Brief Overview

TwinWave provides a threat analysis platform based on decades of experience building and operating detection and analysis systems at companies like Proofpoint, Juniper and Emerging Threats. Our platform seamlessly combines popular open source components, third-party analysis systems like FireEye, Wildfire and VMRay, along with our own proprietary technologies. We detect and analyze both credential phishing and malware threats with a focus on automating common analysis activities so that security analysts can shift from generating data for analysis to analyzing and interpreting the data our platform generates for them.


San Carlos, CA


Mike Horn (CEO)
Bryan Burns (CTO)
Will Metcalf (Chief Researcher)


TwinWave Security was founded by the team formerly responsible for Proofpoint's advanced malware & phishing detection product, known as Targeted Attack Protection (TAP).

We started TwinWave to share our experiences building tools to detect, analyze and understand threats with enterprise security teams. Our threat analysis platform helps SOC & IR teams improve their threat investigation process by automating the analysis activities that an analyst would typically perform so that analysts can focus on reviewing and taking action on the data rather than generating the data.

Key Competitors

CrowdStrike Falcon X

Products and Services

TwinWave provides a threat analysis platform that is accessible via a web interface as well as an API. Our platform is licensed based on a combination of named user licenses (users that have access to the platform) and daily submission volume (number of objects submitted to the platform for analysis).