├── LICENSE └── README.md /LICENSE: -------------------------------------------------------------------------------- 1 | Creative Commons Legal Code 2 | 3 | CC0 1.0 Universal 4 | 5 | CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE 6 | LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN 7 | ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS 8 | INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES 9 | REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS 10 | PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM 11 | THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED 12 | HEREUNDER. 13 | 14 | Statement of Purpose 15 | 16 | The laws of most jurisdictions throughout the world automatically confer 17 | exclusive Copyright and Related Rights (defined below) upon the creator 18 | and subsequent owner(s) (each and all, an "owner") of an original work of 19 | authorship and/or a database (each, a "Work"). 20 | 21 | Certain owners wish to permanently relinquish those rights to a Work for 22 | the purpose of contributing to a commons of creative, cultural and 23 | scientific works ("Commons") that the public can reliably and without fear 24 | of later claims of infringement build upon, modify, incorporate in other 25 | works, reuse and redistribute as freely as possible in any form whatsoever 26 | and for any purposes, including without limitation commercial purposes. 27 | These owners may contribute to the Commons to promote the ideal of a free 28 | culture and the further production of creative, cultural and scientific 29 | works, or to gain reputation or greater distribution for their Work in 30 | part through the use and efforts of others. 31 | 32 | For these and/or other purposes and motivations, and without any 33 | expectation of additional consideration or compensation, the person 34 | associating CC0 with a Work (the "Affirmer"), to the extent that he or she 35 | is an owner of Copyright and Related Rights in the Work, voluntarily 36 | elects to apply CC0 to the Work and publicly distribute the Work under its 37 | terms, with knowledge of his or her Copyright and Related Rights in the 38 | Work and the meaning and intended legal effect of CC0 on those rights. 39 | 40 | 1. Copyright and Related Rights. A Work made available under CC0 may be 41 | protected by copyright and related or neighboring rights ("Copyright and 42 | Related Rights"). Copyright and Related Rights include, but are not 43 | limited to, the following: 44 | 45 | i. the right to reproduce, adapt, distribute, perform, display, 46 | communicate, and translate a Work; 47 | ii. moral rights retained by the original author(s) and/or performer(s); 48 | iii. publicity and privacy rights pertaining to a person's image or 49 | likeness depicted in a Work; 50 | iv. rights protecting against unfair competition in regards to a Work, 51 | subject to the limitations in paragraph 4(a), below; 52 | v. rights protecting the extraction, dissemination, use and reuse of data 53 | in a Work; 54 | vi. database rights (such as those arising under Directive 96/9/EC of the 55 | European Parliament and of the Council of 11 March 1996 on the legal 56 | protection of databases, and under any national implementation 57 | thereof, including any amended or successor version of such 58 | directive); and 59 | vii. other similar, equivalent or corresponding rights throughout the 60 | world based on applicable law or treaty, and any national 61 | implementations thereof. 62 | 63 | 2. Waiver. To the greatest extent permitted by, but not in contravention 64 | of, applicable law, Affirmer hereby overtly, fully, permanently, 65 | irrevocably and unconditionally waives, abandons, and surrenders all of 66 | Affirmer's Copyright and Related Rights and associated claims and causes 67 | of action, whether now known or unknown (including existing as well as 68 | future claims and causes of action), in the Work (i) in all territories 69 | worldwide, (ii) for the maximum duration provided by applicable law or 70 | treaty (including future time extensions), (iii) in any current or future 71 | medium and for any number of copies, and (iv) for any purpose whatsoever, 72 | including without limitation commercial, advertising or promotional 73 | purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each 74 | member of the public at large and to the detriment of Affirmer's heirs and 75 | successors, fully intending that such Waiver shall not be subject to 76 | revocation, rescission, cancellation, termination, or any other legal or 77 | equitable action to disrupt the quiet enjoyment of the Work by the public 78 | as contemplated by Affirmer's express Statement of Purpose. 79 | 80 | 3. Public License Fallback. Should any part of the Waiver for any reason 81 | be judged legally invalid or ineffective under applicable law, then the 82 | Waiver shall be preserved to the maximum extent permitted taking into 83 | account Affirmer's express Statement of Purpose. In addition, to the 84 | extent the Waiver is so judged Affirmer hereby grants to each affected 85 | person a royalty-free, non transferable, non sublicensable, non exclusive, 86 | irrevocable and unconditional license to exercise Affirmer's Copyright and 87 | Related Rights in the Work (i) in all territories worldwide, (ii) for the 88 | maximum duration provided by applicable law or treaty (including future 89 | time extensions), (iii) in any current or future medium and for any number 90 | of copies, and (iv) for any purpose whatsoever, including without 91 | limitation commercial, advertising or promotional purposes (the 92 | "License"). The License shall be deemed effective as of the date CC0 was 93 | applied by Affirmer to the Work. Should any part of the License for any 94 | reason be judged legally invalid or ineffective under applicable law, such 95 | partial invalidity or ineffectiveness shall not invalidate the remainder 96 | of the License, and in such case Affirmer hereby affirms that he or she 97 | will not (i) exercise any of his or her remaining Copyright and Related 98 | Rights in the Work or (ii) assert any associated claims and causes of 99 | action with respect to the Work, in either case contrary to Affirmer's 100 | express Statement of Purpose. 101 | 102 | 4. Limitations and Disclaimers. 103 | 104 | a. No trademark or patent rights held by Affirmer are waived, abandoned, 105 | surrendered, licensed or otherwise affected by this document. 106 | b. Affirmer offers the Work as-is and makes no representations or 107 | warranties of any kind concerning the Work, express, implied, 108 | statutory or otherwise, including without limitation warranties of 109 | title, merchantability, fitness for a particular purpose, non 110 | infringement, or the absence of latent or other defects, accuracy, or 111 | the present or absence of errors, whether or not discoverable, all to 112 | the greatest extent permissible under applicable law. 113 | c. Affirmer disclaims responsibility for clearing rights of other persons 114 | that may apply to the Work or any use thereof, including without 115 | limitation any person's Copyright and Related Rights in the Work. 116 | Further, Affirmer disclaims responsibility for obtaining any necessary 117 | consents, permissions or other rights required for any use of the 118 | Work. 119 | d. Affirmer understands and acknowledges that Creative Commons is not a 120 | party to this document and has no duty or obligation with respect to 121 | this CC0 or use of the Work. 122 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Cloud security engineers are notoriously overworked and under-resourced. This curated list has links to tools, frameworks and resources to make their lives easier. 2 | 3 | # Threat Research 4 | - [Cloud Security Alliance Research](https://cloudsecurityalliance.org/research/) 5 | - [Datadog Security Labs](https://securitylabs.datadoghq.com/) 6 | - [Elastic Security Labs](https://www.elastic.co/security-labs) 7 | - [Google Project Zero](https://googleprojectzero.blogspot.com/) 8 | - [Microsoft Security Response Center](https://www.microsoft.com/en-us/msrc) 9 | - [Orca Research Pod](https://orca.security/about/orca-research-pod/) 10 | - [Rapid7 Research](https://www.rapid7.com/research/) 11 | - [Sysdig Threat Research](https://sysdig.com/threat-research/) 12 | - [Team Nautilus by Aqua Security](https://www.aquasec.com/research/) 13 | - [Unit 42 by Palo Alto Networks](https://unit42.paloaltonetworks.com/) 14 | - [Wiz Cloud Threat Landscape](https://threats.wiz.io/) 15 | 16 | 17 | # Security Vendors 18 | 19 | ## Publicly listed vendors 20 | 21 | These are vendors with publicly traded stocks. The links lead to a vendor's website, LinkedIn company page and the stock price on [Yahoo! Finance](https://finance.yahoo.com/). 22 | 23 | - [Check Point](https://www.checkpoint.com/) | [LinkedIn](https://www.linkedin.com/company/check-point-software-technologies/about/) | [CHKP](https://finance.yahoo.com/quote/CHKP/) 24 | - [Cisco](https://www-cloud.cisco.com/site/us/en/products/security/index.html) | [LinkedIn](https://www.linkedin.com/company/cisco/) | [CSCO](https://finance.yahoo.com/quote/CSCO/) 25 | - [CloudFlare](https://www.cloudflare.com) | [LinkedIn](https://www.linkedin.com/company/cloudflare/) | [NET](https://finance.yahoo.com/quote/NET/) 26 | - [CrowdStrike](https://www.crowdstrike.com/) | [LinkedIn](https://www.linkedin.com/company/crowdstrike/) | [CRWD](https://finance.yahoo.com/quote/CRWD) 27 | - [CyberArk](https://www.cyberark.com) | [LinkedIn](https://www.linkedin.com/company/cyber-ark-software/) | [CYBR](https://finance.yahoo.com/quote/CYBR/) 28 | - [Datadog](https://www.datadoghq.com/) | [LinkedIn](https://www.linkedin.com/company/datadog/about/) | [DDOG](https://finance.yahoo.com/quote/ddog) 29 | - [Fortinet](https://www.fortinet.com) | [LinkedIn](https://www.linkedin.com/company/fortinet/) | [FTNT](https://finance.yahoo.com/quote/FTNT/) 30 | - [Palo Alto Networks](https://www.paloaltonetworks.com/) | [LinkedIn](https://www.linkedin.com/company/palo-alto-networks) | [PANW](https://finance.yahoo.com/quote/PANW) 31 | - [Qualys](https://www.qualys.com/) | [LinkedIn](https://www.linkedin.com/company/qualys) | [QLYS](https://finance.yahoo.com/quote/QLYS) 32 | - [Radware](https://www.radware.com/) | [LinkedIn](https://www.linkedin.com/company/radware/about/) | [RDWR](https://finance.yahoo.com/quote/RDWR) 33 | - [SentinelOne](https://www.sentinelone.com/) | [LinkedIn](https://www.linkedin.com/company/sentinelone) | [S](https://finance.yahoo.com/quote/S) 34 | - [Tenable](https://www.tenable.com/) | [LinkedIn](https://www.linkedin.com/company/tenableinc) | [TENB](https://finance.yahoo.com/quote/TENB) 35 | - [Varonis](https://www.varonis.com/) | [LinkedIn](https://www.linkedin.com/company/varonis/) | [VRNS](https://finance.yahoo.com/quote/VRNS/) 36 | - [Zscaler](https://www.zscaler.com/) | [LinkedIn](https://www.linkedin.com/company/zscaler/) | [ZS](https://finance.yahoo.com/quote/ZS) 37 | 38 | ### Formerly listed 39 | - [HashiCorp](https://www.hashicorp.com) | [LinkedIn](https://www.linkedin.com/company/hashicorp/) | [HCP](https://finance.yahoo.com/quote/HCP) 40 | - [Splunk](https://www.splunk.com/) | [LinkedIn](https://www.linkedin.com/company/splunk/) | [SPLK](https://finance.yahoo.com/quote/SPLK) 41 | 42 | 43 | ## Private Vendors 44 | Venture-funded companies 45 | 46 | - [AccuKnox](https://www.accuknox.com/) | [LinkedIn](https://www.linkedin.com/company/accuknox/) | [Crunchbase](https://www.crunchbase.com/organization/accuknox) 47 | - [Aikido](https://www.aikido.dev/) | [LinkedIn](https://www.linkedin.com/company/aikido-security/) | [Crunchbase](https://www.crunchbase.com/organization/aikido-security) 48 | - [Aqua Security](https://www.aquasec.com/) | [LinkedIn](https://www.linkedin.com/company/aquasecteam/) | [Crunchbase](https://www.crunchbase.com/organization/aquasecurity) 49 | - [ARMO](https://www.armosec.io/) | [LinkedIn](https://www.linkedin.com/company/armosec/) | [Crunchbase](https://www.crunchbase.com/organization/cyber-armor) 50 | - [Arnica](https://www.arnica.io/) | [LinkedIn](https://www.linkedin.com/company/arnica-io/) | [Crunchbase](https://www.crunchbase.com/organization/arnica-io) 51 | - [Astrix](https://astrix.security) | [LinkedIn](https://www.linkedin.com/company/astrix-security/) | [Crunchbase](https://www.crunchbase.com/organization/astrix-security) 52 | - [Avalor](https://www.avalor.io) | [LinkedIn](https://www.linkedin.com/company/avalorsec/) | [Crunchbase](https://www.crunchbase.com/organization/avalor-72e5) 53 | - [Bright Security](https://brightsec.com/) | [LinkedIn](https://www.linkedin.com/company/neuralegion/) | [Crunchbase](https://www.crunchbase.com/organization/neuralegion) 54 | - [Chainloop](https://chainloop.dev) | [LinkedIn](https://www.linkedin.com/company/chainloop-dev) | [Crunchbase](https://www.crunchbase.com/organization/chainloop) 55 | - [Clutch](https://www.clutch.security/) | [LinkedIn](https://www.linkedin.com/company/clutch-security/) | [Crunchbase](https://www.crunchbase.com/organization/clutch-security) 56 | - [Coalfire](https://www.coalfire.com) | [LinkedIn](https://www.linkedin.com/company/coalfire/) | [Crunchbase](https://www.crunchbase.com/organization/coalfire-system) 57 | - [Curity](https://curity.io/) | [LinkedIn](https://www.linkedin.com/company/curity/) | [Crunchbase](https://www.crunchbase.com/organization/curity) 58 | - [Cyera](https://www.cyera.io/) | [LinkedIn](https://www.linkedin.com/company/cyera/) | [Crunchbase](https://www.crunchbase.com/organization/cyera) 59 | - [Cyscale](https://cyscale.com) | [LinkedIn](https://www.linkedin.com/company/cyscale/) | [Crunchbase](https://www.crunchbase.com/organization/cyscale) 60 | - [Cyware](https://cyware.com/) | [LinkedIn](https://www.linkedin.com/company/cyware/) | [Crunchbase](https://www.crunchbase.com/organization/cyware) 61 | - [Darktrace](https://darktrace.com/) | [LinkedIn](https://www.linkedin.com/company/darktrace/) | [Crunchbase](https://www.crunchbase.com/organization/darktrace) 62 | - [Deepfence](https://www.deepfence.io/) | [LinkedIn](https://www.linkedin.com/company/deepfence-inc) | [Crunchbase](https://www.crunchbase.com/organization/deepfence) 63 | - [Deepsource](https://deepsource.com) | [LinkedIn](https://www.linkedin.com/company/deepsourcelabs) | [Crunchbase](https://www.crunchbase.com/organization/deepsource) 64 | - [Eureka Security](https://www.eureka.security/) | [LinkedIn](https://www.linkedin.com/company/eureka-security/) | [Crunchbase](https://www.crunchbase.com/organization/eureka-security) 65 | - [Endor Labs](https://pangea.cloud/) | [LinkedIn](https://www.linkedin.com/company/endorlabs/insights/) | [Crunchbase](https://www.crunchbase.com/organization/endor-labs) 66 | - [Entro](https://entro.security) | [LinkedIn](https://www.linkedin.com/company/entro-security/) | [Crunchbase](https://www.crunchbase.com/organization/entro-cf4f) 67 | - [Gem Security](https://www.gem.security/) | [LinkedIn](https://www.linkedin.com/company/gemsecurity/) | [Crunchbase](https://www.crunchbase.com/organization/gem-f4a1) 68 | - [GitGuardian](https://www.gitguardian.com/) | [LinkedIn](https://www.linkedin.com/company/gitguardian/) | [Crunchbase](https://www.crunchbase.com/organization/gitguardian) 69 | - [Grip Security](https://www.grip.security/) | [LinkedIn](https://www.linkedin.com/company/grip-security/) | [Crunchbase](https://www.crunchbase.com/organization/grip-security) 70 | - [Hunters](https://www.hunters.security/) | [LinkedIn](https://www.linkedin.com/company/hunters-ai/) | [Crunchbase](https://www.crunchbase.com/organization/hunters-ai) 71 | - [JupiterOne](https://www.jupiterone.com/) | [LinkedIn](https://www.linkedin.com/company/jupiterone/) | [Crunchbase](https://www.crunchbase.com/organization/jupiterone) 72 | - [Kloudle](https://kloudle.com/) | [LinkedIn](https://www.linkedin.com/company/kloudle/) | [Crunchbase](https://www.crunchbase.com/organization/kloudle) 73 | - [Lacework](https://www.lacework.com/) | [LinkedIn](https://www.linkedin.com/company/lacework/) | [Crunchbase](https://www.crunchbase.com/organization/lacework) 74 | - [Lightlytics](https://www.lightlytics.com/) | [LinkedIn](https://www.linkedin.com/company/lightlytics/) | [Crunchbase](https://www.crunchbase.com/organization/lightlytics) 75 | - [Lineaje](https://www.lineaje.dev/) | [LinkedIn](https://www.linkedin.com/company/lineaje/) | [Crunchbase](https://www.crunchbase.com/organization/lineaje) 76 | - [Matano](https://matanosecurity.com/) | [LinkedIn](https://www.linkedin.com/company/matanolabs/) | [Crunchbase](https://www.crunchbase.com/organization/matano) 77 | - [Metomic](https://metomic.io) | [LinkedIn](https://www.linkedin.com/company/metomic/) | [Crunchbase](https://www.crunchbase.com/organization/metomic) 78 | - [Netwrix](https://www.netwrix.com/) | [LinkedIn](https://www.linkedin.com/company/netwrix-corporation/) | [Crunchbase](https://www.crunchbase.com/organization/netwrix) 79 | - [Normalyze](https://normalyze.ai/) | [LinkedIn](https://www.linkedin.com/company/normalyze/) | [Crunchbase](https://www.crunchbase.com/organization/normalyze) 80 | - [Noq](https://www.noq.dev) | [LinkedIn](https://www.linkedin.com/company/noq-software/) | [Crunchbase](https://www.crunchbase.com/organization/noq-software) 81 | - [OASIS Security](https://www.oasis.security/) | [LinkedIn](https://www.linkedin.com/company/non-human-identity-management-oasis/) | [Crunchbase](https://www.crunchbase.com/organization/oasis-security-ltd) 82 | - [OpenRaven](https://www.openraven.com) | [Linkedin](https://www.linkedin.com/company/open-raven/) | [Crunchbase](https://www.crunchbase.com/organization/open-raven) 83 | - [Orca Security](https://orca.security/) | [LinkedIn](https://www.linkedin.com/company/orca-security/) | [Crunchbase](https://www.crunchbase.com/organization/orca-security) 84 | - [OpsHelm](https://www.opshelm.com/) | [LinkedIn](https://www.linkedin.com/company/opshelm/) | [Crunchbase](https://www.crunchbase.com/organization/opshelm) 85 | - [Query](https://www.query.ai/) | [LinkedIn](https://www.linkedin.com/company/goquery/) | [Crunchbase](https://www.crunchbase.com/organization/query-ai) 86 | - [Pangea](https://pangea.cloud/) | [Linkedin](https://www.linkedin.com/company/pangea-cyber/) | [Crunchbase](https://www.crunchbase.com/organization/pengea) 87 | - [Permiso](https://permiso.io/) | [LinkedIn](https://www.linkedin.com/company/permiso-security/) | [Crunchbase](https://www.crunchbase.com/organization/permiso-security) 88 | - [PingSafe](https://www.pingsafe.com) | [LinkedIn](https://www.linkedin.com/company/pingsafe/) | [Crunchbase](https://www.crunchbase.com/organization/pingsafe) 89 | - [Plerion](https://plerion.com) | [LinkedIn](https://www.linkedin.com/company/plerion/) | [Crunchbase](https://www.crunchbase.com/organization/plerion) 90 | - [Prevasio](https://www.prevasio.io/) | [LinkedIn](https://www.linkedin.com/company/prevasio/) | [Crunchbase](https://www.crunchbase.com/organization/prevasio) 91 | - [Rapid7](https://www.rapid7.com) | [Linkedin](https://www.linkedin.com/company/rapid7/) | [Crunchbase](https://www.crunchbase.com/organization/rapid7) 92 | - [Runecast](https://www.runecast.com/) | [LinkedIn](https://www.linkedin.com/company/runecast/) | [Crunchbase](https://www.crunchbase.com/organization/runecast) 93 | - [RunReveal](https://runreveal.com) | [LinkedIn](https://www.linkedin.com/company/runreveal/) | [Crunchbase](https://www.crunchbase.com/organization/runreveal) 94 | - [Salt Security](https://salt.security) | [LinkedIn](https://www.linkedin.com/company/saltsecurity/) | [Crunchbase](https://www.crunchbase.com/organization/saltsecurity) 95 | - [SecureDawn](https://securedawn.com/) | [LinkedIn](https://www.linkedin.com/company/securedawn/) | [Crunchbase](https://www.crunchbase.com/organization/securedawn) 96 | - [Seemplicity](https://seemplicity.io/) | [LinkedIn](https://www.linkedin.com/company/seemplicity/) | [Crunchbase](https://www.crunchbase.com/organization/seemplicity) 97 | - [Sentra](https://www.sentra.io/) | [LinkedIn](https://www.linkedin.com/company/sentra-io/) | [Crunchbase](https://www.crunchbase.com/organization/sentra) 98 | - [Scrut Automation](https://www.scrut.io/) | [LinkedIn](https://www.linkedin.com/company/scrut-automation/) | [Crunchbase](https://www.crunchbase.com/organization/scrut-automation) 99 | - [Slauth](https://www.slauth.io) | [LinkedIn](https://www.linkedin.com/company/slauth-io/) | [Crunchbase](https://www.crunchbase.com/organization/slauth-io) 100 | - [Snyk](https://snyk.io/) | [LinkedIn](https://www.linkedin.com/company/snyk/) | [Crunchbase](https://www.crunchbase.com/organization/snyk) 101 | - [Sonar](https://www.sonarsource.com/) | [LinkedIn](https://www.linkedin.com/company/sonarsource/) | [Crunchbase](https://www.crunchbase.com/organization/sonarsource) 102 | - [Sonrai Security](https://sonraisecurity.com/) | [LinkedIn](https://www.linkedin.com/company/sonrai-security/) | [Crunchbase](https://www.crunchbase.com/organization/sonrai-security) 103 | - [Sophos](https://www.sophos.com/) | [LinkedIn](https://www.linkedin.com/company/sophos/) | [Crunchbase](https://www.crunchbase.com/organization/sophos) 104 | - [Soveren](https://soveren.io/) | [LinkedIn](https://www.linkedin.com/company/soveren-security/) | [Crunchbase](https://www.crunchbase.com/organization/soveren) 105 | - [Spyderbat](https://www.spyderbat.com/) | [LinkedIn](https://www.linkedin.com/company/spyderbat/) | [Crunchbase](https://www.crunchbase.com/organization/spyderbat) 106 | - [StrongDM](https://www.strongdm.com/) | [LinkedIn](https://www.linkedin.com/company/strongdm/) | [Crunchbase](https://www.crunchbase.com/organization/strongdm) 107 | - [Sweet Security](https://www.sweet.security/) | [Linkedin](https://www.linkedin.com/company/sweet-security/) | [Crunchbase](https://www.crunchbase.com/organization/sweet-security) 108 | - [Tigera](https://www.tigera.io/) | [LinkedIn](https://www.linkedin.com/company/tigera/) | [Crunchbase](https://www.crunchbase.com/organization/tigera) 109 | - [Tines](https://www.tines.com/) | [LinkedIn](https://www.linkedin.com/company/tines-io/) | [Crunchbase](https://www.crunchbase.com/organization/tines) 110 | - [Torq](https://torq.io/) | [LinkedIn](https://www.linkedin.com/company/torqio/) | [Crunchbase](https://www.crunchbase.com/organization/stackpulse) 111 | - [Trellix](https://www.trellix.com/en-us/index.html) | [LinkedIn](https://www.linkedin.com/company/trellixsecurity/) | [Crunchbase](https://www.crunchbase.com/organization/trellix) 112 | - [Twingate](https://www.twingate.com/) | [LinkedIn](https://www.linkedin.com/company/twingate/) | [Crunchbase](https://www.crunchbase.com/organization/twingate) 113 | - [UpGuard](https://www.upguard.com/) | [LinkedIn](https://www.linkedin.com/company/upguard/) | [Crunchbase](https://www.crunchbase.com/organization/upguard) 114 | - [Upwind](https://www.upwind.io/) | [LinkedIn](https://www.linkedin.com/company/upwindsecurity/) | [Crunchbase](https://www.crunchbase.com/organization/upwind-security) 115 | - [Wazuh](https://wazuh.com) | [LinkedIn](https://www.linkedin.com/company/wazuh/) | [Crunchbase](https://www.crunchbase.com/organization/wazuh) 116 | - [Wiz](https://www.wiz.io/) | [LinkedIn](https://www.linkedin.com/company/wizsecurity/) | [Crunchbase](https://www.crunchbase.com/organization/wiz-inc) 117 | 118 | 119 | 120 | ## Acquisitions 121 | 122 | - Accurics | [LinkedIn](https://www.linkedin.com/company/accurics/) | [Crunchbase](https://www.crunchbase.com/organization/accurics) --> [acquired by Tenable](https://www.tenable.com/press-releases/tenable-completes-acquisition-of-accurics) 123 | - [Bionic](https://bionic.ai/) | [LinkedIn](https://www.linkedin.com/company/bionicai/) | [Crunchbase](https://www.crunchbase.com/organization/bionic-9498) --> [acquired by Crowdstrike](https://www.crowdstrike.com/press-releases/crowdstrike-to-acquire-bionic-to-extend-cloud-security-leadership/) 124 | - [Bit Discovery](https://bitdiscovery.com/) | [LinkedIn](https://www.linkedin.com/company/bitdiscovery/) | [Crunchbase](https://www.crunchbase.com/organization/bit-discovery) --> [acquired by Tenable](https://www.tenable.com/press-releases/tenable-completes-acquisition-of-bit-discovery) 125 | - [Cider Security](https://www.cidersecurity.io/) | [LinkedIn](https://www.linkedin.com/company/cider-security/) | [Crunchbase](https://www.crunchbase.com/organization/cider-security) --> [acquired by Palo Alto Networks](https://www.paloaltonetworks.com/company/press/2022/palo-alto-networks-completes-acquisition-of-cider-security) 126 | - [Cymptom] | [LinkedIn](https://www.linkedin.com/company/cymptom/) | [Crunchbase](https://www.crunchbase.com/organization/cymptom)--> [acquired by Tenable](https://www.tenable.com/blog/tenables-acquisition-of-cymptom-an-attack-path-informed-approach-to-cybersecurity) 127 | - [Dig Security](https://www.dig.security) | [LinkedIn](https://www.linkedin.com/company/dig-security/about/) | [Crunchbase](https://www.crunchbase.com/organization/dig-security) --> [acquired by Palo Alto Networks](https://www.paloaltonetworks.com/blog/2023/10/palo-alto-networks-dig-security/) 128 | - [Ermetic](https://ermetic.com/) | [LinkedIn](https://www.linkedin.com/company/ermetic/) | [Crunchbase](https://www.crunchbase.com/organization/ermetic) --> [acquired by Tenable](https://www.tenable.com/press-releases/tenable-completes-acquisition-of-ermetic) 129 | - Flawcheck | [Crunchbase](https://www.crunchbase.com/organization/flawcheck) --> [acquired by Tenable](https://www.tenable.com/press-releases/tenable-network-security-acquires-container-security-company-flawcheck) 130 | - [Gem Security](https://www.gem.security/) | [LinkedIn](https://www.linkedin.com/company/gemsecurity/) | [Crunchbase](https://www.crunchbase.com/organization/gem-f4a1) --> [acquired by Wiz](https://www.wiz.io/blog/wiz-acquires-gem-security-to-reinvent-threat-detection-in-the-cloud) 131 | - [Isovalent](https://isovalent.com) | [LinkedIn](https://www.linkedin.com/company/isovalent/) | [Crunchbase](https://www.crunchbase.com/organization/covalent-io) --> [acquired by Cisco](https://investor.cisco.com/news/news-details/2023/Cisco-to-Acquire-Isovalent-to-Define-the-Future-of-Multicloud-Networking-and-Security/default.aspx) 132 | - [Laminar](https://laminarsecurity.com) | [LinkedIn](https://www.linkedin.com/company/laminar-security/) | [Crunchbase](https://www.crunchbase.com/organization/laminar-d49d) --> [acquired by Rubrik](https://www.rubrik.com/blog/company/23/8/rubrik-and-laminar-together-securing-the-worlds-data) 133 | - [Lightspin](https://www.lightspin.io/) | [LinkedIn](https://www.linkedin.com/company/lightspin) | [Crunchbase](https://www.crunchbase.com/organization/lightspin-technologies-ltd) --> [acquired by Cisco](https://blogs.cisco.com/news/blogs-cisco-com-news-cisco-announces-its-intent-to-acquire-cloud-security-software-company) 134 | - [Mandiant](https://www.mandiant.com) | [LinkedIn](https://www.linkedin.com/company/mandiant/) | [Crunchbase](https://www.crunchbase.com/organization/mandiant) --> [acquired by Google](https://cloud.google.com/blog/products/identity-security/google-completes-acquisition-of-mandiant) 135 | - [Raftt](https://www.raftt.io/) | [LinkedIn](https://www.linkedin.com/company/raftt/) | [Crunchbase](https://www.crunchbase.com/organization/raftt) --> [acquired by Wiz](https://www.wiz.io/blog/wiz-acquires-raftt) 136 | - [Robust Intelligence](https://www.robustintelligence.com/) | [LinkedIn](https://www.linkedin.com/company/robust-intelligence/) | [Crunchbase](https://www.crunchbase.com/organization/robust-intelligence) --> [acquired by Cisco](https://www.linkedin.com/company/robust-intelligence/) 137 | - Sinefa | [LinkedIn](https://www.linkedin.com/company/sinefa/) | [Crunchbase](https://www.crunchbase.com/organization/sinefa) --> [acquired by Palo Alto Networks](https://www.marketscreener.com/quote/stock/PALO-ALTO-NETWORKS-INC-11067980/news/Palo-Alto-Networks-Inc-completed-the-acquisition-of-Sinefa-Inc-for-27-million-33606776/) 138 | - [Spera](https://www.spera.security/) | [LinkedIn](https://www.linkedin.com/company/spera-security/) | [Crunchbase](https://www.crunchbase.com/organization/spera-fbce) --> [acquired by Okta](https://www.okta.com/blog/2023/12/okta-acquisition-advances-identity-powered-security/) 139 | - [Zycada Networks](https://www.zycada.com/) | [LinkedIn](https://www.linkedin.com/company/zycada-networks/) | [Crunchbase](https://www.crunchbase.com/organization/zycada-networks) --> [acquired by Palo Alto Networks](https://www.linkedin.com/posts/subbuvaradarajan_palo-alto-networks-raises-the-bar-delivering-activity-7191854116598435841-v5Rz/) 140 | 141 | ### Acquisitions by Vendor 142 | 143 | #### Palo Alto Networks 144 | Ordered by date (descending) 145 | 146 | - Talon, $825M - Dec 2023 147 | - Dig Security, $350M - Dec 2023 148 | - Zycada Networks, undisclosed - April 2023 149 | - Cider Security, $198M - Dec 2022 150 | - Expanse, $797M - Dec 2020 151 | - Crypsis, $228M - Sept 2020 152 | - Cloudgenix, $403M - April 2020 153 | - Sinefa, $44M - Nov 2020 154 | - Aporeto, $144M - Dec 2019 155 | - Twistlock, $378M - July 2019 156 | - Demisto, $474M - March 2019 157 | - RedLock, $158M - Oct 2018 158 | - Secdo, $83M - April 2018 159 | - Evident.io, $293M - March 2018 160 | - Cyvera, $178M - April 2014 161 | - Bridgecrew, $157M - March 2021 162 | - Aporeto, $144M - Dec 2019 163 | - Lightcyber, $103M - Feb 2017 164 | 165 | #### Cisco 166 | - Deep Factor - August 2024 167 | - Isovalent - December 2023 [blog post](https://blogs.cisco.com/news/defining-the-future-of-multicloud-networking-and-security-cisco-announces-intent-to-acquire-isovalent) 168 | - Oort - July 2023 [blog](https://blogs.cisco.com/news/cisco-announces-intent-to-acquire-oort) 169 | - Robust Intelligence - August 2024 [blog post](https://www.crunchbase.com/organization/robust-intelligence) 170 | 171 | #### Datadog 172 | includes only security-related acquisitions 173 | Ordered by date (descending) 174 | - Sqreen - February 2021 [press release](https://www.datadoghq.com/about/latest-news/press-releases/datadog-signs-definitive-agreement-to-acquire-sqreen/) 175 | - Seekret - April 2022 [press release](https://www.datadoghq.com/about/latest-news/press-releases/datadog-acquires-seekret-to-make-api-observability-accessible/) 176 | - Hdiv Security - May 2022 [press release](https://investors.datadoghq.com/news-releases/news-release-details/datadog-signs-definitive-agreement-acquire-hdiv-security) 177 | 178 | 179 | #### Tenable 180 | Ordered by date (descending) 181 | - Ermetic, $265M - Sept 2023 182 | - Bit Discovery, $44.5M - April 2022 183 | - Cymptom, undisclosed - Feb 2022 184 | - Accurics, $160M - Sept 2021 185 | - FlawCheck, undisclosed - Oct 2016 186 | 187 | 188 | #### Wiz 189 | Ordered by date (descending) 190 | - Gem Security, undisclosed - April 2024 191 | - Rafft, undisclosed - December 2023 192 | 193 | 194 | ## Managed Service Providers 195 | 196 | - [Red Canary](https://redcanary.com/) | [LinkedIn](https://www.linkedin.com/company/redcanary/) | [Crunchbase](https://www.crunchbase.com/organization/red-canary) 197 | 198 | ## Cloud Platforms 199 | Native security products offered by the major cloud platforms (AWS, GCP, Azure) 200 | 201 | - [AWS Shared Responsibility Model](https://aws.amazon.com/compliance/shared-responsibility-model/) 202 | - [GCP Shared responsibilities and shared fate on Google Cloud](https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate) 203 | - [Azure Shared Responsibility in the cloud](https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility) 204 | - [DigitalOcean Shared Responsibliity Model](https://www.digitalocean.com/security/shared-responsibility-model) 205 | 206 | 207 | ### GCP 208 | - [Chronicle Security Operations](https://chronicle.security) 209 | - [Chronicle SOAR](https://cloud.google.com/chronicle/docs/soar/overview-and-introduction/soar-overview) 210 | - [Chronicle SIEM](https://cloud.google.com/chronicle/docs/overview) 211 | 212 | ### AWS 213 | - [AWS Cloud Security](https://aws.amazon.com/security/) 214 | - [Amazon Detective](https://aws.amazon.com/detective) 215 | - [Amazon GuardDuty](https://aws.amazon.com/guardduty/) 216 | - [Amazon Security Lake](https://aws.amazon.com/security-lake) 217 | - [AWS Artifact](https://aws.amazon.com/artifact/) 218 | - [AWS Audit Manager](https://aws.amazon.com/audit-manager/) 219 | - [AWS Config](https://aws.amazon.com/config) 220 | - [AWS Security Hub](https://aws.amazon.com/security-hub/) 221 | - [AWS Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/trusted-advisor/) 222 | 223 | ### Azure / Microsoft 224 | - [Azure Security](https://azure.microsoft.com/en-us/explore/security) 225 | - [Azure Policy](https://azure.microsoft.com/en-us/products/azure-policy/) 226 | - [Microsoft Compliance](https://learn.microsoft.com/en-us/compliance/) 227 | - [Microsoft Defender for Cloud](https://azure.microsoft.com/en-us/products/defender-for-cloud/) 228 | - [Microsoft Sentinel](https://www.microsoft.com/de-de/security/business/siem-and-xdr/microsoft-sentinel) 229 | 230 | # Open Source Projects 231 | - [Altimeter](https://github.com/tableau/altimeter) 232 | - [AWS Firewall Factory](https://github.com/globaldatanet/aws-firewall-factory) 233 | - [BloodHound](https://github.com/BloodHoundAD/BloodHound) 234 | - [Cartography](https://github.com/lyft/cartography) 235 | - [Chainloop](https://github.com/chainloop-dev/chainloop) 236 | - [Checkov](https://github.com/bridgecrewio/checkov) 237 | - [Cilium](https://github.com/cilium/) 238 | - [Cloudbeat](https://github.com/elastic/cloudbeat) 239 | - [Cloudquery](https://github.com/cloudquery/cloudquery) 240 | - [CloudSploit](https://github.com/aquasecurity/cloudsploit) 241 | - [DefectDojo](https://github.com/DefectDojo/django-DefectDojo) 242 | - [Falco](https://github.com/falcosecurity/falco) 243 | - [Fix Inventory](https://github.com/someengineering/fixinventory) 244 | - [Gapps](https://github.com/bmarsh9/gapps) 245 | - [Greenbone OpenVAS Scanner](https://github.com/greenbone/openvas-scanner) 246 | - [KubeArmor](https://github.com/kubearmor/KubeArmor) 247 | - [KubeScape](https://github.com/kubescape/kubescape) 248 | - [Magpie](https://github.com/openraven/magpie) 249 | - [Prowler](https://github.com/prowler-cloud/prowler) 250 | - [S3Scanner](https://github.com/sa7mon/S3Scanner) 251 | - [Sadcloud](https://github.com/nccgroup/sadcloud) 252 | - [ScoutSuite](https://github.com/nccgroup/ScoutSuite) 253 | - [Steampipe](https://github.com/turbot/steampipe) 254 | - [tfsec](https://github.com/aquasecurity/tfsec) 255 | - [ThreatMapper](https://github.com/deepfence/threatmapper) 256 | - [trivy](https://github.com/aquasecurity/trivy) 257 | - [Wazuh](https://github.com/wazuh/wazuh) 258 | - [ZeusCloud](https://github.com/Zeus-Labs/ZeusCloud) 259 | 260 | # Security Categories / Glossary 261 | - AI-SPM - AI Security Posture Management 262 | - ASPM - Application Security Posture Management 263 | - CAASM - Cyber Asset Attack Surface Management 264 | - CASB - Cloud Access Security Brokers 265 | - CCO - Corporate Compliance and Oversight 266 | - CDR - Cloud Detection and Response 267 | - CIEM - Cloud Infrastructure Entitlement Management 268 | - CNAPP - Cloud-native Application Protection Platform 269 | - CSPM - Cloud Security Posture Management 270 | - CWPP - Cloud Workload Protection Platform 271 | - CTEM - Continuous Threat Exposure Management 272 | - DSPM - Data Security Posture Management 273 | - EDR - Endpoint Detection and Response  274 | - GRC - Governance, Risk and Compliance 275 | - IGA - Identity Governance Administration 276 | - ITDR - Identity Threat Detection and Response 277 | - KSPM - Kubernetes Security Posture Management 278 | - MDR - Managed Detection and Response 279 | - PAM - Privileged Access Management 280 | - SIEM - Security Information and Event Management 281 | - SOAR - Security Orchestration, Automation and Response 282 | - SOC - Security Operations Center 283 | - XDR - Extended Detection and Response 284 | - XSIAM - Extended Security Intelligence and Automation Management 285 | 286 | # Security Resources 287 | - Nextdoor CSPM Evaluation Matrix [GitHub](https://github.com/Nextdoor/cspm_evaluation_matrix) 288 | - Simple CSPM - GCP CSPM using Google Sheets [GitHub](https://github.com/somethingnew2-0/SimpleCSPM) 289 | - Prisma Cloud Channel Resource [GitHub](https://github.com/PaloAltoNetworks/prisma_channel_resources#prisma-cloud-channel-resources) 290 | - What is eBPF? [eBPF Docs](https://ebpf.io/what-is-ebpf/) 291 | - Building a Security Graph Application on Amazon Neptune [GitHub](https://github.com/aws/graph-notebook/blob/main/src/graph_notebook/notebooks/03-Sample-Applications/04-Security-Graphs/01-Building-a-Security-Graph-Application-with-openCypher.ipynb) 292 | 293 | # Security Newsletters 294 | - [CloudSecList](https://cloudseclist.com) by [Marco Lancini](https://www.linkedin.com/in/marcolancini/) 295 | - [Frankly Speaking](https://franklyspeaking.substack.com) by [Frank Wang](https://www.linkedin.com/in/frankw1/) 296 | - [Securing the Cloud](https://www.linkedin.com/newsletters/securing-the-cloud-7085768785009274880/) by [Brandon Carroll](https://www.linkedin.com/in/brandoncarroll/) 297 | - [tl;dr sec](https://tldrsec.com) by [Clint Gibler](https://www.linkedin.com/in/clintgibler/) 298 | - [Venture in Security](https://ventureinsecurity.net) by [Ross Haleliuk](https://www.linkedin.com/in/rosshaleliuk/) 299 | 300 | # Security Podcasts 301 | - [Brakeing Down Security](https://brakeingsecurity.com) 302 | - [CISO Tradecraft](https://cisotradecraft.com) 303 | - [CyberWire Daily](https://thecyberwire.com/podcasts/daily-podcast) 304 | - [Darknet Diaries](https://darknetdiaries.com) 305 | - [Google Cloud Security Podcast](https://cloud.withgoogle.com/cloudsecurity/podcast/) 306 | - [Hacking Humans](https://thecyberwire.com/podcasts/hacking-humans) 307 | - [Malicious Life](https://malicious.life/) 308 | - [Risky Business](https://risky.biz/) 309 | - [Security Now](https://twit.tv/shows/security-now) 310 | - [Smashing Security](https://smashingsecurity.com) 311 | - [Privacy, Security, & OSINT Show](https://inteltechniques.com/podcast.html) 312 | - [Social-Engineer Podcast](https://www.social-engineer.org/category/podcast/) 313 | - [Unsupervised Learning](https://omny.fm/shows/unsupervised-learning) 314 | 315 | # Security Frameworks 316 | - [CIS Benchmarks List](https://www.cisecurity.org/cis-benchmarks) 317 | - [CIS AWS Benchmarks](https://www.cisecurity.org/benchmark/amazon_web_services) 318 | - [CIS Google Cloud Computing Platform Benchmarks](https://www.cisecurity.org/benchmark/google_cloud_computing_platform) 319 | - [CIS Microsoft Azure Benchmarks](https://www.cisecurity.org/benchmark/azure) 320 | - [CIS Oracle Cloud Benchmark](/www.cisecurity.org/benchmark/oracle_cloud) 321 | - [ISO 27001](https://www.iso.org/standard/27001)/[27002](https://www.iso.org/standard/75652.html) 322 | - [NIST Security and Privacy Controls for Information Systems and Organizations](https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final) 323 | - [NIS 2](https://digital-strategy.ec.europa.eu/en/policies/nis2-directive) 324 | - [System and Organization Controls (SOC)](https://www.aicpa-cima.com/resources/landing/system-and-organization-controls-soc-suite-of-services) 325 | 326 | # Cyber Insurance 327 | - [Anzen](https://www.anzen.com/) | [LinkedIn](https://www.linkedin.com/company/goanzen/) 328 | 329 | # Conferences 330 | 331 | ## Community 332 | - [Chaos Communication Congress](https://events.ccc.de/en/congress/) 333 | - [DEF CON](https://www.defcon.org/) 334 | - [GrrCon](https://grrcon.com/) 335 | - [Hackers on Planet Earth (HOPE)](https://hope.net/) 336 | - [HushCon](https://hushcon.com/) 337 | - [Nullcon](https://nullcon.net/) 338 | - [OWASP](https://owasp.org/) 339 | - [Security BSides](https://bsides.org/) 340 | - [ShmooCon](https://shmoocon.org/) 341 | - [THOTCON](https://thotcon.org/) 342 | - [ToorCon](https://toorcon.net/) 343 | - [Wild West Hackin' Fest](https://www.wildwesthackinfest.com/) 344 | 345 | ## Industry 346 | - [AWS re:Invent](https://reinvent.awsevents.com/) 347 | - [Billington Cybersecurity Summit](https://billingtoncybersummit.com/) 348 | - [Black Hat](https://www.blackhat.com/) 349 | - [Cyber Security & Cloud Expo](https://www.cybersecuritycloudexpo.com/) 350 | - [Cybersec Europe](https://www.cyberseceurope.com/) 351 | - [Cybersecurity Summit](https://cybersecuritysumm.it/) 352 | - [CyberTech Global](https://www.cybertechconference.com/) 353 | - [Deutscher IT Security Congress](https://www.pco-online.de/kongress2024) 354 | - [fwd:cloudsec](https://fwdcloudsec.org) 355 | - [FS-ISAC Summit](https://www.fsisac.com/events) 356 | - [Gartner Security & Risk Management Summit](https://www.gartner.com/en/conferences/hub/security-conferences) 357 | - [Infosecurity Europe](https://www.infosecurityeurope.com/) 358 | - [Interop Tokyo](https://www.interop.jp/) 359 | - [IOT Solutions World Congress](https://www.iotsworldcongress.com/) 360 | - [ISACA North America Conference](https://www.isaca.org/training-and-events/conferences/isaca-north-america-conference) 361 | - [it-sa](https://www.itsa365.de/en/it-sa-expo-congress/exhibition-info) 362 | - [RSA Conference](https://www.rsaconference.com/) 363 | - [SANS Cyber Threat Intelligence Summit](https://www.sans.org/event) 364 | - [Sector](https://www.blackhat.com/sector/) 365 | --------------------------------------------------------------------------------