Field index
Vendors
The companies behind the tools — decades-old giants, private-equity roll-ups, and bootstrapped upstarts alike. Filter by size tier to see who’s building for enterprises versus who’s building for lean teams.
140 of 140 vendors
Abnormal AI
San Francisco, CA, USA
Behavioral AI email security vendor that baselines normal communication patterns to catch business email compromise and payload-free social engineering; renamed from Abnormal Security to Abnormal AI in April 2025, and independent and VC-backed, valued at $5.1B after an August 2024 Series D.
1 tool in portfolio
Acronis
Schaffhausen, Switzerland / Singapore
Integrated backup and cyber protection vendor built for MSPs, combining data protection with anti-malware and behavioral ransomware defense in a single agent.
1 tool in portfolio
Aikido Security
Ghent, Belgium
Consolidated application security platform aggregating SAST, SCA, secrets, container, IaC, and cloud scanning behind one interface aimed at small engineering teams; independent and VC-backed, reaching unicorn status in January 2026.
1 tool in portfolio
Akamai Technologies
Cambridge, MA, USA
One of the original content delivery network operators, now a broad security and cloud computing platform; DDoS mitigation is sold under the Prolexic brand acquired in 2014.
2 tools in portfolio
Amazon Web Services
Seattle, WA, USA
Amazon's cloud infrastructure and platform services division, spanning compute, storage, and a broad built-in security portfolio including key management, identity, and threat detection services.
1 tool in portfolio
Anomali
Redwood City, CA, USA
Threat intelligence platform vendor (founded as ThreatStream, renamed in 2016) that aggregates, deduplicates, and operationalizes intel feeds, expanding into AI-driven security analytics; independent and VC-backed.
1 tool in portfolio
AppViewX
New York, NY, USA
Certificate lifecycle automation and machine identity management via the AVX ONE platform; majority-acquired by Haveli Investments in a deal completed in 2025.
1 tool in portfolio
Aqua Security
Ramat Gan, Israel / Burlington, MA, USA
One of the original container security vendors, now selling the Aqua Platform CNAPP and stewarding the open-source Trivy scanner; independent and VC-backed.
2 tools in portfolio
Backblaze
San Mateo, CA, USA
Low-cost cloud backup and B2 object storage provider (NASDAQ: BLZE) known for flat-rate unlimited computer backup; went public in 2021.
1 tool in portfolio
Barracuda Networks
Campbell, CA, USA
Security vendor for small and mid-sized organizations spanning email, application, and network protection; a KKR portfolio company since KKR acquired it from Thoma Bravo in a deal that closed in August 2022.
1 tool in portfolio
BeyondTrust
Johns Creek, GA, USA
Privileged access management and secure remote access; the current company was formed via the 2018 Bomgar–BeyondTrust merger and is PE-owned.
1 tool in portfolio
BigID
New York, NY, USA
Data discovery and classification platform spanning security, privacy, and AI governance use cases under one data catalog; independent and VC-backed, valued above $1B since a March 2024 Series E.
1 tool in portfolio
Binalyze
Tallinn, Estonia
Digital forensics and incident response automation company whose AIR platform collects and analyzes forensic evidence from endpoints at enterprise speed; independent and VC-backed.
1 tool in portfolio
Bitdefender
Bucharest, Romania
Antimalware and EDR technology widely OEM'd across the industry, plus the GravityZone business endpoint platform; founder-owned and bootstrapped.
1 tool in portfolio
Broadcom
Palo Alto, CA, USA
Semiconductor and infrastructure software conglomerate whose security portfolio centers on the Symantec enterprise business acquired in 2019 and VMware acquired in 2023.
2 tools in portfolio
Censys
Ann Arbor, MI, USA
Internet intelligence company spun out of University of Michigan research, continuously scanning the whole internet to power its search engine and attack surface management products; independent, raising $70M in 2026.
1 tool in portfolio
Check Point Software Technologies
Tel Aviv, Israel / San Carlos, CA, USA
One of the original firewall vendors, now a broad security platform spanning network, cloud, and endpoint protection under the Check Point Infinity architecture.
3 tools in portfolio
Checkmarx
Ramat Gan, Israel
Application security testing vendor built around the Checkmarx One platform (SAST, SCA, API security); majority-owned by Hellman & Friedman since a 2020 deal, and — since hiring the ZAP core development team in September 2024 — the primary corporate steward of the independent open-source scanner ZAP by Checkmarx.
2 tools in portfolio
Cisco
San Jose, CA, USA
Networking giant with a broad security portfolio spanning the Duo access-security line acquired in 2018 and the Splunk observability and security analytics business acquired in 2024.
3 tools in portfolio
Cloudflare
San Francisco, CA, USA
Global network operator whose edge spans CDN, DNS, DDoS mitigation, and zero trust access, sold together under the Cloudflare One umbrella.
3 tools in portfolio
Cohesity
San Jose, CA, USA
Data security and backup platform that expanded its enterprise protection portfolio through the 2024 acquisition of Veritas's data protection business.
1 tool in portfolio
Commvault
Tinton Falls, NJ, USA
Publicly traded cyber resilience and data protection vendor; incorporated independently in 1996 from technology with Bell Labs roots dating to 1988, now centered on the Commvault Cloud platform.
1 tool in portfolio
Corelight
San Francisco, CA, USA
Open network detection and response built on the Zeek framework created by its founders, delivered as physical, virtual, or cloud sensors.
1 tool in portfolio
CrowdStrike
Austin, TX, USA
Cloud-native endpoint, identity, and cloud protection via the Falcon platform.
3 tools in portfolio
Cyera
New York, NY, USA
Data security posture management platform converging data discovery, classification, and identity/access context into what it markets as a "trust layer" for the AI era; independent and VC-backed, reaching a $12B valuation in a June 2026 funding round.
1 tool in portfolio
Darktrace
Cambridge, UK
AI-driven detection and response across network, cloud, email, and OT environments via the Darktrace ActiveAI Security Platform; taken private in an all-cash acquisition by Thoma Bravo that closed in October 2024.
1 tool in portfolio
Datadog
New York, NY, USA
Cloud observability platform (NASDAQ: DDOG) that has expanded sideways into security, selling SIEM, cloud security, and application security products on the same agent and data platform DevOps teams already run.
1 tool in portfolio
Deciso
Middelharnis, Netherlands
Dutch network security company and creator of the open-source OPNsense firewall, first released in 2015 as a fork of pfSense/m0n0wall.
1 tool in portfolio
Delinea
San Francisco, CA, USA
Privileged access management formed from the merger of Thycotic and Centrify; majority-owned by Silver Lake.
1 tool in portfolio
DigiCert
Lehi, UT, USA
Digital trust provider and one of the world's largest public certificate authorities, spanning public TLS certificates, PKI, and certificate lifecycle management; PE-owned.
1 tool in portfolio
Drata
San Diego, CA, USA
Continuous compliance automation platform for frameworks like SOC 2 and ISO 27001, competing directly with Vanta on control monitoring and audit evidence collection; independent and VC-backed, valued at $2B in its December 2022 Series C.
1 tool in portfolio
Druva
Santa Clara, CA, USA
SaaS-native data protection vendor delivering fully managed, agentless backup and recovery entirely from its own isolated cloud.
1 tool in portfolio
Elastic
Amsterdam, Netherlands / Mountain View, CA, USA
Company behind Elasticsearch and the Elastic Stack (NYSE: ESTC), selling search, observability, and security analytics on one data platform; re-added the OSI-approved AGPL as a source-license option in 2024 alongside its own Elastic License.
1 tool in portfolio
Endor Labs
Palo Alto, CA, USA
Software composition analysis platform built around reachability analysis, aiming to cut dependency-vulnerability noise down to what an application actually invokes; independent and VC-backed, with a $93M Series B in April 2025.
1 tool in portfolio
Eramba
London, UK / Bratislava, Slovakia
Small, privately held company behind the eramba GRC platform, offering a free-to-use Community Edition under a custom non-redistributable license alongside paid Enterprise tiers.
1 tool in portfolio
ESET
Bratislava, Slovakia
Long-running privately held European vendor of endpoint protection, EDR, and encryption for businesses and consumers.
1 tool in portfolio
Exabeam
Foster City, CA, USA
SIEM and behavior-analytics vendor that merged with LogRhythm in July 2024 under Thoma Bravo's orchestration, keeping the Exabeam name while continuing to sell and develop the LogRhythm SIEM line.
1 tool in portfolio
ExtraHop
Seattle, WA, USA
Network detection and response through decryption and analysis of east-west traffic; taken private by Bain Capital Private Equity and Crosspoint Capital Partners in 2021.
1 tool in portfolio
F5
Seattle, WA, USA
Application delivery and security vendor (NASDAQ: FFIV) spanning load balancing, WAF, and API security, sold as both the on-prem BIG-IP/NGINX lines and the SaaS-delivered F5 Distributed Cloud Services; acquired API security startup Wib in 2024.
2 tools in portfolio
Filigran
Paris, France
French company behind the open-source OpenCTI threat intelligence platform and OpenBAS breach-simulation project, selling enterprise editions and hosted versions of both; VC-backed with roughly $125M raised.
1 tool in portfolio
Flashpoint
New York, NY, USA
Threat intelligence vendor specializing in visibility into illicit online communities — cybercrime forums, ransomware operations, fraud markets; majority-owned by Audax Private Equity since 2021.
1 tool in portfolio
Forcepoint
Austin, TX, USA
Data-first security vendor (DLP, web, and cloud app security) owned by Francisco Partners since 2021; sold its Global Governments and Critical Infrastructure unit to TPG in 2023.
2 tools in portfolio
Fortanix
Santa Clara, CA, USA
Confidential-computing-based data security vendor selling key management, tokenization, and secrets management through its Data Security Manager and unified Armor platform; independent and VC-backed.
1 tool in portfolio
Fortinet
Sunnyvale, CA, USA
Network security hardware and software spanning next-generation firewalls, SD-WAN, and SASE, built around the custom-silicon FortiOS platform.
2 tools in portfolio
GitHub
San Francisco, CA, USA
Software development and collaboration platform whose security line, GitHub Advanced Security, was unbundled into standalone SKUs — GitHub Code Security and GitHub Secret Protection — in April 2025; a wholly owned Microsoft subsidiary since its 2018 acquisition.
2 tools in portfolio
GitLab
San Francisco, CA, USA
All-remote DevSecOps platform combining source control, CI/CD, and integrated security scanning in one product; publicly traded on Nasdaq (GTLB) since its 2021 IPO and, as of mid-2026, still independent despite recurring acquisition speculation.
1 tool in portfolio
Google Cloud
Mountain View, CA, USA
Alphabet's cloud computing division, offering infrastructure and platform services alongside a native security portfolio spanning key management, workload identity, and (since 2026) the acquired Wiz cloud security platform.
4 tools in portfolio
Greenbone
Osnabrück, Germany
German vulnerability management company (Greenbone AG) that maintains the open-source OpenVAS scanner and sells enterprise appliances and a commercial feed on top of the free Greenbone Community Edition.
1 tool in portfolio
Harness
San Francisco, CA, USA
AI-native software delivery platform (CI/CD, feature flags, cloud cost management) that absorbed Traceable AI's API security and observability technology through a March 2025 merger, continuing to sell it as "Traceable by Harness" within its DevSecOps line.
1 tool in portfolio
HashiCorp
San Francisco, CA, USA
Infrastructure automation and secrets management (Vault, Terraform); a wholly owned IBM subsidiary since 2025.
1 tool in portfolio
HCLSoftware
Noida, India
Enterprise software division of HCLTech, formed to house a set of products acquired from IBM for $1.8B in 2019, including the AppScan application security testing suite it continues to develop.
1 tool in portfolio
Hoxhunt
Helsinki, Finland
Human risk management platform combining adaptive phishing simulation with personalized micro-training; independent and VC-backed.
1 tool in portfolio
Huntress
Ellicott City, MD, USA
Managed detection and response built for MSPs and the SMBs they serve, with a human-staffed 24/7 SOC.
1 tool in portfolio
Hyperproof
Seattle, WA, USA
Compliance operations platform for managing controls, evidence, and risk across multiple frameworks from one workspace; independent and VC-backed, having raised a $40M growth round in 2023.
1 tool in portfolio
Imperva
San Mateo, CA, USA
Application and data security vendor known for its web application firewall and bot/DDoS protection; became a wholly owned subsidiary of the French Thales Group when its ~$3.6B acquisition from Thoma Bravo closed in December 2023.
1 tool in portfolio
Invicti Security
Austin, TX, USA
Web application and API security testing vendor formed from the merger of Netsparker and Acunetix, selling both as separately branded DAST products; majority-owned by Summit Partners since a $625M 2021 growth investment, with Turn/River Capital retaining a minority stake.
2 tools in portfolio
Iru
San Diego, CA, USA
Device management, identity, and compliance platform for Apple, Windows, and Android fleets; rebranded from Kandji in late 2025.
1 tool in portfolio
Jamf
Minneapolis, MN, USA
Apple-focused device management and endpoint security; taken private by Francisco Partners in 2026.
1 tool in portfolio
Juniper Networks
Sunnyvale, CA, USA
Enterprise networking and security hardware, including the SRX Series firewall line; became a wholly owned subsidiary of Hewlett Packard Enterprise when HPE's acquisition closed in July 2025.
1 tool in portfolio
Keyfactor
Independence, OH, USA
PKI-as-a-service and certificate lifecycle orchestration, built around the Keyfactor Command platform and the open-source EJBCA certificate authority; PE-backed.
2 tools in portfolio
KnowBe4
Clearwater, FL, USA
Security awareness training and human risk management pioneer; taken private by Vista Equity Partners in a $4.6B deal that closed in February 2023, and expanded into email security through its 2024 acquisition of Egress.
2 tools in portfolio
LogicGate
Chicago, IL, USA
Risk management platform (Risk Cloud) built on a no-code workflow engine that lets risk and compliance teams configure their own processes instead of adapting to a fixed data model; independent and VC-backed, having raised a $113M Series C led by PSG.
1 tool in portfolio
Magnet Forensics
Waterloo, Ontario, Canada
Digital forensics vendor serving law enforcement and enterprise investigators; taken private by Thoma Bravo in 2023 and merged with mobile-forensics maker Grayshift, whose GrayKey products it now sells alongside its own.
1 tool in portfolio
Malwarebytes
Santa Clara, CA, USA
Consumer anti-malware plus the ThreatDown business endpoint line for SMB and mid-market.
1 tool in portfolio
Material Security
Redwood City, CA, USA
Cloud email and workspace security vendor focused on post-delivery protection inside Google Workspace and Microsoft 365; independent and venture-backed.
1 tool in portfolio
Microsoft
Redmond, WA, USA
Endpoint, identity, and cloud security via the Microsoft Defender and Entra portfolios, deeply integrated with Windows and Microsoft 365.
10 tools in portfolio
Mimecast
London, UK / Lexington, MA, USA
Email and human risk security vendor spanning secure email gateway, brand protection, and — following its 2024 acquisitions of Elevate Security, Code42, and Aware — collaboration-tool risk monitoring under a human risk management platform; taken private by Permira in a $5.8B deal that closed in May 2022.
1 tool in portfolio
Netgate
Austin, TX, USA
Steward of the open-source pfSense project since 2008, selling pfSense-based security appliances and the proprietary pfSense Plus edition alongside the free Community Edition.
1 tool in portfolio
NETSCOUT Systems
Westford, MA, USA
Network performance management and cybersecurity vendor whose Arbor DDoS protection line originated with its 2015 acquisition of Arbor Networks.
1 tool in portfolio
Netskope
Santa Clara, CA, USA
Security service edge vendor with roots in CASB, now selling a converged SASE platform under the Netskope One brand; completed its IPO on Nasdaq in September 2025.
2 tools in portfolio
Nightfall AI
San Francisco, CA, USA
Data loss prevention purpose-built for SaaS apps, cloud storage, and generative AI tools, using machine-learned content classifiers instead of a network or endpoint agent; independent and VC-backed.
1 tool in portfolio
NINJIO
Westlake Village, CA, USA
Security awareness training vendor known for short, Hollywood-style animated microlearning episodes; received a strategic growth investment from Gauge Capital in 2021.
1 tool in portfolio
OffSec
New York, NY, USA
Security training and certification company (formerly Offensive Security) behind the OSCP certification and the Kali Linux penetration-testing distribution it maintains and funds.
1 tool in portfolio
Okta
San Francisco, CA, USA
Cloud identity and access management for workforce and customer identity, spanning SSO, MFA, and lifecycle management.
1 tool in portfolio
One Identity
Aliso Viejo, CA, USA
Identity governance, privileged access, and Active Directory management; operates as a business unit of Quest Software.
1 tool in portfolio
OneTrust
Atlanta, GA, USA
Broad governance, risk, and compliance platform spanning privacy management, third-party risk, and IT risk automation; sold its Ethics & Compliance business unit to EQS Group in 2024 but remains independent and VC-backed, last valued at $4.5B in 2023.
1 tool in portfolio
Optro
Cerritos, CA, USA
Connected risk platform for internal audit, SOX compliance, and enterprise risk teams; acquired by European private equity firm Hg for more than $3B in a deal announced May 2024, then rebranded from AuditBoard to Optro in March 2026.
1 tool in portfolio
Orca Security
Portland, OR, USA
Agentless cloud security via its patented SideScanning technique, reading workloads' storage out-of-band instead of deploying agents; independent and VC-backed.
1 tool in portfolio
Palo Alto Networks
Santa Clara, CA, USA
Broad security platform spanning network firewalls, cloud security, SecOps (Cortex), and — since acquiring CyberArk in 2026 — the Idira identity security portfolio.
8 tools in portfolio
Panther Labs
San Francisco, CA, USA
Cloud-native, detection-as-code SIEM built on a security data lake; Databricks announced an agreement to acquire the company in June 2026, with the deal not yet closed as of July 2026.
1 tool in portfolio
Pentera
Burlington, MA, USA
Automated security validation vendor (founded in Israel as Pcysys) whose platform safely runs real attack techniques against production environments to prove which exposures are actually exploitable; independent, passing $100M ARR in 2026.
1 tool in portfolio
Ping Identity
Denver, CO, USA
Enterprise identity and access management via the PingOne platform; owned by Thoma Bravo, which merged ForgeRock into the company in 2023.
1 tool in portfolio
PortSwigger
Knutsford, England, UK
Maker of Burp Suite, the standard toolkit for manual and automated web application penetration testing; founder-controlled since 2008, with Brighton Park Capital taking a minority investment in 2024 — its first outside funding.
1 tool in portfolio
ProjectDiscovery
San Francisco, CA, USA
Company behind Nuclei, the widely used open-source template-based vulnerability scanner, plus the commercial ProjectDiscovery Cloud Platform and 2026's autonomous pentesting product Neo; independent and VC-backed.
1 tool in portfolio
Proofpoint
Sunnyvale, CA, USA
Email, data, and human-risk security vendor spanning threat protection, data loss prevention, and security awareness training; taken private by Thoma Bravo in a $12.3B 2021 deal and still PE-owned as of mid-2026.
3 tools in portfolio
Prowler
Portland, ME, USA
Company behind the open-source Prowler cloud security assessment tool (the project itself dates to 2016), incorporated in 2023 by its creator and selling a hosted Prowler Cloud edition.
1 tool in portfolio
Qualys
Foster City, CA, USA
SaaS security vendor (NASDAQ: QLYS) offering vulnerability management and compliance scanning through a shared cloud agent and platform.
1 tool in portfolio
Radware
Mahwah, NJ, USA / Tel Aviv, Israel
Independent, publicly traded network and application security vendor covering DDoS mitigation, web application, and API protection.
1 tool in portfolio
Rapid7
Boston, MA, USA
Vulnerability management, detection and response, and open-source security tooling (Metasploit, Velociraptor).
3 tools in portfolio
Recorded Future
Somerville, MA, USA
Threat intelligence provider combining automated collection across the open, deep, and dark web with research from its Insikt Group analysts; a Mastercard subsidiary since December 2024.
1 tool in portfolio
Red Hat
Raleigh, NC, USA
Enterprise open-source software company behind RHEL and OpenShift, wholly owned by IBM since 2019; its Kubernetes security line descends from the 2021 StackRox acquisition.
1 tool in portfolio
Rubrik
Palo Alto, CA, USA
Zero-trust data security and cyber recovery vendor built around immutable backups and ransomware recovery; went public on the NYSE in its 2024 IPO.
1 tool in portfolio
runZero
Austin, TX, USA
Asset discovery and exposure management company co-founded by Metasploit creator HD Moore; Accenture announced an agreement to acquire it in 2026 as part of a broader OT-security push, with the deal expected to close later that year.
1 tool in portfolio
SafeBreach
Sunnyvale, CA, USA
Breach and attack simulation pioneer whose platform continuously replays a large library of real attacker techniques against a customer's defenses to measure what gets blocked or detected; independent and VC-backed, with a $53.5M Series D closed in November 2021 as its most recent major round.
1 tool in portfolio
SailPoint
Austin, TX, USA
Identity governance and administration; returned to public markets in 2025 with Thoma Bravo retaining majority control.
1 tool in portfolio
Salt Security
Palo Alto, CA, USA
API security platform using behavioral analysis of live traffic to discover and protect APIs; independent and VC-backed, having raised roughly $281M toward a ~$1.4B valuation.
1 tool in portfolio
Saviynt
El Segundo, CA, USA
Cloud-native identity governance and administration converging IGA, application GRC, and privileged access.
1 tool in portfolio
Sectigo
Roseland, NJ, USA
Certificate authority and cloud-native certificate lifecycle management vendor, formerly Comodo CA before its 2018 rebrand.
1 tool in portfolio
Secureframe
San Francisco, CA, USA
Compliance automation platform that monitors security controls and collects audit evidence across frameworks including SOC 2 and ISO 27001; independent and VC-backed.
1 tool in portfolio
Securiti
San Jose, CA, USA
Data security, privacy, and AI governance platform (marketed as a "DataAI Command Platform") spanning DSPM alongside broader compliance automation; became a wholly owned subsidiary of Veeam when its ~$1.725B acquisition closed in December 2025, continuing to operate under the Securiti brand.
1 tool in portfolio
Security Onion Solutions
Evans, GA, USA
Company behind the free Security Onion network security monitoring Linux distribution, providing paid training and professional services around the platform.
1 tool in portfolio
Securonix
Addison, TX, USA
SIEM and UEBA vendor built around behavior analytics; backed by a $1B+ Vista Equity Partners growth investment since 2022, and acquired threat-intel platform ThreatQuotient in 2025.
1 tool in portfolio
Semgrep
San Francisco, CA, USA
Maker of the Semgrep static analysis engine (formerly r2c) and the commercial Semgrep AppSec Platform; the CLI/engine is LGPL-2.1, but the bundled default rule registry moved to a separate, non-OSI Semgrep Rules License in December 2024, prompting the fully open Opengrep community fork in early 2025.
1 tool in portfolio
SentinelOne
Mountain View, CA, USA
AI-driven autonomous endpoint, cloud, and identity protection via the Singularity platform.
2 tools in portfolio
Sentra
New York, NY, USA / Tel Aviv, Israel
Cloud-native data security posture management platform built for petabyte-scale data estates, prioritizing sensitive data by access exposure and use in AI pipelines; independent and VC-backed.
1 tool in portfolio
ServiceNow
Santa Clara, CA, USA
Enterprise workflow and IT service management platform (NYSE: NOW) whose Integrated Risk Management (IRM) line — renamed from GRC in 2023 but still marketed under GRC-branded apps — extends the same platform into policy, risk, and compliance automation.
1 tool in portfolio
Shuffle
Oslo, Norway
Small company behind the open-source Shuffle security automation platform, selling hosted cloud and enterprise support tiers on top of the free AGPL-licensed self-hosted core.
1 tool in portfolio
Skyhigh Security
San Jose, CA, USA
Security service edge vendor carved out of McAfee Enterprise by Symphony Technology Group in 2022, carrying the lineage of CASB pioneer Skyhigh Networks (founded 2011, acquired by McAfee in 2018).
1 tool in portfolio
Smallstep
San Francisco, CA, USA
Open-source PKI and device identity company behind step-ca and the step CLI, selling a hosted Certificate Manager on top.
1 tool in portfolio
Snyk
Boston, MA, USA
Developer-first application security platform spanning SAST, open-source dependency (SCA), container, and IaC scanning; still private and VC-backed, with a stalled IPO process and a rejected private-equity buyout as of 2026.
2 tools in portfolio
Socket
San Francisco, CA, USA
Maker of Socket Firewall, which analyzes open-source package behavior — not just known CVEs — to catch supply-chain attacks before they reach a developer's machine or CI pipeline; independent and VC-backed, reaching a $1B valuation in a May 2026 Series C.
1 tool in portfolio
Sonar
Geneva, Switzerland
Maker of SonarQube's code quality and security analysis products (SonarQube Server, SonarQube Cloud, SonarQube Community Build), rebranded from the SonarQube/SonarCloud edition names in late 2024 alongside a licensing change that moved bundled language analyzers off LGPL onto a separate, non-OSI source-available license.
1 tool in portfolio
SonicWall
Milpitas, CA, USA
Security appliances built for small and mid-sized businesses and the channel partners that resell them; majority-owned by Francisco Partners since being spun off from Dell in 2016.
1 tool in portfolio
Sophos
Abingdon, Oxfordshire, UK
Endpoint, network, and managed detection and response for SMB and mid-market; a Thoma Bravo portfolio company since 2020.
1 tool in portfolio
SoSafe
Cologne, Germany
European security awareness and human risk management platform combining training content, phishing simulation, and behavior analytics; independent and VC-backed.
1 tool in portfolio
Splunk
San Francisco, CA, USA
Log analytics and SIEM pioneer whose platform spans security and observability; a wholly owned Cisco subsidiary since the $28B acquisition closed in March 2024, still operating under the Splunk brand.
2 tools in portfolio
StackHawk
Denver, CO, USA
Developer-first, API-focused DAST built to run automatically inside CI/CD pipelines rather than as a standalone security-team tool; independent and VC-backed.
1 tool in portfolio
StrangeBee
Paris, France
Company founded by the creators of TheHive open-source incident response platform, now developing and selling TheHive 5 as a commercial product while maintaining the open-source Cortex analysis engine.
2 tools in portfolio
Sublime Security
Washington, D.C., USA
Email security platform built around a transparent, editable detection engine rather than an opaque vendor model; independent and VC-backed, raising a $60M Series B in December 2024.
1 tool in portfolio
Sumo Logic
Redwood City, CA, USA
Cloud-native log analytics and SIEM vendor; taken private by Francisco Partners in a $1.7B deal that closed in May 2023 and still PE-owned as of mid-2026.
1 tool in portfolio
Swimlane
Denver, CO, USA
Low-code security automation and SOAR vendor whose Turbine platform pairs workflow automation with case management for security operations teams; independent and VC-backed.
1 tool in portfolio
Sysdig
San Francisco, CA, USA
Runtime-centric cloud and container security founded by a Wireshark co-creator; created the Falco runtime security engine and donated it to the CNCF in 2018. Still private and VC-backed.
1 tool in portfolio
Tailscale
Toronto, Canada
Zero-config mesh VPN built on the WireGuard protocol, connecting devices directly to each other under a centrally managed access policy instead of routing through a gateway.
1 tool in portfolio
Teleport
Oakland, CA, USA
Identity-native infrastructure access — short-lived certificates instead of standing credentials for servers, Kubernetes, and databases.
1 tool in portfolio
Tenable
Columbia, MD, USA
Exposure and vulnerability management vendor behind Nessus, publicly traded (NASDAQ: TENB); its cloud security line is built on the identity-centric Ermetic platform acquired in 2023.
3 tools in portfolio
Thales
La Défense, France
French aerospace, defense, and technology conglomerate whose data security business — sold through its Cloud Protection & Licensing division — centers on the CipherTrust Data Security Platform and Luna hardware security modules, built from its 2016 Vormetric and 2019 Gemalto acquisitions; also owns Imperva since 2023.
1 tool in portfolio
Tines
Dublin, Ireland
No-code workflow automation platform with roots in security orchestration, increasingly sold for IT and general operations automation as well; independent and VC-backed, valued at $1.125B after a 2025 Series C.
1 tool in portfolio
Torq
Tel Aviv, Israel / Denver, CO, USA
Security 'hyperautomation' vendor positioning its AI-driven workflow and autonomous-SOC platform against first-generation SOAR products; independent and VC-backed, valued at $1.2B after a January 2026 Series D.
1 tool in portfolio
Twingate
Redwood City, CA, USA
Zero trust network access built to replace corporate VPNs, deployable without inbound firewall changes or exposing a public IP for internal resources.
1 tool in portfolio
Upwind Security
San Francisco, CA, USA
Runtime-powered CNAPP using eBPF sensors, founded by the team behind Spot.io; raised a $250M Series B in January 2026 at a $1.5B valuation.
1 tool in portfolio
Vanta
San Francisco, CA, USA
Compliance automation platform that continuously monitors and evidences security controls for frameworks like SOC 2, ISO 27001, and HIPAA; independent and VC-backed, valued at $4.15B after a July 2025 Series D.
1 tool in portfolio
Varonis
Miami, FL, USA
Publicly traded (NASDAQ: VRNS) data security vendor whose roots in data access governance and DLP have expanded into a full Varonis Data Security Platform spanning DSPM, threat detection, and identity risk.
1 tool in portfolio
Vectra AI
San Jose, CA, USA
AI-driven attack detection across network, identity, and cloud signal, marketed as Attack Signal Intelligence; privately held with no public listing as of 2026.
1 tool in portfolio
Veeam Software
Kirkland, WA, USA
Enterprise backup, disaster recovery, and data resilience across virtual, physical, cloud, and SaaS workloads via the Veeam Data Platform; relocated its US headquarters from Columbus, Ohio to Kirkland, Washington in 2024.
1 tool in portfolio
Veracode
Burlington, MA, USA
Application security testing platform (static, dynamic, and software composition analysis) delivered primarily as SaaS; majority-owned by TA Associates since a 2022 growth investment, with Thoma Bravo retaining a minority stake.
2 tools in portfolio
WatchGuard Technologies
Seattle, WA, USA
Network security appliances built for small and mid-sized businesses and the MSPs that serve them, sold under the Firebox line; majority-owned by Vector Capital since 2022.
1 tool in portfolio
Wazuh, Inc.
Campbell, CA, USA
Company behind the open-source Wazuh unified XDR/SIEM platform; bootstrapped, with paid managed cloud hosting.
1 tool in portfolio
Wiz
New York, NY, USA
Agentless-first cloud security (CNAPP) built around a graph of cloud resources, identities, and exposures; a Google (Alphabet) subsidiary since the ~$32B acquisition closed in March 2026, still operating under the Wiz brand within Google Cloud.
1 tool in portfolio
Yubico
Stockholm, Sweden
Inventor of the YubiKey hardware security key and a driving force behind the FIDO2/WebAuthn phishing-resistant authentication standards.
1 tool in portfolio
Zscaler
San Jose, CA, USA
Cloud-delivered SSE and SASE vendor whose Zero Trust Exchange inspects traffic across a global service network instead of a customer-run data center appliance.
1 tool in portfolio