them. Their growth and execution reminds me a lot of Palo Alto Networks
3. Orca: After Wiz turned down Google's offer. I wouldn't be surprised if Google goes after them. They are without a doubt the second best option behind Wiz.
DSPM: There are others out there but dig got acquired by palo and Laminar by Rubrik.
1. Cyera: I would argue that Cyera is the best DSPM on the market. Their growth, market capitalization, and innovation continues to lead the way for most people.
2. Sentra: I really like them as a good competitor to Cyera I think both have a really strong go-to market messaging.
- Normalyze: They demo really well and people talk highly of them. I am still learning about them but I do know quite a few people that do have it.
AppSec: This space just has not changed much in years*,* the standard players are still holding strong.
SAST: SNYK, Veracode, Checkmarx, Synopsis, Mend, Sonatype
DAST: Veracode, Checkmark, Synopsis, Mend
SCA: SNYK, Veracode, Checkmark, Synopsis, Mend