KCOS Logo

Vendors
Ergon
Ergon is a Swiss-based company established in 1984 with customers primarily in the DACH region and is also growing across EMEA and the APAC regions. Its partner ecosystem is concentrated in DACH but remains small in other areas.
Why worth watching
The platform supports hybrid policy management by separating shared and local policies to ease the collaboration between developers and security administrators.
42Crunch
42Crunch is a privately held API security startup company headquartered in Dublin, Ireland with local offices across the US and multiple European countries. Founded in 2016, the company focuses on proactive discovery and remediation in API contracts (thus, even before any implementation code is written) and runtime protection against API attacks. 42Crunch strives to make API security a commodity by providing developer-focused tools, offering guidance and best practices, and by supporting DevSecOps initiatives.
Why worth watching
The platform can automatically audit the contract for potential vulnerabilities and offer developers the latest best practices and recommendations on hardening their APIs.
Akamai
Akamai Technologies is a cloud and security provider headquartered in Cambridge, Massachusetts, USA. Founded in 1998, the company is one of the veteran players in the market, providing a broad range of security, compute, and delivery solutions through its Akamai Connected Cloud, one of the world’s largest distributed edge and cloud platforms.
Why worth watching
Akamai now offers a native connector that integrates API security directly with the Akamai Cloud with a press of a button, providing full visibility and automated response integrations with the rest of Akamai’s security platform.
Axway
Axway, founded in 2001, is a global software company headquartered in Scottsdale, Arizona, USA. The company offers a broad portfolio of solutions for securing organizations’ protected resources and extending their operations into the cloud. With the acquisition of Vordel in 2012, Axway has become one of the strong players in the API Management market as well.
Why worth watching
Among notable recent additions to the platform is the Amplify Enterprise Marketplace – a centralized place to curate and monetize all corporate APIs across multiple environments. With discovery, productization, analytics, and security capabilities, it provides a single pane of glass for all API resources.
Broadcom
Broadcom has introduced light-weight desktop agent that allows users to connect to target systems using privileged account without having to log into the PAM user interface directly. Users can use their own tools for connecting and PAM will manage the credentials behind the scenes.
Why worth watching
Broadcom has now rationalized all its identity products into the Identity Management Security Division of Broadcom Software, including its PAM platform marketed as Symantec PAM.
Cequence Security
Cequence Security is a cybersecurity company headquartered in Sunnyvale, California. Founded in 2015 by a group of security industry veterans, the company focuses on developing a unified ML-based Application Security Platform. This cloud-native, containerized platform powers several security products ranging from web and mobile app protection to API inventory, monitoring, compliance, and risk assessment.
Why worth watching
The core technology that powers the Cequence platform is CQAI – a patented machine learning-based analytics engine that processes the transactional data collected by the platform sensors to discover, analyze, and monitor web, mobile, and API-based applications.
Cerbos
Cerbos is an open-source software vendor focusing on adaptive authorization management. Founded in 2021, the company comprises a highly distributed engineering and management team, while being officially headquartered in London, UK.
Why worth watching
Since inception, Cerbos has been focusing on developing an open source, language-agnostic dynamic authorization solution that can be integrated into any application with a shallow learning curve.
Cloudentity
Cloudentity was founded in 2018 and is headquartered in Seattle. Cloudentity has a full-featured CIAM and IDaaS solution. Their approach is cloud-first and one of their primary objectives is scalability; thus, they were an early adopter of micro-services architecture. Cloudentity focuses on Dynamic Authorization as the core element for CIAM. Cloudentity utilizes many of the latest container and orchestration technologies, such as Docker, Kubernetes, and Istio, to deliver their services. Their solution can run on-premises on CentOS, RHEL, or SUSE; and it is cloud-agnostic so it can be deployed public IaaS environments such as Alibaba, AWS, Azure, or GCP. They also offer their solution as SaaS delivered from public IaaS across multiple regions including US, UK, Europe, Australia. Cloudentity’s subscription pricing is based on the number of authorization grants performed per month regardless of how many active or eligible users the customer serves. Cloudentity customers can import users via LDAP, REST, and SCIM. Social network registration and authentication can be used except Apple. Registration workflows are customizable in the GUI and allow fine-grained consent and sophisticated authorization evaluations. All typical account recovery mechanisms are present. Identity proofing is not built-in but can be configured via the policy framework. OTP, mobile push, and the most common authenticator apps are accepted.
Why worth watching
The administrative console is highly functional and intuitive, enabling customers to create detailed authentication and authorization policies using a flow-chart and drag/drop style interface.
Cloudflare
Cloudflare is a leading Content Delivery Network (CDN) and provider of network security services. Founded in 2009, the company is headquartered in San Francisco, CA. Cloudflare is primarily known for its global security edge infrastructure that is present in over 300 cities worldwide to provide low-latency access for over 95% of the internet population. It has been estimated that nearly a quarter of websites worldwide rely on Cloudflare for network and web security services with over 140 billion threats blocked daily.
Why worth watching
Cloudflare’s platform allows for effortless shadow API discovery, automated schema learning and validation based on traffic, and volumetric and sequential abuse detection.
Curity
Curity is a provider of API-driven identity management solutions based in Stockholm, Sweden. Launched in 2015, the company is focusing on providing identity services for APIs and microservices and removing the complexity by externalizing and centralizing access control across any API.
Why worth watching
Using the Curity Identity Server, the company’s flagship product, organizations can secure their digital services in configuration and not in code, thus reducing the complexity of development and maintenance.
Data Theorem
Data Theorem is a company specializing in application security solutions. Founded in 2013 and based in Palo Alto, CA, the company offers a range of automated managed security services for developers of mobile applications and APIs. At the core of the company’s entire portfolio is its Analyzer Engine that performs continuous scanning of application vulnerabilities.
Why worth watching
Through a large ecosystem of technology partners, Data Theorem offers a portfolio of SaaS agentless solutions for mobile, web, API, cloud, and supply chain security.
ForAllSecure
ForAllSecure is a cybersecurity company founded in 2012 by a team of security researchers from Carnegie Mellon University. It is headquartered in Pittsburgh, PA. The company’s vision is to approach application security testing from the perspective of a real hacker and focus on identifying only real exploitable risks instead of overwhelming developers with too many irrelevant findings.
Why worth watching
The company places a strong emphasis on automated integrations with CI/CD pipelines, complex infrastructure, and external tools.
Forum Systems
Forum Systems is a privately held independent engineering company based in Needham, MA. Founded in 2001, the company provides gateway-based solutions for API and cloud security.
Why worth watching
Since the very beginning, the company offers mission-critical large-scale solutions with a heavy emphasis on “security by design”.
Google
Google LLC is an American multinational technology company focusing on artificial intelligence, online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, and consumer electronics.
Why worth watching
In 2015, Apigee became one of the founding members of the OpenAPI initiative.
Gravitee
Gravitee is a next-generation API management vendor headquartered in Boulder, CO. Originally founded in 2016, the company has a distributed team primarily across France and the United Kingdom. Gravitee was founded as an open-source company and remains a strong contributor to this day, with the vision of developing a new kind of API management platform that unifies synchronous and asynchronous APIs.
Why worth watching
Gravitee offers support for both traditional API technologies like SOAP, REST, or GraphQL and event-driven protocols like Websockets, webhooks, or data streaming in a single platform across the entire API lifecycle.
Imperva
Imperva is an American cybersecurity solution company headquartered in Redwood Shores, California. Back in 2002, the company’s first product was a web application firewall, but over the years, Imperva’s portfolio has expanded to include several product lines for data security, cloud security, breach prevention, and infrastructure protection as well. In 2019, Imperva was acquired by private equity firm Thoma Bravo, making it a privately held company.
Why worth watching
In July 2023, the French multinational cybersecurity vendor Thales has announced the intent to acquire 100% of Imperva.
Nevatech
Nevatech is a privately owned software company based in Atlanta, GA. Founded in 2011, the company provides SOA and API management infrastructure and tools for on-premises, cloud, and hybrid deployments.
Why worth watching
Nevatech is unique among its competitors, implementing their Sentinet platform completely on Microsoft .NET technology, and thus particularly beneficial for customers running Microsoft environments.
Noname
Noname Security is a privately held company with the HQ in Silicon Valley and additional offices in Tel Aviv, Israel and Amsterdam, Netherlands. Established in 2020 with a strategic vision of a complete, proactive API security platform, the company has already managed to attract many high-profile enterprise customers as well as to raise impressive funding from venture capital.
Why worth watching
Just a year after emerging from stealth, Noname Security had reached a $1 billion valuation, becoming the first API security Unicorn.
Perforce
Perforce is one of the leading providers of software lifecycle management tools, headquartered in Minneapolis, Minnesota. Established in 1995, the company is primarily known for its version control system, but through a series of acquisitions in the later years, it has established a massive portfolio of application development, developer collaboration, agile planning, and other products for creating and running software.
Why worth watching
Akana offers complete API lifecycle management, integrating with API design tools, development environments, and CI/CD pipelines, offering DevOps automation and governance.
Redhat
Red Hat is a multinational software company that develops enterprise open-source solutions, including cloud, infrastructure, application development, and integration technologies. Founded in 1993, the company is known for its enterprise Linux operating system, as well as for hybrid cloud management, virtualization, Kubernetes, and other solutions. In 2019, Red Hat was acquired by IBM and now operates as an independent subsidiary.
Why worth watching
Regardless of the selected deployment option, Red Hat Application Foundations provides full coverage not just for the full API lifecycle (from initial design to retirement) with 3scale API Management, but incorporates comprehensive service orchestration, data transformation, real-time message streaming, and other methods of application connectivity – all within the same cloud-native technology platform with a rich set of developer tools, DevOps pipelines, and additional services to address the requirements of just about every kind of enterprise customer.
Salt Security
Salt Security is a privately held API security startup company based in Palo Alto, CA. Founded in 2016 by alumni of the Israeli Defense Force, the company offers a patented API threat protection platform that protects SaaS, web, mobile, microservices, and IoT applications from API threat vectors across build, deploy, and runtime phases.
Why worth watching
Harnessing the power of AI, big data, and behavioral analytics, the platform does not require any configuration and can be deployed in minutes.
Sensedia
Sensedia is an API management company headquartered in Campinas, Brazil. Founded in 2007, the company provides a full-featured API management platform that incorporates tools for every stage of the API lifecycle from design to operations, analytics, and governance, incorporating robust security functions as well.
Why worth watching
Somewhat unusually for a platform of entirely own development, the solution implements impressive functional capabilities in nearly every aspect of API management and security: for example, it can address all OWASP API Security Top 10 threats with a broad range of built-in security functions.
Traceable
Traceable is an API security startup based in San Francisco, California. Established in 2019 by veterans of the application performance monitoring market, the company develops an innovative distributed tracing technology for cloud-native applications, which helps monitor, investigate, and protect multiple cloud environments like microservices, service meshes, serverless functions, and APIs.
Why worth watching
Combining it with an unsupervised machine learning platform to correlate operational and security data across various components of modern cloud-native applications and APIs, Traceable can offer customers not just full visibility into code execution but also into data flows and user activities.
Wallarm
Wallarm is an application and API security vendor based in San Francisco, CA. Founded in 2016 with the vision for end-to-end API security, the company now delivers an integrated platform for API discovery and posture management, real-time API protection, as well as for API security testing. The solution unifies API security and next-generation WAF capabilities to protect the entire web application and API portfolio for a customer, even in complex multi-cloud environments.
Why worth watching
With a strong focus on protecting cloud-native environments, Wallarm offers an impressive range of deployment options, from traditional API gateways and load balancers to Kubernetes and containers, serverless functions, hybrid cloud environments, or even agentless SaaS scenarios. Wallarm Nodes enable deep inline inspection with near-zero latency but can also operate out of band on mirrored traffic.
WSO2
WSO2 was founded in 2005 in Sri Lanka and is headquartered in Santa Clara, CA. They are an open source IAM/CIAM solution provider. Their target market is identity architects and developers, who can take advantage of their API-driven and highly customizable product. Related products include Enterprise Integrator and API Manager. Identity Server is the on-premises and self-hosted version, and it can run on Linux or Windows, or any top-tier IaaS platform. Asgardeo is their SaaS, which is hosted on a single IaaS provider in data centers in the US. Identity Server is licensed per node, and Asgardeo is priced by the number of monthly active users.
Why worth watching
WSO2 allows social networking and self-registration for consumers.