Getting to 4,000 Cybersecurity Vendors

A retrospective

Dec 10, 2024

While poking around on my hard drive last week I came across a spreadsheet from February 27, 2003. It was my working list of 467 cybersecurity companies twenty two years ago! How did we get from 400+ vendors then, to 4,000+ vendors today?

Just looking at the 2003 list may evoke feelings of nostalgia for any old-timers. Remember these?

“@Stake” was one of the first security consulting companies. It was formed by Battery Ventures and Ted Julien (currently leading AI startup Flux.) The company bought L0pht hacking collective and was eventually sold to Symantec in 2004. Many of the original crew went on to found other companies. Wikipedia lists: “In addition to Dan Geer and Mudge, Atstake employed many famous security experts including Dildog, Window Snyder, Dave Aitel, Katie Moussouris, David Litchfield, Mark Kriegsman, Mike Schiffman, the grugq (get his newsletter here), Chris Wysopal, Alex Stamos, Cris Thomas, and Joe Grand.”

Counterpane was an early MSSP founded by Bruce Schnier with $90 million in funding from Bessemer. It was eventually sold to British Telecom for $90 million. counterpane.com points to Schneier’s blog today.

Cosine Communications was a god-box manufacturer, selling networking, switching, and firewalls in one large platform. They were the last Dot Com boom company to IPO. It went out of business shortly after. Eventually the component parts were acquired by Fortinet. I was in their booth at a trade show in Atlanta on 9/11.

Enterasys Networks was spun out from Cabletron in 2001 and went public. I tracked them because they were one of the top IDS companies. The company was fraught with issues and several executives went to prison for fraud. Extreme Networks acquired Enterasys for $180 million in 2013.

So many more companies that are no longer with us: Intellitactics, iSight Partners, Foundstone, Internet Security Systems (ISS), Intrusion, Intruvert, Lancope, Lumeta, MessageLabs, nCircle, NetASQ, NetIQ, NFR Security, Oblix, Recourse Technologies, Secure Computing, SecurityFocus, Solutionary, Stonesoft, Tippingpoint, Tripwire, Waveset, Whale, and Websense. Each has a story. If only someone where keeping track of the industry in one database so we could learn from and study all these companies!

By 2004 my spreadsheet had grown to 640 vendors. I was adding them ad-hoc as they reached out to brief me at Gartner or they made the news. Greenborder, Vericept, Secunia, and Vigilar are four of the additional 173 I added that year.

By 2016 my spreadsheet contained 1,446 cybersecurity vendors, and by 2019 there were 1,877 vendors in the MasterList I had started to keep in a Google Sheet so the team in India could add fields for date founded, number of employees each quarter, and the street address of the company headquarters. For every new vendor added to the database I personally determine what category and subcategory they belong in.

Finally in February, 2020, just in time for RSAC, we published Security Yearbook 2020 with a Directory of 2,336 vendors arranged by country, category and alphabetically.

The following year, Security Yearbook 2021 had 2,615 vendors, and the 2022 edition had 2,850. By January 1, 2023 we printed a directory of 3,269 vendors and the latest edition, 2024, has 3,240 vendors in it. Note we were getting better at cleaning up the list by that point because we now have a team of four researchers working on the data.

This morning we surpassed 4,000 active vendors in the IT-Harvest Dashboard. There are also 222 archived vendors who are in the process of being absorbed into their acquirers.

Here are the latest to be added. There is a surge of AI Security companies coming out of stealth pushing that category, which we did not even track last year, to 80 companies.

To get the list of 4,006+ vendors you can pre-order Security Yearbook 2025.

We have some exciting plans for the New Year so stay tuned. We may even pre-announce before then!

The Security Industry

Discussion about this post