Vendor Spotlight: Heimdal

Heimdal Security A/S is a Danish cybersecurity business that is prominent in the Copenhagen technology hub, but not so well known worldwide. This brand is still fighting to get itself noticed in the US-dominated cybersecurity market.

The Heimdal product range includes on-device systems and a cloud platform of services. Buyers can assemble their own security fabric by picking individual tools and then tying them together with the Heimdal Threat Hunting and Action Center unit on the cloud. This is a flexible strategy that allows companies to decide just how far they want to go with Heimdal. The company can provide an antivirus package or a system-wide automated cybersecurity bundle.

Founding and Background

Heimdal Security A/S was founded in 2014 in Copenhagen, Denmark, by a business development specialist who worked together with an established cybersecurity software house and consultancy. The company was established in response to the increasing sophistication of cyber threats and the need for advanced cybersecurity solutions beyond traditional antivirus software. Heimdal initially focused on developing threat prevention tools to combat malware and phishing attacks.

The company quickly gained recognition for its proactive security approach, which combines advanced threat intelligence with network and endpoint protection. Heimdal Security’s solutions emphasize prevention, detection, and response, covering areas such as ransomware protection, vulnerability management, and endpoint detection and response (EDR). Over the years, Heimdal has expanded its product portfolio to serve both consumer and enterprise markets, and today, it operates globally, with a strong presence in Europe and beyond.

Capture The Flag

The team behind Heimdal had a successful career as cybersecurity prizewinners. The cybersecurity industry runs a number of events to forward security knowledge, encourage individuals to train up in the field and create a culture of cybersecurity awareness. One avenue that the cybersecurity industry has is to invite outsiders to attack them and try to find security weaknesses.

A Capture The Flag (CTF) competition is one of the methods used to foster cybersecurity skills in the wild. Rather than investing in extensive training for thousands of young people, a cybersecurity foundation puts up a single prize and encourages anyone anywhere to get training and deploy ingenuity to invent new methods to discover security weaknesses.

The “flag” in a CTF is a specific text that is hidden somewhere in a system. In these contests, the creators have built a security weakness that they know will allow someone to get in and read the flag. Thus, there is a known goal and teams that enter the contest have to turn up in a particular location on a specific date, which generates a buzz. CTFs are often events put on as part of a larger trade fair or conference.

The group behind Heimdal was the first non-US competitor to win the Defcon CTF competition. Defcon (also written as DEF CON) is an annual cybersecurity conference, held in Las Vegas, USA. It is the most prominent and one of the longest-running trade events in the world for the cybersecurity community, and its CTF competition is the most prestigious prize in the field. Prizes in this field are substantial, and teams make a living solely by entering hacking competitions and bug-seeking tournaments (hackathons).

Heimdal’s CTF group was known as the Nopsled Team. This name is based on the abbreviation NOP, which stands for “no operation”. A NOP sled/NOP slide/NOP ramp is a technique to get around the need to know an exact address in memory by causing a stack buffer overflow. The Heimdal group focused on DNS manipulation in its successful flag-capturing gambit.

A Virtual Software Provider

Heimdal’s progression from a cyber defense team to a software provider mirrors almost exactly the rise of CrowdStrike in the United States. Both companies started off with a consultancy of threat detection specialists in 2011 and both started producing commercial software in 2014. Both companies offer an on-premises next-generation antivirus system that also acts as a data collector for a cloud-based threat detection and response unit.

The solidification of expertise into a permanent product is a well-trodden path in the cybersecurity field. Vulnerability Management tools are the codification of the techniques used by manual penetration testers.

Knowing how to break into a piece of software doesn’t necessarily mean that you know how to write a software package, and being good at computers doesn’t give you the skills to run a company. The formation of Heimdal is unusual, in that it was a virtual business in its first few years. It was owned by an individual who did not employ any of the developers or even own the copyright for the Heimdal products.

Morten Kjaersgaard had a string of successes as a Chief Commercial Officer (COO) for a number of IT and cybersecurity businesses in Denmark. Through this career, Kjaersgaard gathered the experience and money that enabled him to start creating his own businesses. Heimdal was one of them.

The new-found fame of the Nopsled Team created a strong opportunity to commercialize their expertise, and Kjaersgaard recognized that possibility. Unfortunately, most of the team were employed by CSIS Group, an existing Danish cybersecurity consultancy and managed security service provider that was founded in 2003.

As the CTF geniuses were tied up with no-compete clauses, Kjaersgaard couldn’t tempt them away from CSIS to work for him. So, he approached CSIS to set up a joint venture and they produced a system that was called Heimdal Pro.

Kjaersgaard’s expertise was in marketing and business development. So, given a product, he forged ahead and started selling Heimdal Pro, which is now called Heimdal Thor. Effectively, Heimdal was a joint project between CSIS Group and Morten Kjaersgaard. CSIS Group sold its share of the company in 2020 to Marlin Equity Partners, making Heimdal Security an independent cybersecurity business.

Timeline and Evolution

• 2014 – Founding: Heimdal Security was established in Copenhagen, Denmark as a joint project between CSIS Group and business development expert, Morten Kjaersgaard. The first product was Heimdal Pro.
• 2015 – Thor Foresight Release: Heimdal rewrites Heimdal Pro to create its flagship product, Thor Foresight. This was a next-generation security solution designed to block malware and ransomware at the firewall. It used DNS filtering and machine learning to detect advanced threats that traditional antivirus programs missed.
• 2016 – Expanding Global Presence: Heimdal expanded into international markets, specifically Europe and North America. Heimdal’s security solutions gained popularity among both individual users and enterprises.
• 2017 – Product Diversification: The introduction of Thor Vigilance, a next-gen antivirus solution, and Thor Premium, which combined Foresight and Vigilance for complete endpoint protection.
• 2018 – Vulnerability Management: Heimdal introduced Thor Patch Management, a tool for automated software updates and vulnerability management.
• 2019 – Endpoint Detection and Response (EDR): Heimdal launched its EDR solution, enhancing its product suite to include endpoint monitoring, threat detection, and incident response capabilities.
• 2020 – Unified Endpoint Security Platform: Heimdal moved towards creating a unified cybersecurity platform, combining its threat prevention, detection, patch management, and EDR capabilities under a single interface.
• 2021 – Identity Management: Heimdal expanded its product suite with Privileged Access Management (PAM) and Application Control solutions, entering the identity and access management space.
• 2022 – Zero Trust and XDR: To stay at the forefront of cybersecurity trends, Heimdal introduced Extended Detection and Response (XDR) capabilities and incorporated Zero Trust principles.
• 2023 – Continuous Innovation: Adds more automation, AI-driven threat intelligence, and better integration across the platform. Continuous innovation has kept Heimdal adaptable to emerging threats.

Heimdal’s Evolution

Over the years, Heimdal Security evolved from a malware and phishing prevention company to a full-fledged cybersecurity provider, offering solutions across threat prevention, detection, response, and identity management. Its journey is marked by constant innovation and adaptation, expanding its product portfolio to meet the growing complexity of cyber threats faced by businesses worldwide. Today, Heimdal’s unified security platform addresses the entire cybersecurity lifecycle, positioning it as a key player in both the consumer and enterprise markets.

Company Ownership

From its inception, Heimdal Security A/S was a subdivision of CSIS Group, with Morten Kjaersgaard holding a stake in Heimdal but not in CSIS Group. The CSIS Group was privately owned at the time of its involvement with Heimdal.

Marlin Equity Partners bought the Heimdal shares of CSIS group in March 2020. Marlin Equity Partners is a private equity firm founded by David McGovern in 2005. As a private firm, it is owned by its partners and investors, with David McGovern serving as the managing partner.

Key People

• Morten Kjaersgaard: Before joining Heimdal, Morten held prominent positions in the IT industry, including Chief Commercial Officer (CCO) at BullGuard Ltd and CEO of a large Danish IT reseller. His background in corporate marketing has helped bridge the gap between cybersecurity intricacies and business goals. He was CEO of the business from its creation until May 2024, when he switched to being Chairman of the Board. Kjaersgaard is still a shareholder in the business.
• Jesper Frederiksen: The CEO of Heimdal Security since May 2024, Frederiksen is simultaneously a non-executive directory of a number of other IT businesses. He is based in the UK and runs the company remotely from his home in Virginia Water.
• David McGovern: The current majority owner of Heimdal is Marlin Equity Partners, which is effectively owned by David McGovern.  His career began as an attorney at Gibson, Dunn & Crutcher, focusing on M&A work. He then transitioned to investment banking, working at CIBC. In 1999, McGovern moved into private equity investments, primarily in the technology industry. He founded Marlin Equity Partners in 2005. The fund has raised over $1 billion of capital.

Locations

Heimdal Security has a global presence with offices in several key locations. The company’s HQ is at Vester Farimagsgade in the center of Copenhagen, Denmark.

Here are some of their regional offices:

• London, United Kingdom
• Bucharest, Romania
• Brașov, Romania
• Munich, Germany
• St. Petersburg, FL, United States
• Mumbai, India
• Dubai, United Arab Emirates

These offices help Heimdal support its global client base and provide localized services.

Target Market and Customer Base

Target Market

Heimdal Security primarily targets businesses and organizations of various sizes, from small and medium-sized enterprises (SMEs) to large enterprises, with a focus on sectors that require advanced cybersecurity protection. Its solutions are designed to meet the needs of organizations that deal with sensitive data, have complex IT infrastructures, or are subject to strict regulatory requirements. Key industries include:

1. Financial Services: Banks, fintech companies, and insurance firms are prime targets for Heimdal due to the sensitive nature of their data and the high risk of cyberattacks.
2. Healthcare: Hospitals, clinics, and other healthcare organizations face increasing cyber threats, making Heimdal’s solutions vital for protecting patient data and ensuring compliance with regulations like HIPAA.
3. Government and Public Sector: Government institutions often deal with critical infrastructure and sensitive information, making them a focus for Heimdal’s advanced security tools.
4. Retail and E-commerce: Heimdal helps protect retailers from threats like ransomware and card fraud, securing payment systems and protecting customer data.
5. Manufacturing and Critical Infrastructure: Industrial organizations rely on Heimdal for securing operational technology (OT) environments and mitigating the risks of cyber threats targeting critical infrastructure.

Customer Base

Heimdal serves a global customer base that spans both the consumer and enterprise markets:

1. SMEs and Enterprises: Heimdal’s scalable solutions appeal to businesses of all sizes, with SMEs benefiting from the affordability and ease of deployment, while larger enterprises use Heimdal’s full suite of tools, including EDR, XDR, and privileged access management (PAM).
2. Managed Service Providers (MSPs): Heimdal’s solutions are particularly well-suited for MSPs who deliver outsourced security services to multiple clients. MSPs use Heimdal’s suite to provide comprehensive endpoint protection, threat detection, and response to their customers.
3. Consumers: While Heimdal primarily focuses on enterprise solutions, it also offers consumer-focused security products like Thor Home for individual users seeking protection from malware, ransomware, and phishing attacks.

Heimdal’s customer base is diverse, covering industries with stringent compliance requirements and those vulnerable to cyberattacks, making its solutions attractive across multiple sectors.

Heimdal’s Product Suite

Heimdal Security is a suite of cybersecurity solutions designed to protect businesses and individuals from a wide range of cyber threats. The Thor range of products is only sold through third-party retailers. Heimdal doesn’t use that name for the products that it advertises on its own website.

The product suite focuses on threat prevention, detection, response, and identity management, providing a unified security platform. Below is an overview of Heimdal’s key products:

1. Thor Foresight Enterprise

Purpose: Threat Prevention

Key Features:

• DNS, HTTP, and HTTPS traffic filtering to block malware, ransomware, and phishing attacks before they reach endpoints.
• Real-time machine learning-based threat intelligence for proactive protection.
• Detection and mitigation of APTs (Advanced Persistent Threats) and exploits.
• Prevents malicious websites and communications, even with compromised networks.

2. Thor Vigilance Enterprise

Purpose: Next-Gen Antivirus (NGAV)

Key Features:

• Signature and behavior-based scanning for detecting viruses, trojans, and zero-day threats.
• Advanced ransomware protection and real-time threat detection.
• Automated incident response and mitigation.
• Lightweight agent with minimal impact on system performance.

3. Thor Premium Enterprise

Purpose: Complete Endpoint Security

Key Features:

• Combines Thor Foresight and Thor Vigilance into a single package for both prevention and detection.
• Multi-layered security with DNS filtering, traffic monitoring, antivirus, and advanced malware detection.
• Integrated into a single dashboard for centralized security management.

4. Thor AdminPrivilege

Purpose: Privileged Access Management (PAM)

Key Features:

• Controls and manages privileged access to endpoints, reducing insider threats and unauthorized access.
• Allows users to request temporary administrative rights when needed, automating approval and auditing processes.
• Provides visibility into privilege escalation and tracks access requests in real-time.

5. Thor Patch Management

Purpose: Vulnerability and Patch Management

Key Features:

• Automated patching for third-party software, Windows updates, and security vulnerabilities.
• Supports remote patch management across distributed networks.
• Ensures critical security updates are applied quickly to mitigate the risk of exploitation.
• Compliance-ready reporting for auditing and regulatory needs.

6. Thor Ransomware Encryption Protection

Purpose: Ransomware Prevention

Key Features:

• Dedicated module that protects against ransomware by monitoring and stopping encryption processes on endpoints.
• Detects and blocks unauthorized file encryption attempts in real-time.
• Complements other Heimdal solutions for a multi-layered defense against ransomware attacks.

7. Heimdal Endpoint Detection and Response (EDR)

Purpose: Endpoint Threat Detection and Response

Key Features:

• Monitors and analyzes endpoint activities for signs of malicious behavior.
• Incident detection, investigation, and remediation capabilities in real time.
• Correlates threat data to detect complex attack patterns and lateral movements.
• Provides in-depth insights and forensic data for incident response teams.

8. Heimdal Privileged Access Management (PAM)

Purpose: Access Control and Security

Key Features:

• Manages and controls privileged accounts and user access to critical systems.
• Ensures minimal privilege access based on roles and responsibilities, reducing insider threats.
• Automates the process of requesting, granting, and auditing privileged access.

9. Heimdal Application Control

Purpose: Application Whitelisting and Blacklisting

Key Features:

• Allows businesses to create whitelists and blacklists of applications to control what can run on endpoints.
• Protects against unauthorized and potentially harmful software.
• Offers granular control over applications based on policies, reducing the attack surface.

10. Heimdal Next-Gen Antivirus (NGAV)

Purpose: Advanced Threat Detection

Key Features:

• Detects advanced and evolving threats using signature-based and heuristic scanning.
• Built to identify zero-day vulnerabilities and protect against ransomware, malware, and spyware.
• Complemented by threat intelligence and machine learning for enhanced detection capabilities.

Product Suite Summary

Heimdal Security’s product suite provides end-to-end cybersecurity coverage, with solutions tailored for threat prevention, detection, and response. Its products cover areas like DNS filtering, endpoint detection, privileged access management, patch management, and ransomware defense. With its modular, cloud-based architecture, Heimdal caters to businesses of all sizes.

Heimdal Next-Gen Antivirus (NGAV) provides advanced protection against modern-day threats such as ransomware, malware, spyware, and zero-day attacks. Unlike traditional antivirus software, Heimdal NGAV goes beyond signature-based detection by incorporating behavioral analysis, machine learning, and heuristic scanning to detect and neutralize both known and unknown threats.

The NGAV integrates with Heimdal’s suite of security tools to offer a multi-layered defense strategy. This antivirus solution focuses on real-time protection and automated threat response.

Key Features:

• Real-Time Threat Detection: Identifies known and unknown threats using behavioral analysis and machine learning.
• Signature and Behavior-Based Scanning: Traditional signature-based scanning for known malware alongside behavior-based scanning to detect zero-day threats.
• Ransomware Protection: Monitors and blocks encryption attempts by ransomware, ensuring that files and data are protected from unauthorized encryption processes.
• Automated Incident Response: Neutralizes threats immediately without manual intervention.
• Seamless Integration with Heimdal Suite: Particularly coordinates with the Heimdal Threat Hunting and Action Center.
• Threat Intelligence: Leverages global threat intelligence for real-time updates on emerging threats.

Heimdal Next-Gen Antivirus excels in real-time threat detection, ransomware protection, and automated response. Its lightweight design and integration with Heimdal’s broader security ecosystem make it an excellent choice for businesses looking for advanced and easy-to-manage endpoint security.

Heimdal NGAV provides robust protection against the latest cyber threats, making it a competitive option in the next-gen antivirus market.

Other Notable Products

1. Heimdal Threat Hunting and Action Center

The Heimdal Threat Hunting and Action Center enhances visibility and control over potential threats. It enables proactive threat hunting by analyzing endpoint behavior and network traffic, identifying suspicious activities, and providing actionable insights. The Action Center is a centralized hub that collects alerts, tracks incidents, and triggers responses. This tool is designed to identify advanced persistent threats (APTs), insider threats, and anomalies that may not be detected by traditional security measures.

The customizable dashboards for this cloud-based system are accessed through any standard Web browser. The Heimdal Threat Hunting and Action Center is a suitable tool for larger enterprises or those with dedicated SOC teams looking to enhance their threat detection, investigation, and response workflows.

2. Heimdal Privileged Access Management (PAM)

Heimdal Privileged Access Management (PAM) controls and monitors privileged access to sensitive systems and data. PAM allows organizations to limit administrative rights, ensuring that users only have the minimum access needed to perform their tasks, reducing the risk of insider threats and unauthorized access. It provides real-time visibility into privilege escalations, granting temporary administrative rights when necessary and automatically revoking them after tasks are completed. The solution integrates with other Heimdal products, centralizing security management and extending protection across the system.

Customizable policies and detailed auditing capabilities offer a high level of control for organizations managing complex IT environments. The package allows security teams to automate the process of managing access requests, reducing administrative overhead and enhancing efficiency. The platform tracks every privileged access request and approval, creating a detailed audit trail that simplifies compliance with industry regulations.

Major Competitors

Here are six major competitors to Heimdal:

1. CrowdStrike: A leader in cloud-native endpoint protection, offering advanced threat intelligence, EDR, and malware detection, with a strong emphasis on real-time attack prevention using AI-driven analytics.
2. Symantec (Broadcom) Provides comprehensive cybersecurity solutions, including endpoint security, threat intelligence, and DLP, known for its large-scale enterprise protection but often criticized for its resource-intensive deployments.
3. Bitdefender Offers multi-layered security with strong anti-malware, EDR, and advanced threat detection, providing robust protection for both individual users and enterprises, with a focus on low-impact performance.
4. Kaspersky Known for its strong antivirus solutions, Kaspersky also offers EDR and threat intelligence, providing advanced malware protection, though it has faced geopolitical scrutiny in some regions.
5. Sophos Delivers a unified cybersecurity platform with endpoint protection, firewall, and EDR, emphasizing ease of management and automation through its cloud-based Sophos Central interface.
6. SentinelOne A cutting-edge EDR and XDR provider using AI to automate threat detection and response, known for its autonomous security approach, ideal for large organizations needing advanced, automated solutions.

Spotlight Wrap Up

Heimdal Security offers protection for modern enterprises and service providers. Their solutions include Extended Detection and Response (XDR), Endpoint Detection and Response (EDR), DNS security, ransomware protection, and vulnerability management. Heimdal’s platform leverages AI and machine learning to provide advanced threat detection and proactive response tools, ensuring robust security across endpoints, networks, and cloud environments. With a global presence and offices in key locations such as Copenhagen, London, and New York, Heimdal serves over 15,000 organizations worldwide, helping them enhance their security posture and operational efficiency.