Insights

Cybersecurity Market Map 2026: 14 Domains, Key Vendors, and MSP Channels

A 2026 cybersecurity market map covering 14 domains, major vendors, funding and M&A, and which categories MSPs can actually sell to the mid-market.

By Alexej Pikovsky  ·  Updated

Cybersecurity looks like one industry from the outside and behaves like fifteen from the inside. Every few months a new category appears, a dozen startups raise money to own it, and a platform giant swallows the last one. If you buy, sell, or invest anywhere near this market, the map matters more than any single product.

So I built the map. Not CB Insights' proprietary version, which sits behind a paywall and buries the signal under a wall of logos, but a plain-language one: the major domains, the companies that matter in each, where the venture and private equity money has gone, and the part almost every map skips, which of these actually reach the mid-market. Because that is where MSPs live, and where most businesses actually buy their security.

The short answer, before the detail: the cybersecurity market splits into fourteen practical domains. Network, cloud and application security on the infrastructure side; endpoint, identity, email and data protection on the user side; security operations, threat intelligence, and risk, exposure and compliance in the operations layer; OT and IoT, fraud prevention and AI security at the frontier; and the managed services layer that actually carries security to the mid-market.

How to read this map

I split cybersecurity into fourteen domains. For each one you get what it covers, the notable vendors, where the money has gone, and the judgement most maps leave out: whether it is MSP-deliverable. One question this map deliberately skips is who wins each domain; that now has its own companion piece, who actually leads each cybersecurity category, with measured share and revenue receipts per category.

A tool is MSP-deliverable when a managed service provider can resell it and run it for a small or mid-sized business. A lot of the flashiest, best-funded security is not; it is bought direct by enterprise security teams with their own analysts. Knowing which is which tells you where the mid-market money flows, and it separates a category an MSP can build a practice on from one it will never touch.

One editorial choice: I put a full vendor table under the eight domains an MSP can genuinely act on, and cover the six enterprise-direct domains in prose. That split is itself part of the map.

A note on method up front: the map is my own synthesis of the public market maps, funding announcements and vendor disclosures, current as of July 2026. The detailed sourcing caveat is at the end.

Market-map legend: the acronyms that matter
AcronymWhat it isMSP relevance
EPP / EDREndpoint protection and detectionHigh: the deepest MSP channel on the map
MDRManaged detection and responseHigh: security operations as a service
SIEM / SOARLog analytics and response automationPartial: the managed layer is MSP work, raw platforms are not
SASE / SSENetwork security delivered from the cloudPartial: managed network is MSP territory
ZTNAZero-trust network accessPartial: usually part of a SASE bundle
CNAPP (CSPM, CWPP, CIEM)Cloud-native application protection: posture, workload and entitlement securityLow: sold to cloud engineering teams, not through MSPs
DSPMData security posture managementLow: enterprise-direct today
NDRNetwork detection and responseLow: enterprise SOC tooling
BASBreach and attack simulationLow: enterprise validation tooling
vCISOVirtual CISO: fractional security leadershipHigh: the compliance-led MSP growth offer

The landscape on one page

Fourteen domains, grouped by how they actually reach the mid-market. The grouping is the point: the further down the page a domain sits, the less of it an MSP can package and sell.

01 · MSP-led

Sold through MSPs

These reach the mid-market through MSPs because the products are operational and repeatable: priced per seat or per device, and close to what an MSP already manages every day.

Network security
Firewall · SASE · ZTNA · NDR
FortinetPalo AltoZscalerCloudflareCatoThreatLocker
Endpoint security
EPP · EDR · XDR · managed EDR
CrowdStrikeSentinelOneDefenderSophosBitdefenderHuntress
Email & collaboration
SEG · cloud email · awareness
DefenderProofpointAbnormalMimecastHornetsecurityKnowBe4
Security operations
SIEM · MDR · XDR · agentic SOC
SplunkSentinelArctic WolfHuntressBlackpointTorq
Services & risk transfer
MDR · vCISO · insurance · warranty
Arctic WolfHuntressCynomiCorkCoalitionAt-Bay
02 · Split channel

Split between MSPs and direct

Some SKUs reach MSPs, but the strategic buyer often stays direct, because the work touches identity architecture, sensitive data, or compliance accountability that a client will not delegate.

Identity & access
IAM · PAM · IGA · machine identity
OktaEntraCyberArkSailPointJumpCloudSilverfort
Data security
Backup · DSPM · DLP · encryption
VeeamRubrikCohesityAcronisCyeraVaronis
Risk, exposure & compliance
Vuln mgmt · ASM · BAS · GRC
TenableQualysRapid7VantaDrataPenteraHorizon3.ai
03 · Direct to enterprise

Sold direct to enterprise security teams

Specialized, high-context, incident-driven products. MSPs mostly consume the outputs of these categories rather than resell them.

Cloud security
CNAPP · CSPM · CWPP · CIEM
WizPrisma CloudOrcaAquaDefender for Cloud
Application & API security
AppSec · API · WAF · supply chain
SnykCheckmarxVeracodeCloudflareChainguardVault
Threat intelligence
TIP · external intel · digital risk
Recorded FutureMandiantFlashpointZeroFox
OT / ICS / IoT
ICS · OT monitoring · device security
ClarotyDragosNozomiArmisTXOne
Fraud & abuse
Fraud · bots · ATO · AML
SiftForterSignifydHUMANFeedzaiDataDome
AI security
AI-SPM · prompt security · governance
Protect AILakeraHiddenLayerNoma

Securing the infrastructure

The oldest part of the market protects the pipes: the network, the cloud it now runs on, and the applications on top. This is where the biggest cheques and the biggest exits sit, and where the mid-market mostly does not shop directly.

Network security

Network security is the one infrastructure domain with real MSP depth. Fortinet, Check Point and Cato all run serious partner programs, and managed firewall, SD-WAN and zero-trust access are staple managed services. On measured share, Palo Alto leads the firewall segment with roughly 29 percent of revenue per Dell'Oro's Q2 2025 read.

The action moved from the box to the cloud edge: SASE and SSE. Netskope went public in September 2025 at roughly a $7.3B valuation, Cato raised a $409M round at over $4.8B, and Palo Alto, Zscaler and Cloudflare keep pulling the perimeter into their clouds. On the private-equity side, Thoma Bravo took Darktrace private for $5.3B.

Network and infrastructure security vendors
VendorWhat it doesBackingMSP
FortinetNGFW, SASE, SD-WAN; deep SMB basePublic (FTNT)Yes
Palo Alto NetworksFirewalls + Prisma SASE; platform leaderPublic (PANW)Partial
ZscalerZero-trust cloud proxy (SSE)Public (ZS)Partial
CloudflareGlobal edge, DDoS, ZTNAPublic (NET)Partial
Check PointFirewalls + Harmony SASEPublic (CHKP)Yes
Cato NetworksSingle-vendor SASEVC · $409M round · >$4.8BPartial
ThreatLockerZero-trust allowlisting, MSP-firstVC · ~$1.2BYes
DarktraceNetwork AI detectionPE · Thoma Bravo ($5.3B)Partial

Cloud security

Cloud security is where the money is loudest and the mid-market is quietest. This is the CNAPP world: posture, workloads and cloud entitlements, bought by cloud and platform teams, not resold by generalist MSPs.

It also produced the biggest deal in the industry's history. Google closed its $32B acquisition of Wiz in March 2026, the largest deal Google has ever done, after Wiz itself had rolled up Gem Security and Dazz. Palo Alto (Prisma Cloud), CrowdStrike and Microsoft Defender for Cloud anchor the rest; Orca, Aqua and Sysdig are the independent challengers, and Fortinet absorbed Lacework. For an MSP, the only line that reliably reaches SMB is Defender for Cloud, sold through the Microsoft licensing motion.

Application and API security

Application and API security is the most developer-direct corner of the whole map. AppSec (Snyk, Checkmarx, Veracode, Semgrep), API security and software supply chain sell to engineering teams, not to MSPs. The consolidation here has been relentless: IBM bought HashiCorp (Vault) for $6.4B, Akamai bought Noname for about $450M, Harness merged with Traceable, and Chainguard raised to a $3.5B valuation securing the open-source supply chain. Two adjacent categories, WAF and the enterprise browser (Island, now at $4.85B, and Palo Alto's Talon), have a little channel delivery, but this domain is not MSP territory.

Securing endpoints, identity and email

The layer closest to the user is the heart of what an MSP actually sells. Two of these three domains are as MSP-native as security gets.

Endpoint security

Endpoint security is the deepest MSP channel in the entire market. On measured share, Microsoft Defender leads at 28.6 percent per IDC's 2024 tracker, its third straight year at number one. CrowdStrike and SentinelOne are the public heavyweights, and a whole set of vendors are effectively MSP-distribution businesses: Huntress ($150M Series D at about $1.55B), Sophos (now the largest pure-play managed-detection provider after buying Secureworks for $859M), Bitdefender, ThreatDown and Blackpoint. If an MSP builds one security practice, it starts here.

Endpoint security vendors (EPP and EDR)
VendorWhat it doesBackingMSP
CrowdStrikeFalcon EDR/XDR platformPublic (CRWD)Partial
SentinelOneAutonomous EDR/XDRPublic (S)Yes
Microsoft DefenderNative Windows EPP + EDRMicrosoft-nativePartial
SophosEndpoint + MDR (+ Secureworks)PE · Thoma BravoYes
BitdefenderGravityZone EPP/EDR + MDRPrivate (Vitruvian minority)Yes
HuntressManaged EDR built for MSPsVC · $150M · ~$1.55BYes
ThreatDown (Malwarebytes)MSP-focused EPP/EDR/MDRPrivateYes
Blackpoint CyberMSP-delivered 24/7 MDRVC · $190MYes

Identity and access

Identity and access splits down the middle, and it is the single busiest domain for consolidation. Workforce sign-on, MFA and directory for smaller firms are MSP-deliverable (JumpCloud, Entra through Microsoft licensing, Duo, and Huntress Managed ITDR). Privileged access, governance and machine identity are enterprise-direct and where the deals happened: Palo Alto bought CyberArk for about $25B (closed February 2026), its biggest deal ever and its entry into identity; CyberArk had already bought Venafi for $1.54B; Cisco agreed to buy Astrix for around $400M for non-human identity; and Thoma Bravo merged Ping and ForgeRock, then re-floated SailPoint in a $1.38B IPO. Machine and non-human identity is the hot new sub-category, driven by AI agents, with Oasis ($120M) and Astrix raising fast before being bought.

Identity and access security vendors
VendorWhat it doesBackingMSP
OktaWorkforce SSO/MFA + Auth0 (CIAM)Public (OKTA)Partial
Microsoft Entra IDNative cloud identity + MFAMicrosoft-nativePartial
CyberArkPrivileged access + machine identityPublic (CYBR) → Palo Alto (2026)No
SailPointEnterprise identity governancePublic (SAIL); Thoma Bravo ~88%No
JumpCloudCloud directory + SSO for SMBVC-backedYes
SilverfortAgentless MFA + identity threat detectionVC · ~$1BPartial
Oasis / Astrix / AembitMachine / non-human identityVC (Astrix → Cisco)No

Email and collaboration security

Email and collaboration security is, with endpoint, the most MSP-distributed domain on the map. Microsoft Defender for Office 365 is the bundled baseline; on top of it sit vendors built for or leaning heavily on the channel. The defining deal came in December 2025, when Proofpoint bought Hornetsecurity for about $1.8B explicitly to reach the SMB market through its 12,000-plus MSP partners. Abnormal, the behavioural-AI challenger, raised at a $5.1B valuation; KnowBe4 (awareness training) went private with Vista for $4.6B; Mimecast sits with Permira.

Email security vendors
VendorWhat it doesBackingMSP
Microsoft Defender for Office 365Native M365 email securityMicrosoft-nativePartial
ProofpointEmail platform (+ Hornetsecurity)PE · Thoma BravoYes (via Hornetsecurity)
Abnormal AIBehavioural-AI cloud email securityVC · ~$5.1BPartial
HornetsecurityM365 email security for MSPsProofpoint (~$1.8B)Yes
KnowBe4Security awareness trainingPE · Vista ($4.6B)Yes
MimecastEmail security + archivingPE · PermiraYes
IRONSCALES / GraphusAI anti-phishing for MSPsVC / KaseyaYes

Protecting and recovering data

Data security is really two markets. The backup half, now rebranded as cyber resilience, is highly MSP-deliverable: Veeam (Insight Partners, widely reported around a $15B valuation), Acronis, Datto under Kaseya, and N-able Cove are all MSP staples, while Rubrik went public in 2024 and Cohesity merged with Veritas to claim the largest-vendor spot, before Veeam took IDC's number-one data-protection tracker position in late 2025. The other half, data security posture management and data-loss prevention, is enterprise-direct and classification-heavy. Cyera is the breakout there, raising to a $12B valuation, while the smaller posture tools keep getting absorbed into bigger platforms (Dig into Palo Alto, Normalyze into Proofpoint).

Data protection and backup vendors
VendorWhat it doesBackingMSP
VeeamBackup + ransomware resiliencePrivate · Insight (~$15B)Yes
Acronis / DattoMSP-native backup + cyber protectionPrivate / KaseyaYes
RubrikZero-trust backup + cyber recoveryPublic (RBRK)Partial
CohesityData protection (merged Veritas)Private (~$7B+)Partial
CyeraAI-era data security posture (DSPM)VC · ~$12BNo
VaronisData access governance + DSPMPublic (VRNS)Partial

Detection, response and exposure

Once the controls are in place, someone has to watch them. This cluster is where the mid-market genuinely buys through MSPs, because almost no small business runs its own security operations centre.

Security operations

Security operations is a High-MSP domain, but only the managed layer. On measured share, Splunk has held IDC's SIEM number one for years, while MDR has no analyst share tracker at all. Raw SIEM is being swallowed by platforms: Cisco bought Splunk for $28B, Microsoft Sentinel and Google SecOps fold detection into their clouds, and Palo Alto pitches Cortex XSIAM as a SIEM replacement. Where MSPs live is managed detection and response, and here the vendors are built channel-first: Arctic Wolf, Huntress, Blackpoint and Todyl.

The hottest and best-funded sub-category is the agentic SOC, AI analysts that triage and investigate alerts. Torq raised $140M at a $1.2B valuation, 7AI raised $166M, and Dropzone, Prophet and Exaforce all raised in 2025. Zscaler bought Red Canary for $675M to build one. Almost none of it reaches the mid-market yet except when an MSSP runs it for you, which is exactly the opening.

Detection and response vendors (SIEM, MDR, XDR)
VendorWhat it doesBackingMSP
SplunkMarket-leading SIEMPublic (CSCO) · $28B dealPartial
Microsoft SentinelCloud-native SIEM/SOARMicrosoft-nativePartial
Arctic WolfConcierge SOC-as-a-serviceVC · ~$1B+ raisedYes
HuntressManaged EDR/SIEM for MSPsVC · $150MYes
Blackpoint / TodylChannel-only MDR platformsVC · $190M / $50MYes
TorqAgentic SOC automationVC · $140M · $1.2BPartial
Dropzone / 7AI / ProphetAutonomous AI SOC analystsVC (2025 rounds)Partial

Threat intelligence

Threat intelligence is the lowest-MSP domain in this cluster. Standalone intel is bought by enterprises and governments, or shows up bundled inside the MDR an MSP already resells. The category is consolidating into non-security strategics: Mastercard bought Recorded Future for $2.65B, and Google owns Mandiant. Below them sit Flashpoint, Intel 471, ZeroFox and Bitsight's Cybersixgill, and an MSP never sells any of it as a line item.

Risk, exposure and compliance

Risk, exposure and compliance is the most bifurcated domain on the map. In vulnerability management, Tenable is IDC's measured share leader, seven straight years at number one. Vulnerability management (Tenable, Qualys, Rapid7) and compliance automation (Vanta, valued around $4.15B; Drata, around $2B) have genuine MSP and vCISO channels into the mid-market, because compliance is now a sales requirement, not a nice-to-have. Attack-surface management, breach-and-attack simulation and third-party risk skew enterprise: Pentera raised at over $1B, Horizon3.ai at around $750M, and Schwarz Group bought XM Cyber for $700M. For an MSP, the actionable slice is vulnerability scanning and the compliance tooling that underpins a vCISO offer. The sharpest version of that compliance opportunity for MSPs is CMMC for the defense supply chain.

Exposure management and compliance vendors
VendorWhat it doesBackingMSP
Tenable / Qualys / Rapid7Vulnerability & exposure managementPublic (TENB/QLYS/RPD)Yes
VantaCompliance automation (SOC 2, ISO)VC · ~$4.15BYes
DrataTrust & compliance automationVC · ~$2BYes
PenteraAutomated security validation (BAS)VC · ~$1BPartial
Horizon3.aiAutonomous penetration testingVC · ~$750MPartial
SecurityScorecard / BitsightSecurity ratings + third-party riskVC / Moody's-backedPartial

The frontier: OT, fraud and securing AI itself

Three domains sit at the edge of the map. All three are mostly enterprise-direct today, but they matter because they show where the next wave of money and consolidation is going.

OT, ICS and IoT security

OT, ICS and IoT security protects the machines that run factories, utilities and hospitals. It is bought direct by asset-heavy enterprises, often with strategic money from the equipment makers themselves (Schneider, Mitsubishi and Honeywell all back Nozomi). Claroty raised a $150M round at a $3B valuation, Armis reached a $6.1B valuation in a pre-IPO round, and Dragos, Nozomi and TXOne round out the field. A generalist MSP rarely touches this; a specialist systems integrator does.

Fraud and abuse prevention

Fraud and abuse prevention is a large market that sits almost entirely outside the MSP world. It is sold by API to fintech and e-commerce teams: Sift, Forter (valued around $3B), Signifyd ($1.34B), HUMAN for bots, and Feedzai ($2B) for financial crime. Useful to understand, but not something an MSP resells.

AI security

AI security is the newest domain on the map, and it is consolidating faster than anything else on it. Securing AI apps, models and agents went from a whiteboard to a shopping list in barely a year: Cisco bought Robust Intelligence, Palo Alto bought Protect AI (about $635M), Check Point bought Lakera, SentinelOne bought Prompt Security, and Cato bought Aim Security, all inside twelve months.

The independents still standing (HiddenLayer, Noma at $100M, Cranium, Lasso) are the next acquisition targets. It reaches the mid-market only through the platforms and, eventually, through Microsoft. Note the pattern: the big vendors are buying this category rather than letting startups own it, the clearest tell of where security is heading.

How security reaches the mid-market

Of the fourteen domains, only a handful reach a small or mid-sized business through an MSP. The rest are bought direct by companies big enough to run their own security team. That gap is the whole reason the colour-coding matters.

The MSP-deliverable core is small, stable and unglamorous: endpoint, email, managed network, backup, workforce identity, the compliance and vulnerability tooling behind a vCISO offer, and above all the managed services layer that ties it together. That last domain, cyber services and risk transfer, is the most MSP-native of all, and it is where the independent venture money still has open runway while the product categories consolidate.

Security vendors built for the MSP channel
VendorWhat it doesBackingMSP
Arctic WolfMDR / SOC-as-a-serviceVC · ~$1B+ raisedPartial
HuntressChannel-only managed security for SMBVC · $150MYes
Blackpoint CyberMDR built for MSPsVC · $190MYes
ThreatLockerZero-trust endpoint for MSPsVC · ~$1.2BYes
CynomiAI vCISO platform for MSPsVC · $37M Series BYes
CorkCyber warranty for MSP clientsVC · $6M seedYes
Coalition / At-Bay / CowbellCyber insurance (SMB / mid-market)VC-backed insurersPartial

One force sits underneath this whole layer: cyber insurance. To bind or renew a policy, carriers now require MFA, EDR or MDR, tested backups and email filtering. Fail a control and coverage lapses or premiums jump.

The insurance application has quietly become the security purchase order, and the MSP is the one who implements and attests to the controls for a client with no security staff. That is why MDR, zero-trust endpoint, vCISO tooling and warranties are all built channel-first, and it is the strongest tailwind an MSP security practice has.

If you want the same lens on the tools MSPs run day to day, I mapped the full MSP tool stack by where the money goes in a companion piece.

The four forces reshaping the map

Step back from the domains and four patterns explain almost every move on the map.

The megacaps are buying the map. Platformisation stopped being a slide and became a shopping spree. Google bought Wiz ($32B), Palo Alto bought CyberArk ($25B), Cisco bought Splunk ($28B), IBM bought HashiCorp ($6.4B), and Mastercard bought Recorded Future ($2.65B). The independent category-leader logo is getting rarer by the quarter.

Private equity owns the incumbents, then re-floats them. Thoma Bravo alone holds or held Sophos, Proofpoint, Ping, SailPoint and Darktrace; Vista has KnowBe4; Permira has Mimecast. SailPoint, Rubrik and Netskope show the exit path back to the public markets. This is a category that private equity has learned to farm. The same logic is moving down-market: venture firms are now funding buyers of MSPs themselves.

Microsoft is the gravity. Defender, Entra, Purview and Sentinel come bundled into licences businesses already buy. Every point vendor now has to either differentiate hard enough to justify a second bill (Abnormal, Cyera, CrowdStrike) or go all-in on MSP distribution to reach the customers Microsoft's own sales motion cannot (Huntress, Hornetsecurity). There is very little middle ground left.

AI is opening two new frontiers at once. The agentic SOC (Torq, 7AI, Dropzone) and machine identity (CyberArk with Venafi, Cisco with Astrix, Oasis) are the two categories drawing the freshest money, and both exist because AI agents create work and risk that the old tools were not built for. Watch these two for the next wave of acquisitions.

What it means if you run an MSP

Three conclusions fall straight out of the map.

Your territory is smaller and more durable than the noise suggests. Endpoint, email, managed network, backup, MDR, workforce identity and compliance are where you sell, and they are the calmest, most channel-friendly corners of the market. The billion-dollar categories in the headlines, cloud security, AppSec, DSPM, AI security and privileged access, are mostly not yours. Do not chase them; refer them, or partner, and go deeper where you already win.

Bet on the vendors built for the channel. As the product categories consolidate onto platforms and onto Microsoft, your value is integration, management and trust, not tool selection. Pick the category leaders with real MSP programs (Huntress, SentinelOne, Sophos, Bitdefender, Hornetsecurity, ThreatLocker, Blackpoint, Todyl), and where you adopt a smaller tool, keep your data portable so you can move when it gets acquired. Because it will. The funding side of that story is mapped in where $1B of venture money in MSP software went.

Sell to the insurance renewal. The fastest-growing reason a mid-market business buys security is that its cyber insurer now requires it. MFA, EDR, backups and awareness training are no longer a pitch, they are a condition of coverage. Build your security offer around the renewal questionnaire and you are selling something the client has already been told they must buy. And if the security-heavy book is where your MSP is heading, it is also what pays at sale: this is the revenue profile behind the top end of MSP valuation multiples and the core of exit readiness.

FAQ

How is the cybersecurity market segmented?

Into roughly fourteen domains. It runs from infrastructure (network, cloud and application security) through the user layer (endpoint, identity, email and data) to the operations layer (security operations, threat intelligence, and risk, exposure and compliance). Three frontier domains sit at the edge: OT and IoT, fraud prevention, and AI security. A services and risk-transfer layer ties the rest together.

Which cybersecurity categories can an MSP actually sell?

The MSP-deliverable core is endpoint, email, managed network, MDR and managed services, and backup, plus workforce identity and the compliance and vulnerability tooling behind a vCISO offer. That set is small, stable and channel-friendly. Cloud security, application security, DSPM, privileged access and AI security are bought mostly enterprise-direct, so an MSP refers or partners on those rather than reselling them.

What were the biggest cybersecurity acquisitions of 2025 to 2026?

The largest was Google buying Wiz for $32B, the biggest deal Google has ever done. Palo Alto bought CyberArk for about $25B, its own biggest deal. Cisco bought Splunk for $28B, IBM bought HashiCorp for $6.4B, and Mastercard bought Recorded Future for $2.65B. Together they show platform giants rolling up independent category leaders.

Is the cybersecurity industry consolidating?

Yes, on two tracks. Megacap platforms are rolling up independent leaders (Google, Palo Alto, Cisco, IBM, Microsoft), and private equity takes incumbents private, then re-floats them, the way Thoma Bravo did with SailPoint, Netskope and Rubrik showing the path back to public markets. The independent category-leader logo is getting rarer by the quarter. Keep your data portable so you can move when a tool gets acquired.

What is the difference between foundational and advanced security tooling?

Foundational tooling is the baseline every client needs and cyber insurers now require: MFA, EDR, tested backups and email filtering. Advanced tooling is the detection-and-response layer, MDR, managed SOC, SIEM and zero-trust access, which is the fastest-growing and highest-margin part of an MSP security practice. Foundational wins the policy renewal; advanced deepens the account.

For the deal-flow view of this same map, read what the 2026 cybersecurity almanac means for a small MSP.

A note on the map

The map is my own synthesis. It is informed by the public market maps (CB Insights, Momentum Cyber and others) but copied from none of them; the category boundaries and the MSP-relevance calls are mine. Funding and ownership figures trace to company announcements and reputable trade coverage, cross-checked during research and current as of mid-2026. Funding data is self-reported at origin, so treat totals as directionally exact rather than audited. Categories blur at the edges and plenty of vendors sit in more than one, so I placed each where its centre of gravity is. Several logos here now belong to their acquirers (Wiz to Google, CyberArk to Palo Alto, Splunk to Cisco, Hornetsecurity to Proofpoint), which is rather the point.