From vendors that provide modern SIEM to those offering advanced threat feeds, here’s a look at 20 key companies in security operations, risk and threat intelligence.
When it comes to the crucial work of security operations teams, GenAI has rapidly made inroads — with countless tools now offering capabilities that can simplify and expedite the work of security analysts in responding to threats. Security analysts are now utilizing GenAI capabilities in a major way along with their SIEM (security information and event management) and SOAR (security orchestration, automation and response) tools, as a way to accelerate their responses and improve their security outcomes.
[Related: 10 Major Ransomware Attacks And Data Breaches In 2024]
In the SIEM market, meanwhile, a major shakeup sparked by Cisco’s $28 billion acquisition of Splunk has led to a series of other consolidation moves, including the merger of Exabeam and LogRhythm along with Palo Alto Networks’ $500 million acquisition of IBM’s QRadar SaaS business. Gartner’s 2024 Magic Quadrant for SIEM saw Microsoft, Splunk, IBM, Securonix and Exabeam ranked in the “leaders” quadrant.
Elsewhere in the security operations platforms space, Arctic Wolf recently completed its $160 million acquisition of Cylance from BlackBerry.
In the realm of threat intelligence, key providers include Google Cloud and Dataminr, while major players in risk management include Qualys, Tenable and Rapid7.
What follows are the 20 security operations, risk and threat intelligence companies that made our Security 100 for 2025.
Nick Schneider
President, CEO
Arctic Wolf has enhanced its Aurora security operations platform with the integration of SOAR technology and plans to expand its capabilities further with the planned acquisition of Cylance’s endpoint security technology from BlackBerry. Meanwhile, it debuted a new module for Aurora that provides real-time threat intelligence and reporting.
Dean Sysman
Co-Founder, CEO
Axonius expanded its offerings in cybersecurity asset management and SaaS security posture management with the introduction of the Axonius Software Management Module for tracking and managing all installed software. It also debuted enhancements for enabling better oversight of SaaS usage.
Jim Rosenthal
Co-Founder, CEO
BlueVoyant unveiled its new Cyber Defense Program, integrating a number of defensive security tools— including internal, external and supply chain protection—into a centralized platform. Key capabilities include managed XDR, supply chain defense, digital risk protection, cyber posture management and proactive defense.
Clint Sharp
Co-Founder, CEO
Data platform provider Cribl unveiled product updates including the debut of a managed data lake focused on long-term data retention, Cribl Lake. The company also unveiled AI-powered assistant Cribl Copilot and launched new and enhanced integrations for Cribl Stream including with Wiz, Oracle, Google Security Operations and OpenTelemetry.
Cynomi
David Primor
CEO
Cynomi offers an automated vCISO platform tailored to the needs of MSPs. The platform aims to offer equivalent capabilities to a governance, risk and compliance tool while also going further by conducting gap analysis, creating customized policies and developing a prioritized remediation plan to ensure that cybersecurity is addressed as well.
Dataminr
Ted Bailey
Founder, CEO
Major launches for Dataminr included the debut of its new generative AI capability, ReGenAI. The technology provides automatic regeneration of textual descriptions throughout the unfolding of events, accelerating the delivery of up-to-date situational understanding for threat teams.
Walter Scott
CEO
Devo debuted its security data analytics platform, including with new data orchestration capabilities focused on enhanced filtering and routing of data to cloud and data platforms. Other updates included the launch of the Devo Data Analytics Cloud for orchestration and ingestion of data from any source.
Chris O’Malley
President, CEO
Exabeam and LogRhythm announced the closure of their merger, with the combined company now known as Exabeam. It offers a cloud-native security operations platform as well as an on-premises SIEM platform. Recent updates included launching compatibility with the OpenAPI standard for improved interoperability.
Thomas Kurian
CEO
The cloud giant’s new Google Threat Intelligence offering is integrated into the Google Security Operations platform. Google Threat Intelligence combines insight from three massive data sources—Mandiant, VirusTotal and Google— with new GenAI-powered capabilities.
Arvind Krishna
Chairman, President, CEO
The sale of its QRadar SaaS business to Palo Alto Networks comes as IBM shifts its cybersecurity strategy to focus on data security, as exemplified by its deal to acquire HashiCorp. The planned acquisition aims to bring capabilities such as data protection and identity-based security with products including HashiCorp Vault.
Joel Cahill
Co-Founder, CEO
Infima, an MSP-focused provider of highly automated security awareness training, offers rapid setup and requires minimal oversight of its platform. The company recently updated its platform with a simplified training invite process, newly available access to historical reports and user risk scoring.
Stu Sjouwerman
Founder, CEO
KnowBe 4 , a provider of security awareness training as well as anti-phishing capabilities, expanded into offering email security with the acquisition of Egress. The KnowBe4 Cloud Email Security offering provides adaptive, AI-powered defense capabilities and email threat prevention and encryption functionality.
Sumedh Thakar
President, CEO
Qualys unveiled its new cloud-based risk operations center offering, Qualys Enterprise TruRisk Management. The platform provides analysis of data from Qualys and third-party tools to protect hybrid, cloud and on-premises environments. Other updates have included the addition of vulnerability assessment capabilities.
Corey Thomas
CEO
Rapid7 debuted its new platform for threat exposure , detection and response, the Command Platform. It unifies visibility of vulnerabilities, exposures and threats across environments and devices. Key capabilities include detection and prioritization through Exposure Command as well as discovery tool Surface Command.
Kash Shaikh
President, CEO
Securonix debuted a suite of AI-powered capabilities, Securonix EON, using LLMs from Amazon Bedrock and Anthropic Claude 3 to extend the company’s Unified Defense SIEM offering. EON provides new “psycholinguistics” capabilities to assist with hunting for insider threats as well as adaptive threat modeling.
Bill McDermott
President, CEO
With the Xanadu release of the Now Platform, ServiceNow included a number of updates on security capabilities, including the expansion of GenAI functionality to its security operations offering. The Now Assist tool enables accelerated incident response workflows as well as real-time management of threat exposure.
Joe Kim
President, CEO
Updates to Sumo Logic’s Cloud SIEM platform included the launch of Insight Trainer, which utilizes AI to provide suggestions on how to adjust detection severity and automatically tune recommendations. Other enhancements included its MITRE ATT&CK Coverage Explorer, which provides a broad view across adversary tactics.
Stephen Vintz, Mark Thurmond
Co-CEOs
Tenable bolstered its exposure management platform and cloud security offering through its acquisition of Ermetic. The acquisition enables it to provide cloud identity and permissions management technology as well as a complete cloud-native application protection platform.
Ofer Smadari
Co-Founder, CEO
Torq offers a no-code method for automating security operations activities. Key updates to its platform included the debut of Agentic AI capabilities via its autonomous, multi-agent security operations system. Torq’s Agentic AI agents provide autonomous analysis and assessment of security incidents.
David Muse
CEO
ZeroFox launched an external attack surface management module, providing discovery of external assets, prioritization of risk and detection of unsanctioned shadow IT usage. Other moves included the launch of ZeroFox PSI Mobile, a mobile app that can assist with delivery of physical security intelligence.
