Security Operations (SecOps)StartupNetwork Discovery CAASM
RunZero
Unauthenticated network discovery and cyber asset attack surface management — rapidly inventories every device, OT system, and cloud resource with no agent or credentials required
Mkt Cap / ValPrivate (raised $70M)
RevenueEst. $30M ARR
Growth+100% YoY
Agentless, credentialless network discovery at speed — discovers all devices and OT/cloud assets in a single inventory without pre-existing infrastructure.
SWOT Analysis
Strengths
- Fast, agent-free discovery across legacy on-prem and cloud without requiring pre-installed credentials
- Strong differentiation in OT/ICS visibility where traditional CMDB tools struggle or require manual updates
- Rapid growth momentum (+a significant share YoY) and recent funding demonstrates market validation and runway
Opportunities
- Expand into OT/ICS security operations given first-mover advantage in factory and critical infra discovery
- Integrate threat intelligence and vulnerability feeds to become the inventory backbone for SecOps platforms
- Partner with SOAR and SIEM vendors as the canonical asset source for more accurate alert correlation and playbooks
Weaknesses
- Limited to asset discovery and CAASM — no threat detection, response, or SOC automation capabilities
- Smaller annual revenue base means fewer resources for customer success and product expansion vs. incumbents
- New market for CAASM means customer education burden and longer sales cycles for unfamiliar use case
Threats
- Large SIEM and SOAR vendors (Palo Alto, Splunk, ServiceNow) adding lightweight discovery modules to reduce point-tool reliance
- Cloud-native alternatives like Wiz and Orca gaining asset discovery as a bundled capability in their CSPM platforms
- Potential market consolidation risk if a larger vendor acquires RunZero to own the discovery layer
User Sentiment
Synthesized from G2, Gartner Peer Insights, and analyst review data.
What users love
- Zero agent/credential overhead and instant visibility into all devices — critical for enterprises with legacy infrastructure and OT environments
- Clean, intuitive asset inventory that integrates naturally into existing SecOps workflows without ripping-and-replacing CMDB tools
- Reliable discovery across hybrid cloud, on-prem, and OT networks where other tools require manual updates or agent sprawl
Common complaints
- Limited to discovery only — cannot respond to findings; must hand off to separate SIEM or SOAR, creating tool sprawl
- Pricing scales with number of assets, which can become expensive at scale in large enterprises with many unmanaged devices
- API documentation and out-of-box integrations with major platforms (Splunk, ServiceNow) still maturing compared to established players
Customer Profile
Who buys this
Typical segments
Enterprise OT/critical infrastructure operators requiring certified asset discovery with audit trailsCloud-first mid-market companies managing hybrid infrastructure with high cloud-to-on-prem sprawlMSPs and MSSPs needing agentless discovery to quickly inventory customer environments at onboarding
Typical buyer
CISO or SecOps director tasked with building accurate asset inventory for compliance or M&A integration
Top use cases
- 1Baseline asset inventory and change detection for SOC 2 Type II audits and regulatory compliance
- 2OT/ICS network discovery for manufacturing, utilities, and critical infrastructure without disrupting operational systems
- 3Post-acquisition integration — rapidly discovering all assets in acquired company's network to identify security gaps
Future Focus Areas
1
Autonomous vulnerability prioritization leveraging asset metadata and real-time threat intelligence to reduce security team noise
2
OT/ICS-specific threat intelligence and incident response playbooks built on RunZero inventory foundation
3
Supply chain asset visibility extending to third-party and vendor infrastructure exposure management