Theme · 08 · Digital perimeter

Cybersecurity.

Enterprise security is no longer a single product line — it's a six-layer stack from identity at the apex through endpoint, network, cloud, vulnerability management, and data security. Each layer is dominated by a handful of public-market platform companies. Below: the US-listed names actually operating in each one.

6 layers
15 companies
US-listed only
Updated live
The map

Six layers, one defense-in-depth.

Identity at the apex. Data at the foundation. Every US-listed public company actually operating in between.

LAYER 06 · FOUNDATION Data & Observability VRNS · ESTC · DDOG LAYER 05 Vulnerability Management TENB · RPD · QLYS LAYER 04 Cloud & SASE ZS · NET LAYER 03 Network & Firewall PANW · FTNT · CHKP LAYER 02 Endpoint CRWD · S APEX Identity & Access LAYER 01 · APEX OKTA · CYBR ↑ PROTECTS ↑ 15 COMPANIES · US-LISTED
Layer 01 · Apex

Identity & Access

Who can log in, what they can do, and how privileged credentials are protected. Okta as the workforce and customer identity standard, CyberArk as the leader in privileged-access management for the accounts attackers want most.

Layer 02 · The device

Endpoint

Detection and response on the laptop, server, and workload itself. CrowdStrike's Falcon agent and SentinelOne's Singularity platform — the two AI-driven EDR platforms that displaced traditional antivirus across the enterprise.

Layer 03 · The perimeter

Network & Firewall

Next-generation firewalls and network security platforms — Palo Alto Networks' breadth across firewall, SOC, and cloud security; Fortinet's appliance-driven model with deep SD-WAN integration; Check Point's incumbent enterprise install base.

Layer 04 · The edge

Cloud & SASE

Secure access service edge — the converged networking-plus-security stack that replaces the corporate VPN. Zscaler's Zero Trust Exchange and Cloudflare's edge platform, both built on globally distributed proxies that sit between users and applications.

Layer 05 · Exposure

Vulnerability Management

Continuous discovery, prioritization, and remediation of weaknesses across the attack surface — Tenable's Nessus and exposure-management suite, Rapid7's Insight platform, and Qualys's cloud-native scanning. The pre-breach side of the security budget.

Layer 06 · The crown jewels

Data & Observability

Where the actual data sits and how it's monitored — Varonis for data security posture management, Elastic for security analytics on top of its observability stack, Datadog for cloud monitoring with an expanding security product line.

Methodology & coverage.

Constituent lists are reviewed quarterly against segment disclosures, product portfolio, and addressable-market commentary. Quotes are sourced from licensed market data; the Veridion Score is computed from six published factors. Inclusion is not a recommendation.

All themes Read the method