Threats are constantly evolving and just like everything else, threats tend to follow currents trends. Whenever a new threat is especially successful, many other tend to catch on quickly and we begin to see many similar threats inevitably follow the first success. However, the best defenses need to mirror those trends so users get the most robust protection against the newest wave of threats. Provided is a list of the top 12 security software programs that has been raved about in 2018.
BluVector offers advanced detection and response, and even threat hunting, all performed at machine speeds. BluVector works almost right away, but also has deep machine learning capabilities, so it gets even smarter over time. It will learn the intricacies of each network that deploys it, tweaking its algorithms and detection engines in a way that makes the most sense for the environment.
At its core, Bricata offers advanced IPS/IDS protection with multiple detection engines and threat feeds to defend network traffic and core assets. But it goes a step farther, adding the ability to launch threat hunts based on events, or simply anomalies.
Cloud Defender is a user-friendly tool that lets local IT staff inspect their cloud deployments to look for evidence of hidden threats or breaches. But it can also be used in a SaaS model, with the cybersecurity team at Alert Logic taking over most cloud-based cybersecurity functions.
Deployed as an on-premises virtual appliance, Triage connects with almost any corporate e-mail program and helps to manage responses to user reports of suspected phishing. Triage is still evolving, but even now represents one of the most advanced defenses against phishing.
Contrast Security has one of the most elegant solutions out there for application security. The secret sauce is its use of bytecode instrumentation, a feature in Java used to help integrate programs and application features during development.
The Digital Guardian Threat Aware Data Protection Platform is at the forefront of the effort to counter advanced threats, offering ready-to-deploy endpoint security locally on-premises or as a service, and with whatever automation level a host organization feels comfortable supporting.
The enSilo platform offers traditional endpoint protection alongside the ability to offer post-infection protection. It can also trap threats, holding them in place and rendering them harmless until a threat hunter can arrive to investigate.
The Intellicta Platform from TechDemocracy acts like an SIEM console, but for compliance issues. It pulls information from a series of network collectors and correlates that data into a continuously-monitored compliance dashboard.
Think of the Insight Engines tool as Google for network security, allowing natural language searches and returning honed information to answer each query. This comparison doesn’t do the program justice, but is a good starting point for understanding how it works.
Mantix4 takes threat hunting into the software as a service (SaaS) realm. While the program provides robust threat hunting tools for use by clients, the company also employs a team of experts to hunt on their behalf.
One thing that sets the RiskIQ Digital Footprint apart from just about every other security program reviewed for CSO magazine is the setup and installation phase. There is none. Digital Footprint scans for vulnerability information from outside the firewall, just like a potential attacker would.
The Open Threat Management Platform essentially acts as both an SIEM and a frontline security appliance. Thrifty firms may want to consider eliminating some of their other cybersecurity programs if they duplicate what the OTM is doing, especially if the OTM is consistently catching what they miss.