advertisement
Security software reviews, 2019: Lab tests of today’s top tools
Threats are constantly evolving and, just like everything else, tend to follow certain trends. Whenever a new type of threat…
Threats are constantly evolving and, just like everything else, tend to follow certain trends. Whenever a new type of threat is especially successful or profitable, many others of the same type will inevitably follow. The best defenses need to mirror those trends, so companies get the most robust protection against the newest wave of threats.
Our goal with these reviews is to discover how cutting-edge cybersecurity software fares against the latest threats, hopefully helping you to make good technology purchasing decisions. We’ll explain how these new and trending cybersecurity tools work, who they’re for, and where they fit into a security architecture.
Each of these products was tested in a local testbed or, depending on the product or service, within a production environment provided by the vendor. Where appropriate, each was pitted against the most dangerous threats out there today as we unleashed the motley crew from our ever-expanding malware zoo.
advertisement
Here, listed in alphabetical order, are some of the most innovative and useful, and, dare we say, best security products on the market today.
Best security software — 2019 reviews
- AttackIQ FireDrill
- Aqua
- Avanan
- Awake Security Platform
- Barracuda Sentinel
- Bitglass
- Blue Hexagon
- CrowdStrike Falcon
- CybeReady
- Cynet 360
- Fidelis Deception
- FireMon
- GreatHorn
- JASK Autonomous Security Operations Center (ASOC)
- LogRhythm
- Morphisec
- NeuVector
- Nyotron Paranoid
- Perimeter 81
- Power LogOn
- SlashNext
- XM Cyber HaXM
AttackIQ FireDrill
Category: Penetration testing
AttackIQ FireDrill was created to watch our watchers. It’s a penetration testing tool, but one that is configured to operate from the inside, with the primary goal of identifying flaws, misconfigurations and outright shortcomings in all other cybersecurity defenses.
Aqua
Category: Container security
The Aqua Cloud Native Security Platform uses an inherent advantage of containers, the fact that they are always highly specialized for their jobs, to create a cybersecurity structure based on whitelisting.
advertisement
Avanan
Category: Email security
The Avanan platform is designed to make managing email security across a vast corporate landscape both effective and accessible. Avanan takes a unique approach to accomplish this with a multi-vendor solution that layers protections within the security stack, tying them together into a centrally managed dashboard that supports whatever native protections already exist in cloud-based email platforms. The idea is that Avanan can catch the advanced threats that Microsoft, Google or other cloud-based email providers miss, identifying dangers like phishing, malware, data leakage and even full account takeovers.
Awake Security Platform
Category: Network security
This advanced network traffic monitoring platform identifies hidden threats and those that don’t use traditional malware, making it extremely powerful and useful in today’s threat environment.
Barac ETV
Category: Network security
TLS 1.3 prevents any decryption or inspection in transit, seeing it as a compromise. As such, it may soon be impossible at most organizations to inspect encrypted traffic without first completely decrypting and assembling it. And doing that gives malicious code a chance to perform its nefarious mission. That situation is why Barac created the Encrypted Traffic Visibility (ETV) Platform. It’s designed to analyze encrypted data streams and determine whether or not they are malicious — without unencrypting them or doing any kind of deep inspection that would indicate tampering under TLS 1.3.
advertisement
Barracuda Sentinel
Category: Email security
Instead of sitting at the gateway like traditional email protection platforms, Sentinel connects at the API level to any cloud-based email program. Its uses artificial intelligence to learn how users communicate so that it can spot anomalies that might be an indication of an attack later on.
Bitglass
Category: Mobile security
The Bitglass platform is essentially an agentless and lightweight MDM platform without any of the over-burdensome complexity or draconian rules those mobile management tools normally require. Bitglass is installed in the cloud, which technically makes it a cloud access security broker (CASB). How it works is that users on mobile devices first sign into a portal and then access all of their work data through Bitglass. The interface is seamless to users, with only the Bitglass name being inserted into the URL field at the top of the browser page to indicate that Bitglass is enforcing policies on those interactions.
Blue Hexagon
Category: Network security
While most platforms with machine learning look for anomalies in things like traffic or user behavior, Blue Hexagon actually looks for threats. And it will make a determination about whether a file, process, document or other program is malicious in under one second every time. There is no gray area with Blue Hexagon. Things are either threats or not. Its ability to spot threats so quickly can close many of the gaps that hackers try to exploit, leaving them without enough time to capitalize on any foothold they may briefly establish.
CrowdStrike Falcon
Category: Endpoint detection and response
While EDR is increasingly important, it’s also becoming a bit commoditized in that many of the offerings are very similar. The biggest differentiator with Falcon is that the brains of the platform exist completely in the cloud, which gives it unlimited scalability as well as a massive footprint of users and enterprises.
CybeReady
Category: Security awareness
The CybeReady platform is designed to educate users about the dangers of phishing and other email attacks that target them and evaluate them as they perform their normal jobs, without getting in the way or taking up too much of their time. Training is done only as needed and always on the spot, and never takes up more than about two minutes. On the backend, entire training campaigns can be crafted for the next several months in only a few minutes, so the administration of the CybeReady platform is minimized.
Cynet 360
Category: Network security The goal of a fully autonomous and completely effective cybersecurity platform has never been fully realized. But that is exactly what the Cynet 360 autonomous breach protection platform aims to do. From our testing, it’s clear that they are very close, with a nearly zero touch installation process, complete visibility through agent sensors, and an automatic response rate that is about 98 percent accurate.
Fidelis Deception
Category: Deception
Today’s skilled hackers know, or at least suspect, that deception is in place and won’t blindly follow breadcrumbs to fake assets. To combat this, Fidelis Deception creates realistic, living deception assets.
FireMon
Category: Network security
A pioneer in the field of network security policy management, FireMon provides full visibility into networks and devices, and overlays that knowledge with the rules, platforms, hardware and programs designed to protect it.
GreatHorn
Category: Email protection
GreatHorn takes a modern and highly effective approach to protecting enterprise email that goes well beyond the capabilities of legacy mail scanners.
JASK Autonomous Security Operations Center (ASOC)
Category: SIEM
Everything about the JASK ASOC is different from how a traditional SIEM operates. For one, the entire ASOC infrastructure exists inside a secure Amazon Web Services cloud. Network administrators only need to install a JASK software sensor to help facilitate the link between the local console and the brains of the platform in the cloud. The ASOC doesn’t even issue alerts in the traditional sense. Instead, it coordinates all of the events and anomalies that it discovers and groups them together. Only once it believes that it has found solid evidence of a threat does it present what it calls an insight to IT teams monitoring the SOC.
LogRhythm
Category: SIEM
LogRhythm Enterprise offers a lot of protection and assistance for finding and remediating threats … and sometimes even pre-threat actions.
Morphisec
Category: Intrusion prevention
Morphisec is focused on prevention of a specific family of advanced exploits that either use or reside in system memory. These exploits are very difficult to detect using traditional methods and how most advanced attacks get around signature-based antivirus protection these days. The platform scrambles system memory by moving the default locations for system resources that all programs use and most advanced malware is designed to exploit. This includes scrambling the locations of .dlls, memory structures and commonly used resources.
NeuVector
Category: Container security
The NeuVector container security platform was created specifically to safeguard containerized environments. In fact, it’s deployed as a privileged container itself within the environment that it will be protecting. From its position within the containerized environment, it can monitor all Layer 7 network traffic, including that moving between containers and the host orchestration software. In this way, it can protect against attacks made against individual containers or the entire environment.
Nyotron Paranoid
Category: Endpoint security
The philosophy behind Paranoid is that there is an infinite number of ways that hackers can attack a computer and a network, with new techniques popping up all the time. But if an attacker gains access to a system, there are a limited number of things they can actually do based on what is allowed by the operating system. The platform could probably stop most attacks against endpoints on its own, but does not make that claim. Instead, it is designed to thwart advanced intrusions that get around or through every other network protection. It acts as a last line of defense and was very effective in that role during our testing.
Perimeter 81
Category: Network security
Starting with the concept of zero trust networking, VPN tunneling and secure network access as a service, Perimeter 81 recently branched out and are now providing a near plug and play solution for more elements of cybersecurity served through the cloud and on demand.
Power LogOn
Category: Authentication
Power LogOn brings together 2FA with a network-based password manager. The user first logs onto a computer or workstation (using multi-factor authentication, say a smartcard and a PIN) that has the Power LogOn authentication client installed. That client then creates a trusted node that takes other logon information to authenticate with the network portion, which admins install and manage. The Power LogOn network portion acts as a network-based password manager, creating and managing long and complex passwords for each user and website. The admin portion gives the admin complete control over the user’s logon, including defining how many factors — 1FA, 2FA or 3FA — to require for the initial client logon, and how it is accomplished (e.g., PIN, smartcard or biometrics).
SlashNext
Category: email protection
SlashNext has taken the old adage of doing one thing very well to heart. There are two products available to organizations. The first is a detailed and dedicated phishing threat feed that can be used to block phishing sites as they pop up. The second is an appliance that provides even more protection and is able to halt even targeted attacks aimed at a single organization that wouldn’t trigger any other kind of alert.
XM Cyber HaXM
Category: Penetration testing
The HaXM program from XM Cyber aims to make automated penetration testing more reliable and accessible by improving on the current state of similar programs in several ways. First, HaXM does not require any knowledge of attack techniques. For example, you don’t have to scan for a specific code injection vulnerability on a web server. You simply need to tell the program that the web server is an important asset in your network and then let HaXM discover all the ways that it could be compromised. Second, HaXM offers continuous scanning, so results are never aged out over time. And finally, in addition to performing red team type exercises, HaXM offers detailed advice on how to fix problems it discovers and which ones should be fixed first, effectively taking on the role of a so-called blue team in security exercises.