Richard Stiennon’s Post

Wow, what a giant waste of money. 5% funded and 60%+ will fail. $6B gone. https://spdload.com/blog/startup-success-rate/ But the lawyers will get rich.

This is both the challenge and glory of cybersecurity. Go with the traditional known vendor in a category or take a chance on something new but not fully proven. Ideally it’s a mix of both, not all blue chips but not all new chips. Both “all in” strategies have downsides. I wouldn’t for example, bet all my marbles on a new unproven IdP unless I was looking for immense amount of stress and asking to be questioned 10x. Other categories like GRC/Training/etc that doesn’t impact production is easier to stomach.

What are the use cases (capabilities) driving api security? Is it WAF, DLP, or least privileges? Appsec is shift left (dev) and api security runtime (ops)?

Thanks Richard this is very interesting, where would you place #machineidentitymanagement ?

I’m stunned by the number of cybersecurity vendors. Unbelievable.

Thanks Richard Stiennon for sharing this, I recently learned of this category WAAP (web app and api protection), would that map to API Sec, AppSec and some part of IAM above taking it to almost 50% of new investments in 2022

Thats interesting. I do find that api secuirty is getting a lot of buzz, but I disagree that cloud security isn’t its own category. People are looking for fewer tools, not more. So I think cloud security or CNAPP should be it’s own catagory.

Thanks for the share!

Where is cspm/cwpp/cnapp? Is operations siem/soar/xdr? Cloud or on prem?

Great info, thanks for sharing. The rise of API security to the top of the list is consistent with what we're hearing from large enterprises.