Launch prototype. Scores and figures shown are based on public sources and are illustrative until first publication.
VendorAudit
VendorAudit
Market Pulse Profiles Compare How to buy Reviews Methodology Newsletter
Subscribe
Category Data Security AI Security Cloud Security Coming
All vendor profiles · Updated April 2026

Vendor profiles

21 vendors competing in the data security category. Each profile carries a capability score, a company health score, and a published trajectory. All analysis is independent — no vendor funds or influences coverage.

Category
Ownership
Trajectory
APJ Presence
Showing all 21 vendors
About customer evidence
Named customer deployments are the most credible signal a private vendor can produce — they are the equivalent of audited financial disclosure for companies that don't file with the SEC. Profiles with a Customer evidence section include named, publicly verifiable enterprise deployments with sources cited. Profiles without this section have limited public customer disclosure.
Microsoft Purview
Divisional
Microsoft's integrated data governance suite. E7 Frontier Suite (May 2026) adds Agent 365 governance for AI agents. Strongest compliance and AI monitoring in M365 environments.
Capability
71 / 100
Company health
96 / 100
Best fit M365 E5 enterprises; compliance-led programmes.
Improving Read profile
CyeraCustomer evidence
Private · Series F
AI-native pure-play DSPM. Fast cloud discovery via sampling; strong AI security monitoring. Cyberstarts-incubated.
Capability
79 / 100
Company health
72 / 100
Best fit Cloud-native enterprises adopting AI at scale.
Improving Read profile
Varonis
Disclosure
Access governance and behavioural analytics heritage plus AllTrue.ai (AI TRiSM, Feb 2026). Now covers AI system visibility, shadow AI, and agent guardrails. Public-source analysis only.
Capability
80 / 100
Company health
78 / 100
Disclosure Public-source analysis only during current founder employment. See methodology.
Stable View summary
BigIDCustomer evidence
Private · Series E
Broadest connector coverage (200+). Privacy-native heritage. First major pure-play platform built for multi-jurisdiction compliance.
Capability
73 / 100
Company health
64 / 100
Best fit Multi-jurisdiction regulated enterprises; privacy-led security programmes.
Stable Read profile
SentraCustomer evidence
Private · Series B
Fastest-growing pure-play DSPM. 300%+ YoY growth, 4.9/5 Gartner Peer Insights rating. Cloud-native with fastest time-to-value.
Capability
75 / 100
Company health
65 / 100
Best fit Cloud-first organisations; mid-market DSPM; AI adopters.
Improving Read profile
Securiti
Acquired · Veeam
Acquired by Veeam for $1.725B Dec 2025. Broadest compliance and AI governance platform. Known scanning limitations for large unstructured stores.
Capability
76 / 100
Company health
82 / 100
Best fit Multi-jurisdiction regulated enterprises; EU AI Act programmes; existing Veeam customers.
Improving Read profile
ImmutaCustomer evidence
Private
Category leader for analytics data access governance. Deepest Snowflake and Databricks integration. Backed by both Snowflake and Databricks Ventures.
Capability
71 / 100
Company health
60 / 100
Best fit Snowflake and Databricks-heavy estates; policy-as-code access governance.
Stable Read profile
Wiz DSPM
Google-acquired
CNAPP market leader with integrated DSPM. Acquired by Google for $32B Q1 2026. DSPM depth best for existing Wiz CNAPP customers.
Capability
78 / 100
Company health
88 / 100
Best fit Existing Wiz CNAPP customers; cloud infrastructure-first organisations.
Improving Read profile
Rubrik DSPM
Public · NYSE: RBRK
Backup and resilience market leader adding DSPM via Laminar acquisition. Unique backup-snapshot scanning approach eliminates production impact.
Capability
72 / 100
Company health
76 / 100
Best fit Existing Rubrik customers; ransomware resilience programmes requiring data visibility.
Improving Read profile
Palo Alto Dig
Public · NASDAQ: PANW
DSPM capability acquired from Dig Security in 2023. Integrated into Prisma Cloud CNAPP. Best value for existing Prisma customers.
Capability
78 / 100
Company health
78 / 100
Best fit Existing Prisma Cloud customers; organisations consolidating into Palo Alto platform.
Improving Read profile
Concentric AI
Private
Specialist in semantic, context-aware classification of unstructured data. Lowest false-positive rates in the category. Acquired Swift Security and Acante in 2025.
Capability
78 / 100
Company health
58 / 100
Best fit Mid-market with unstructured data risk; organisations frustrated by false positives.
Stable Read profile
Normalyze
Acquired · Proofpoint
Cloud DSPM with strong analytics platform coverage. Acquired by Proofpoint Oct 2024. Integration still maturing; PE exit adds ownership uncertainty.
Capability
78 / 100
Company health
62 / 100
Best fit Existing Proofpoint customers; Snowflake-heavy cloud estates.
Stable Read profile
IBM Guardium
Divisional · IBM
Database activity monitoring heritage expanded into cloud DSPM via Polar Security acquisition. Global enterprise support. Best for regulated industries with complex DB environments.
Capability
65 / 100
Company health
80 / 100
Best fit Regulated industries with complex on-premises database infrastructure; IBM security investment.
Stable Read profile
AWS Macie
Divisional · AWS
Amazon's S3-native sensitive data discovery. Pay-as-you-go, zero vendor risk, no implementation overhead. Strictly limited to S3.
Capability
64 / 100
Company health
92 / 100
Best fit AWS-native organisations with S3 as primary sensitive data store.
Stable Read profile
Proofpoint
PE · Thoma Bravo
Market leader in email-led DLP and insider threat detection. Added cloud DSPM via Normalyze acquisition. Thoma Bravo PE exit expected 2026–2027.
Capability
64 / 100
Company health
58 / 100
Best fit Organisations with email-centric data loss risk; insider threat programmes.
Stable Read profile
Privacera
Private
Apache Ranger-native data access governance. Founded by the creators of Ranger. Best for organisations with existing Hadoop/Ranger infrastructure.
Capability
67 / 100
Company health
61 / 100
Best fit Apache Ranger environments; regulated analytics teams on Hadoop-based infrastructure.
Stable Read profile
Google Cloud DLP
Divisional · Google
API-first classification service for GCP and Workspace developers. Wiz DSPM (Google-acquired) handles posture management. Complementary, not competing.
Capability
58 / 100
Company health
90 / 100
Best fit GCP-native organisations; Google Workspace-heavy estates; technical DevSecOps teams.
Stable Read profile
Symantec / Broadcom
NASDAQ: AVGO
Legacy DLP under Broadcom harvesting strategy. Declining investment. If you are on Symantec DLP, start your replacement evaluation now.
Capability
62 / 100
Company health
55 / 100
Best fit Existing Symantec customers still under contract — evaluate exit options immediately.
Declining Read profile
Forcepoint
PE · Francisco Partners
Network and endpoint DLP under PE ownership. Government channel still functional. GetVisibility acquisition adds DSPM capability but integration is early.
Capability
60 / 100
Company health
52 / 100
Best fit Government and regulated industries already on Forcepoint; insider threat programmes.
Declining Read profile
Trellix
PE · STG Partners
McAfee/FireEye legacy DLP under PE ownership. No plausible cloud-native roadmap. Declining investment and customer attrition accelerating.
Capability
58 / 100
Company health
50 / 100
Best fit Buyers under contract only — evaluate exit options as a priority.
Declining Read profile