Boston Cybersecurity Map Shows Deep, Diverse Local Sector

Xconomy Boston — 

It’s no secret that the Boston area is home to a formidable group of companies related to cybersecurity.

Just how big is the local cluster? Xconomy surveyed the landscape and found more than 60 firms within an hour’s drive of downtown Boston, including locally based companies and outposts of firms based elsewhere. We mapped them out below and listed them in a table with key facts and figures about each company.

The map and accompanying data illustrate the local sector’s diverse and dynamic nature. There are security arms of big companies, like EMC-owned RSA Security, IBM Security, and Lockheed Martin Industrial Defender. Longstanding companies like Rapid7, Carbon Black (formerly Bit9), Digital Guardian, Veracode, and CyberArk have raised vast sums from venture capitalists and the public markets in a quest for industry domination. Well-funded startups like Cybereason, Recorded Future, and Threat Stack are advancing new techniques for combating threats. And a bevy of small startups like Cybric, Lexumo, and Seceon are just getting started.

The companies are tackling a wide range of problems that threaten businesses, governments, and organizations today, from sniffing out and responding to cyber attacks to safeguarding data across servers, the cloud, and personal devices. Some of the companies focus on solving one or two specific issues, but security firms are increasingly taking a more holistic approach. We also included companies that offer related products and services, such as vulnerability assessments, remote access and password management software, online backup and disaster recovery, and other infrastructure tools.

Investors have pumped about $1.7 billion into local cybersecurity companies on our list, and that amount counts only the firms that haven’t been acquired or gone public. Meanwhile, local cyber exits (both IPOs and acquisitions) have generated a total of around $3.6 billion—again, a conservative number since many of the purchase prices for the deals on this list weren’t disclosed publicly.

If a company was acquired but still operates under its own name, we included it. If it got absorbed into the new parent company, we listed the parent company. Thus, RSA Security made the cut even though it’s owned by EMC, but Trusteer (acquired by IBM in 2013) wasn’t included, as it falls under the umbrella of IBM Security.

In addition to our own reporting, the information primarily came from company websites, SEC documents, CrunchBase, LinkedIn, the state of Massachusetts website, news articles, and press releases.

Without further ado, here are the map and list. If we missed any companies or should update any of the data, please drop me a line at jengel@xconomy.com. (Click the button in the map’s upper left to view a drop-down list of the companies. To explore a bigger version of the map, click the button in the upper right.)

Company Founded Venture capital raised (or exit) Product focus
Akamai Technologies 1998 $234M IPO in 1999 Cloud and mobile performance and security
AlgoSec 2003 None reported publicly Security policy management
Allegro Software Development 1996 None reported publicly Data security for the Internet of Things
Apperian 2009 At least $40M Mobile app and data security
AppInsight 2015 $2.3M Mobile app security
Arbor Networks 2000 Acquired by Danaher in 2010, then sold to NetScout Systems as part of larger $2.6B deal in 2014 DDoS and threat protection
Barkly 2013 $16.8M Endpoint security
BitSight Technologies 2011 $49M Security ratings
Black Duck Software 2002 At least $74M Open source software and app security
Carbon Black 2002 (as Bit9) Over $191M Endpoint security, threat detection, and incident response
Carbonite 2005 $62.5M IPO in 2011 Data backup and recovery
Cigital 1992 $55M Application security testing
ClickSoftware 1979 Acquired by Francisco Partners for $438M in 2015 Mobile workforce management software
CloudLock 2007 $35.4M Cloud app security
Confer Technologies 2011 (as Scargo) $25M Endpoint threat prevention, detection, and response
Core Security 1996 Acquired by Courion in 2015 Vulnerability assessment and management products
Corero Network Security 1997 Formerly Top Layer Security, acquired by Corero in 2011 Automatic DDoS protection
CounterTack 2004 $67.4M Big data endpoint threat detection and response
Cryptzone Early 2000s Acquired in 2014 by Medina Capital Security for networks, data, and apps
CyberArk Software (includes Viewfinity) 1999 $85.8M IPO in 2014 Privileged account security
Cybereason 2012 $88.6M Threat detection and response
Cybric 2015 $1.3M Vulnerability assessment and remediation
DataGravity 2012 $92M Data management, recovery, and security
Datto (includes Backupify) 2007 $100M Data backup and recovery
Digital Guardian 2003 (as Verdasys) Over $128M Data security (endpoint, network, cloud)
Dyn 1998 $38M Internet performance and remote access
EiQ Networks 2003 $22.5M Security intelligence and monitoring
Fidelis Cybersecurity 2002 Acquired in 2012 by General Dynamics, then sold to Marlin Equity Partners in 2015 Threat detection and response on networks and endpoints
Forum Systems 2001 Acquired by Crosscheck Networks in 2009 API security management
GlobalSign 1996 Acquired by GMO Internet in 2006 Authentication, encryption, identity and access management
GreatHorn 2015 Over $2.5M Cloud e-mail security, credential monitoring
Hexadite 2014 $10.5M Automated incident response
IBM Security 2011 (via Q1 Labs acquisition) N/A Threat protection, incident response, and more
Iboss 2003 $35M Cloud security; threat prevention, detection, and response
Imprivata 2001 $66.3M IPO in 2014 Healthcare IT security, remote access, password management, and secure communications
Intronis 2003 Over $21.3M Online backup and disaster recovery
Iron Mountain 1951 $76.8M IPO in 1996 Data backup, recovery, and migration services
Kaspersky Lab 1997 Reportedly $200M in private equity; company bought back those shares a year later Antivirus software, endpoint security, mobile security, data center security, e-mail security, and encryption
Lexumo 2015 $4.9M Security for open-source software in connected devices
Lockheed Martin Industrial Defender 1996 Lockheed Martin acquired Industrial Defender in 2014 Threat detection and threat intelligence management
LogMeIn 2003 $106.7M IPO in 2009 Remote access and password management
Mimecast 2003 $77.5M IPO in 2015 Cloud e-mail security
Mustbin 2012 $6M App that secures photos, videos, passwords, and other documents
NetCenergy 2003 None reported publicly Cloud computing, disaster recovery, and network security
Ncrypted Cloud 2012 At least $8M Secure data sharing
ObserveIT 2006 $25M Insider threat management
Onapsis 2009 $29.6M Business applications security
Prelert 2008 $11.3M Data analytics for IT security; early detection and finding breach causes
Promisec 2004 At least $14M Endpoint threat detection and response
Pwnie Express 2010 $20M Spots threats by detecting wireless and wired devices on/around a network
Rapid7 2000 $103.2M IPO in 2015 Incident detection and response, and threat exposure management
Raytheon 1922 IPO in 1981 Cloud security, data security, threat detection, threat assessment, incident response, and authentication
Recorded Future 2009 $32.9M Real-time threat intelligence
Resilient Systems 2010 (as Co3 Systems) Acquired by IBM for $100M+ in 2016 Incident response
RSA Security 1982 Acquired by EMC for $2.1B in 2006 Endpoint security, cloud security, threat detection, incident response, and identity and access management/authentication
Seceon 2015 At least $1.8M Threat detection and prediction
Security Innovation 2002 $13.1M Application security testing
SimSpace 2015 None Cyber assessments, training, and testing through “cyber ranges”
Sophos 1985 $125M IPO in 2015 (London Stock Exchange) Network protection, endpoint protection, and server security
Sqrrl 2012 $14.2M Threat detection, response, and analytics
Symantec 1982 IPO in 1989 Threat monitoring, incident response, endpoint protection, e-mail cloud protection, and data center protection
Threat Stack 2012 Over $26M Cloud security, infrastructure monitoring, and compliance
Vasco Data Security International 1984 IPO in 1998 Mobile app security and fraud prevention
Vaultive 2009 At least $19M Cloud data security
Veracode 2006 Over $100M Cloud-based application security
VS2 (Virtual Software Systems) 2014 $2M Data and application security, and threat detection and response
Zerto Late 2000s Over $110M Data protection, recovery, and migration services for cloud and virtual data centers

Cybersecurity Channel UnderwritersCybersecurity channel underwriter logos