They Pitch, We Test
You Decide

The only analysts who implement products before reviewing them. Our research is accurate, honest, and actionable.

337+
Verified Vendors
29
Categories
3
Community Reviews
6
Updated Recently
Wiz

Wiz is the leader in having an all-in-one cloud security platform by expanding into CTEM, ASPM, and Runtime capabilities all within a single dashboard. Their posture and vulnerability capabilities remain the strongest, while there are better standalone code and runtime vendors out there.

CNAPPASPM
Hot Right NowHands-on
Amazon

Every organization using AWS should absolutely turn on GuardDuty as their first cloud security step. They provide awesome base level protections and detections at a low price. An especially amazing check the box runtime protection tool.

CNAPPCDRKubernetes Security
Hands-onIncluded
Oligo Security

Oligo Security offers amazing application layer insights as part of a CADR platform. They baseline application library activities at a function level, and can detect either malicious deviation, or the execution of known vulnerable functions. They offer about the best runtime protection you can get on a workload.

CADRADR
Hot Right NowInvestment Opportunity
Aikido

Aikido provides everything the average startup to mid-market company needs for security in a box - every code and cloud security scanner under the sun without much feature compromise, alongside a surprisingly robust runtime application solution for things like bot prevention. A no-nonsense replacement for a lot of more "specialized" solutions that tend to slow developers down.

ASPMCSPM
Hot Right NowInvestment Opportunity
Upwind

Upwind has built CNAPP from the ground-up around runtime insights provided from a network focused endpoint agent. They provide unique features like API security, alongside vulnerability prioritization and scanning, and the more generic CNAPP feature sets.

CNAPPCADR
Hot Right NowOpen Source
Sysdig

Sysdig created the first runtime cloud protection tool with the open source project Falco, and has since built a trusted, enterprise ready, runtime oriented CNAPP platform. The tool is strongest at runtime protection, but offers the standard suite of CNAPP features, and is especially a good choice for regulated industries.

CNAPPCADR
Open SourceHands-on
Exaforce

Exaforce is building an AI first SOC platform that can serve as an augment to your existing SOC via agentic capabilities, a SIEM replacement or augment via its data lake, as well as offering MDR capabilities via a managed offering.

AIMDR
Hot Right NowInvestment Opportunity
Cloudflare

Cloudflare is the traditional leader in API for good reason. They offer great in depth protection that is quick to respond to threats. The platform has grown overly complex for simple use cases.

API Security
Hands-onNerdyBest for Enterprise
Raven

Raven has built a comprehensive runtime oriented ADR solution that can detect function executions from packages being exploited. This empowers them to detect application layer attacks, create prioritization based on what functions are being used, as well as virtual patching to prevent vulnerability exploitation.

ADRSCAContainer Vulnerability
Hot Right NowInvestment Opportunity
Cycode

Cycode offers a holistic all-in-one ASPM tool with their in house scanners alongside the ability to import third party findings. They offer about every scanner and feature you could need out of an AppSec tool.

ASPMCSPM
Hot Right NowInvestment Opportunity
Prompt Security

Acquired by SentinelOne. Prompt Security offers comprehensive solutions for LLM security. They have both corporate IT visibility with their browser plugin, alongside application visibility with API, SDK, and reverse proxy options. You can also trace user sessions and detect/redact/block numerous types of data and attacks.

AI
AcquiredHot Right Now
Lasso

Lasso offers a combination of solutions to offer governance over AI solutions - from plugins to endpoint agents for monitoring and blocking.

AI
Hot Right NowInvestment Opportunity