Q Advisors – Cybersecurity Private Vendor Matrix By Dmitry Netis & Jordan Rupar / 7.30.2020

Q Advisors assembled over 100 vendors within cybersecurity, selling a multitude of services across nine distinct cybersecurity sub-segments

Cloud Security Data Governance DevSecOps (“CS”) (“DG”) (“DSO”)

Identity and Access Endpoint Security Email Security Management (“EPP”) (“ES”) (“IAM”)

Security Analytics and Security Information and Network Security Automation Event Management (“NS”) (“SA”) (“SIEM”)

Sub-Sector Company Product Description

1touch.io discovers, maps, and tracks Personal data and network personal data in the enterprise network, (IAM)/(DG) analytics platform using unique and proprietary network analytics.

ACID SaaS is an advanced, customized Cyber Intelligence and intelligence gathering and analysis (SA) Digital Identity Protection platform for early detection of diverse threats. Akeyless is an enterprise-grade holistic Keys Management-as-a- solution made to protect and manage Service solution, made to (CS)/(DSO) Encryption Keys, TLS Certificates, protect Hybrid and Multi- Passwords, etc. Backed by Jerusalem Cloud environments Venture Partners and JVP Media Labs.

Alcide provides a K8s-native, AI-driven security platform for configuration risks, Kubernetes-native security (DSO) visibility, runtime security events, and a platform single policy framework across Kubernetes clusters.

1 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description

SaaS-enabled managed Alert Logic continuously identifies and (EPP) detection and response addresses breaches and gaps. (MDR)

AlgoSec automates network security Network security, cloud policy management to make enterprises (NS)/(DSO) security and DevSecOps more agile, secure and compliant. backed by Claridge Israel.

Aporeto provides security for containers, Cloud Network Security and microservices, cloud and legacy (CS)/(IAM) Microservices Security applications based on workload identity, encryption, and distributed policies.

Aqua provides security for cloud native Cloud native security and apps & infrastructure: containers, (CS)/(DSO) container protection serverless and VMs, across all platforms and clouds.

Solution for reducing risk Armis addresses the new threats of (NS) from unmanaged IoT/OT unmanaged IoT devices. devices

Attivo provides an active defense for early Attivo ThreatDefend™ detection, forensics, and automated (SA) Deception Platform incident response to in-network cyberattacks.

Identity management Auth0 provides the simplicity, extensibility, (IAM) platform for application and expertise to scale and protect builders identities.

BeyondTrust prevents data breaches related to stolen credentials, misused Privileged Access (CS)/(DSO) privileges, and compromised remote Management access. Private Equity backed by Francisco Partners.

2 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description

BigID helps organizations manage and (CS)/(DG) Data privacy and protection protect their customer data, and meet data privacy and protection regulations.

BitDam blocks advanced content-borne Email, cloud storage and IM attacks across all enterprise (DG) threat protection communication channels. backed by Taya Ventures.

Bitdefender develops and provides anti- Next-generation endpoint virus software, internet security software (EPP) security and endpoint security software. Private Equity backed by Vitruvian Partners.

Real-time end-to-end data Bitglass is a global cloud access security (CS)/(IAM) protection, from the cloud broker (CASB) and agentless mobile to the device security company.

BitSight produces daily security ratings to help manage third party risk, underwrite (SA)/(DG) Security ratings platform cyber policies, benchmark performance, conduct M&A due diligence and assess aggregate risk. Centrify centralizes and orchestrates Multi-cloud-architected fragmented identities, improves audit and (DSO)/(IAM) Identity-centric privileged compliance visibility, and reduces risk for access management the modern, hybrid enterprise. Private Equity backed by Thoma Bravo.

Checkmarx security platform unifies with DevOps and provides static and application security testing, software (DSO) Software Security Platform composition analysis, and developer application security awareness. Private Equity backed by Insight Partners. Claroty operates an operational technology (OT) security platform that Firewalls, Network Access (CS)/(SIEM) enables engineers, operators, and cyber Control, SIEM security professionals to protect and optimize OT networks.

3 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description CloudPassage is an automation platform, delivered via software-as-a-service, that (CS) Cloud security visibility improves security for private, public, and hybrid cloud computing environments.

Code42’s solution quickly surfaces insider (DG) Data security threats to trade secrets and other high- value files.

CyberArmor provides a streamlined Cloud native security and DevOps and DevSecOps led model in (DG)/(DSO)/(CS) data protection which environments are deployed with inherent zero-trust.

Endpoint detection and Cybereason detects behavioral patterns response, next-generation (SA)/(EPP)/(DSO) across endpoints and surfaces malicious antivirus, managed operations. monitoring and IR services

Cymatic is an AI-enabled Web Application Cloud-native all-in-one Defense—including bot mitigation and (SA)/(IAM)/(DSO) security platform threat intelligence—designed to mitigate shortcomings of conventional WAFs.

Darktrace protects against threats to the Autonomous response (EPP) cloud, email, IoT, networks and industrial technology systems.

Password and Identity-as- Dashlane is a mobile and desktop app that (IAM) Service (IDaaS) provides identity and access management. management

DivvyCloud protects cloud and container environments from misconfigurations, (CS) Container security policy violations, threats and other security challenges.

4 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description Eqnyte delivers smart content Content intelligence collaboration and governance in the cloud (DG) platform or on-premises. Backed by consortium of investment firms. Exabeam collects log data, uses behavioral Security Management analytics to detect attacks, and automates (SIEM) Platform incident response, both on-premises or in the cloud.

ExtraHop provides cloud-native network detection and response for the hybrid (SA)/(CS) Cloud native security enterprise. Backed by several venture capital firms including TCMI.

The platform delivers risk- Human-centric adaptive protection to continuously (SA)/(CS)/(DG) cybersecurity ensure trusted use of critical data and systems. Subsidiary of Raytheon.

ForgeRock securely connects people, Comprehensive Identity and devices, and things, so everyone and (IAM) Access Management (IAM) everything can interact in today’s IoT solutions world. Greathorn provides cyber security solutions for cloud communication Email Security, Takeover (ES) infrastructure, stopping spear phishing, protection credential theft, and other highly targeted attacks.

Built on a proprietary containerized architecture designed 100% for the cloud, Container-based cloud (CS) Iboss cloud secures user Internet access. security Private Equity backed by Private Capital.

Iconectiv provides authoritative Number intelligence numbering intelligence to the global (IAM) security platform communications industry. Private Equity backed by Francisco Partners.

5 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description

Illusive Networks provides tools that help Deception-based (SA)/(CS)/(EPP) security teams detect and resolve cybersecurity solutions advanced attacks.

Illumio offers an Adaptive Security Data center and cloud Platform (ASP), a data center and cloud (NS) traffic security tool traffic security tool. Backed by consortium of PE/VC firms.

Imperva offers cloud based web Application Security and applications and data security, including (CS)/(DG) Cloud Security governance and compliance solutions. Backed by Thoma Bravo. Imprivata provides identity, authentication, and access management Identity Governance, Mobile solutions that are purpose-built for (DG)/(IAM) IAM and Provisions, Secure healthcare security, and compliance Healthcare Communications challenges. Private Equity backed by Thoma Bravo. Infoblox offers DDI solutions for enhanced Network Services, Security reliability, and automation to cloud and (CS)/(NS) and Cloud Network hybrid systems for network management Automation and customer experience. Private Equity backed by Vista. Iconic Security provides data access policy management, encryption key Machine-Scale Data (DG) management and real-time policy Protection enforcement. Backed by consortium of investment firms.

ITsMine uses artificial intelligence, behavior analysis, and deception (DG)/(CS) Data loss prevention techniques to secure and protect all stages of digital data.

JFrog empowers IT professionals to code (CS)/(EPP)/(DSO) Continuous Integration high-quality applications that securely flow to end-users with zero downtime.

6 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description KnowBe4 provides security awareness Awareness training and training to help organizations manage (CS)/(ES) simulated phishing platform social engineering, phishing and ransomware attacks.

Lacework provides security visibility, DSO)/(DG) Cloud Workload Protection compliance & audit control and automatic threat defense.

LastPass scales SSO and password management, helping IT be more secure (IAM) Password management and maintain compliance. Subsidiary of LogMeIn.

LogRhythm delivers security and entity behavior analytics, network detection and (SA)/(CS) NextGen SIEM Platform SOAR solutions. Backed by consortium of investors including Thoma Bravo.

LookingGlass Cyber Solutions delivers Intelligence-Driven Risk unified threat protection against cyber (SA)/(DG)/(CS) Management attacks by operationalizing threat intelligence.

Lookout’s Security Cloud provides visibility Post-perimeter, cloud-first, (DG)/(EPP) into the entire spectrum of mobile risk. mobile-first security Backed by consortium of investment firms.

Malwarebytes provides AI-powered technology that stops cyberattacks for (CS) Malware defense residential and businesses. Backed by consortium of investment firms.

ManageEngine manages IT operations, from networks and servers to applications, Suite of IT management (CS)/(EPP)/(DSO) service desk, active directory, security, software desktops, and mobile devices. Company parent is ZOHO Corp.

7 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description McAfee provides solutions to overcome Device-to-cloud cybercrime and to make the connected (SA)/(DG)/(EPP) cybersecurity world more secure. Private Equity backed by Intel, Thoma Bravo, and TPG. Menlo Security's patented Isolation Platform protects organizations from Protection from web- and (CS)/(EPP) cyber attacks by eliminating the threat of email- based cyberattacks malware. Backed by consortium of investment firms. Netcall helps organizations radically Customer engagement improve customer experience through (CS) solutions collaborative CX. Backed by consortium of investment firms.

Netskope provides cloud security based (CS)/(DSO) Smart cloud security on hyperscale architecture. Backed by consortium of investment firms.

Netsparker provides a leading-edge web Web Application Security (DSO) application security solution. Private Scanner Equity backed by Turn/River Management.

NeuraLegion’s platform can scan any AI-powered Dynamic target, whether WebApps, APIs or devices, (DSO) Application Security Testing integrating security early to enhance platform DevSecOps with real-time, actionable reports of vulnerabilities.

NeuVector delivers security from DevOps (CS)/(DSO) Container Security Platform vulnerability protection to complete run- time security and container firewall.

Nozomi Networks Inc. develops OT and Threat intelligence and a IoT security and visibility solutions. (NS) guardian platform Backed by a consortium of investment firms.

8 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description Nuweba enables organizations to use Serverless application serverless for core functionalities, mission- (CS) security critical tasks, and user-facing applications. . Odo’s zero-trust architecture moves Secure and scalable zero- access control decisions from the network (NS) trust network access perimeter to individual devices, users, and applications.

Omada is provider of IT security solutions Customer Identity and and services for identity management and (DG) Access Management access governance. Private Equity backed by CVC Capital.

Omnigo is a provider of public safety, incident reporting, and security (SA)/(SIEM) Incident Reporting management solutions. Private Equity backed by The Riverside Company.

Identity Governance and Administration (IGA and One Identity helps organizations establish (IAM) Privileged Access an identity-centric security strategy. Management (PAM) Subsidiary of . solutions

OneTrust is a technology platform ID Verification, Data providing privacy, security, data (DG) Mapping governance, and compliance programs. Private Equity backed by Insight Partners.

Optiv provides integrated security software and services to enterprises. (SA)/(CS) Security solutions integrator Backed by several investment firms including KKR and Blackstone.

Palantir builds software for data-driven Data integration and data decisions and operations. Backed by (SA)/(DG) protection several venture capital firms and Corporate VCs.

9 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description Panda provides advanced cybersecurity Endpoint detection and solutions and services, as well as (EPP) response management and monitoring tools. Acquired by WatchGuard in June 2020.

Pcysys delivers an automated penetration- Continuous, machine-based (CS) testing platform. Backed by several penetration testing venture capital firms including Blackstone.

PhishLine offers a platform that helps Continuous simulation and (ES) protect against phishing. Subsidiary of training Barracuda Networks.

Cofense (previously PhishMe) enables Human-driven phishing organization-wide engagement to active (ES) defense solutions email threats. Backed by consortium of investment firms.

Pindrop provides solutions that provide a (IAM) Voice identity and security secure framework for voice calls.

Planetscale offers a relational database Cloud native database-as-a- platform to protect, access, and derive (DSO) service (DbaaS) for mission insights from data. Venture Capital backed critical applications by Signalfire and Andreessen Horowitz.

Portshift provides an Identity-based cloud workload protection platform, that secures (DG) Data protection platform applications from CI/CD to runtime. Backed by Team8 Labs.

Protego offers cloud workload protection (CWPP) and security posture management (CS) Serverless security (CSPM), delivering continuous serverless security. Subsidiary of Check Point Software Technologies.

10 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description

Radiflow provides operators with visibility Cyber-security solutions for (NS) and control of their OT network. Backed ICS/SCADA networks by the RAD Group.

Recorded Future collects and analyzes, Machine learning based data in real time and integrates with (SA) threat intelligence security technologies. Private Equity backed by Insight Partners.

Cloud-based security Red Canary provides endpoint security (SA)/(CS) solutions and cyber threat detection solutions.

Reflectiz protects organizations against (DG)/(DSO) Website security security and privacy risks caused by installed 3rd-party code on their websites.

ReSec Technologies develops enterprise- grade solutions to prevent malware (DG)/(CS) Malware prevention penetration of networks, endpoints, and data centers.

Sectigo provides automated PKI solutions that secure websites, connected devices, (IAM)/(EPP)/(DSO) Digital identity solutions applications, and digital identities. Private Equity backed by Francisco Partners.

SecureWorks offers integrated Comprehensive cyber cybersecurity products and managed (SA)/(DSO) defense security services. Subsidiary of Marketing L.P.

SecuriThings provides risk detection, predictive maintenance, and automated (CS) IoT device security operations for IoT devices. Backed by Firstime venture capital.

11 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description Security Innovation provides application security and security assessment, (CS) Software security awareness and technical training, and embedded system security services. Backed by Brook Venture partners. Securonix develops security analytics and operations management platform for big (SA)/(SIEM) Next-Gen SIEM data and advanced cyber threats. Backed by F Prime and Volition Capital.

SentinelOne delivers autonomous security for the endpoint, datacenter and cloud (EPP) Endpoint security solutions environments. Private Equity backed by Insight Partners.

SigmaDots brings the power of Blockchain-based distributed, embedded and multilayered (EPP) cybersecurity cybersecurity to protect the IoT ecosystem.

Signal Sciences provides next-gen WAF & (DG)/(DSO) WAF & RASP RASP to help secure web applications, APIs, & microservices.

Silverfort delivers secure authentication Multifactor authentication (SA)/(CS)/(IAM) and Zero Trust across corporate networks and zero trust and cloud environments.

Skybox’s software uses analytics to prioritize on organization’s risk exposures Cybersecurity Management (SA)/(CS) and recommends informed action to best Software address those exposures. Private Equity backed by CVC Capital.

Snyk finds and fixes known vulnerabilities (CS)/(DSO) Open source code security in open source.

12 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description

SonicWALL manufactures network security Real-time breach detection (CS)/(DG)/(EPP) and data protection products. Private and prevention solutions Equity backed by Francisco Partners.

Sophos’ cloud-native and AI-enhanced Intercept X Endpoint and (EPP)/(NS)/(CS) solutions secure endpoints and networks. Cloud Optix Private Equity backed by Claridge Israel.

SparkCognition builds artificial intelligence (SA)/(EPP)/(CS) AI powered cybersecurity solutions to advance the most important interests of society.

StackPath delivers enterprise-grade security and performance in a frictionless (CS) Secure edge services with cloud-scale control and flexibility. Backed by consortium of investment firms.

StackRox delivers a Kubernetes-native Kubernetes-native container container security platform that enables (CS)/(DSO) security platform security and DevOps teams to operationalize security policies.

Styra provides an open-source community (CS)/(DSO) Cloud-native authorization centered around Open Policy Agent (OPA) for Kubernetes.

Sysdig enables companies to confidently (DSO) Secure DevOps Platform run cloud-native workloads in production.

Tanium provides security and management system solutions that allow Platform for endpoint (EPP) enterprises to query and modify their visibility and control assets. Backed by several venture capital firms including TPG.

13 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description Threat Stack’s Cloud Security Platform Cloud Management and delivers full stack security observability (CS) Compliance solutions across the cloud management consoles and containers. ThreatConnect delivers a single platform in the cloud and on-premises to (CS) Threat Intelligence Platform effectively aggregate, analyze, and act to counter sophisticated cyber-attacks.

Enterprise network security Tigera software provides networking and (NS) for Kubernetes. network policy for Kubernetes.

TrilioVault integrates with Red Hat Data protection and app OpenShift to ease backing up and (DG) resiliency restoring workloads orchestrated across Kubernetes clusters.

Vade offers services for emails, such as phishing and spear phishing, malware, and (CS) Predictive email defense ransomware. Backed by General Catalyst Partners.

Venafi provides insight and control over Enterprise key and enterprise keys and certificates in (IAM) certificate management datacenters and various endpoints. security solutions Private Equity backed by TCV.

Veracode’s platform enables security teams and software developers to find (DSO) Application security testing and fix security-related defects in software development lifecycle. Private Equity backed by Thoma Bravo.

Vicarius enables enterprises to predict, prioritize and protect against software Cyber security threat (DSO) vulnerabilities. Backed by Jerusalem solutions Venture Partners and Innogy Innovation Hub.

14 Q Advisors – Cybersecurity Vendor Matrix

Sub-Sector Company Product Description

Virsec Systems develops cyber security Runtime Application (CS)/(EPP)/(DSO) solutions for DevOps, SecOps, and Memory Protection ICS/SCADA.

Wallarm is an AI-powered app security Web security and platform, which includes adaptive WAF, (DSO) vulnerability management vulnerability scanner, incident verification and dev time testing modules. WatchGuard offers a full portfolio of user- centric security products and services for (NS) Network intelligence protecting people, devices, and networks from targeted attacks. Private Equity backed by Francisco Partners and Vector.

WhiteSource fully automates the entire Open Source Security for process of open source components (DSO) Containers selection, approval, tracking and management.

DFIR, DevSecOps, and ZecOps provides cyber security (DSO) AIOps automation and support.

Zerto helps customers accelerate IT Disaster Recovery, Backup transformation by eliminating the risk and (CS) and Cloud Mobility complexity of modernization and cloud adoption.

Zvelo provides contextual categorization and malicious detection for URLs for a (DG) Data aggregation wide range of data sets, attributes and languages. Backed by Cypress .

15