As more business-critical functions rely on information systems and the internet, enterprises are increasingly exposed to cyber threats that can disrupt operations or compromise sensitive information. Effective cyber preparedness is about more than technology – it also requires the right processes and people to protect data from attacks and unauthorized access. Even the most well staffed IT security departments can’t do it alone. We’ve compiled a list of the top 36 cyber security companies who can help.
There are at least three dozen categories of cybersecurity products and services (excluding cloud security and CASBs) that range from antivirus and authentication to security awareness training and wireless network protection. The most common categories that every enterprise should cover include:
- Services and consulting
- Endpoint protection
- Network security
- Data loss prevention
- Advanced threat protection
We relied on multiple sources to compile the top cyber security companies including analyst reports, surveys, and market share studies. Below is a list of companies considered to be leaders in each category.
Services and consulting
Bringing in a firm that specializes in cyber security can help you identify gaps in your defenses, create an incident response plan, and find attackers active on your network. These firms augment your internal resources and have expertise in today’s threat landscape.
Digital Defense Inc.: DDI is one of the leading suppliers of managed security risk assessment solutions. Their solution includes network vulnerability testing, application penetration testing, and security awareness training. DDI also has a patented network scanning engine, called the NIRV scanning engine that audits networks holistically across each host, service, and application, instead of auditing services in isolation. DDI can be integrated with ServiceNow and Microsoft’s Active Directory Federation Services.
Herjavec Group: Founded by Shark Tank’s Robert Herjavec, the Herjavec Group provides IT security consulting and services that include incident response, penetration testing, network security services, onboarding and integration of SIEM technologies, and delivering perimeter, infrastructure, endpoint, and networks security technologies. Herjavec also offers services dedicated to PCI compliance, which include things like vulnerability testing, risk assessment, PCI DSS control gap analysis, and remediation assistance.
Root9B: Provides IT security technology training, support, and consulting services to government agencies and private enterprises. This includes penetration testing, forensic analysis, vulnerability assessment, network defense operations, compliance audit, and data breach prevention and remediation, amongst other things.
Sera-Brynn: As a global advisory and audit firm, Sera-Brynn specializes in compliance auditing, with a background in national intelligence and military information security. Services include incidence response, risk assessment, penetration testing, and audit. Sera-Brynn helps enterprises comply with regulations such as PCI-DSS, FISMA, GLBA, and SOX.
Endpoint protection vendors deliver software that protects PCs, laptops and mobile devices. They generally offer malware protection, personal firewall, port control, full disk encryption, email encryption, application whitelisting, and intrusion detection.
Carbon Black: Next-generation solution for cloud and on-premises that prevents file-based attacks including ransomware. Provides full-spectrum behavioral and reputational analysis.
Intel Security – Intel’s McAfee Complete Endpoint Protection is a centrally managed solution that protects enterprises against zero-day exploits, and other advanced attacks on Windows, Macs, and Linux systems. Intel offers 4 tiers: Enterprise, Business, SMB, and Advanced Suite. A 5th tier exists, called Active Response, which is more geared towards endpoint security breach response.
Kaspersky Lab: Cloud-based console for endpoints, mobile devices and servers, with premium features such as encryption and internet gateway security. Enterprise version also offers virtualization security, and other features.
Sophos: Next-generation network and endpoint protection engine based on behavior instead of signatures to stop website and email threats.
Symantec: Leverages a threat-intelligence network that includes 175 million endpoints and 57 million attack sensors in nearly 60 countries. Single management across virtual and physical environments.
Trend Micro: Multi-layered solutions include anti-malware and threat protection, endpoint application control, endpoint encryption, and mobile security. Integrates big data analytics, global threat intelligence, and user-centric management.
Network security solutions protect the network from intrusion and unauthorized access. There is increasing overlap between the secure web gateway (SWG) market and the next generation firewall (NGFW) market. We included vendors from both categories below.
Blue Coat: Blue Coat offers an on-premises secure web gateway product that can help authenticate users, filter traffic, and provide visibility into encrypted traffic, and is delivered via proxy architecture.
Check Point: Serving industries like financial services, healthcare, retail/point-of-sale, and public sector, Check Point’s next generation firewall is integrated into Check Point’s Software Blade Architecture that’s managed from a single control point. Check Point provides several appliances geared toward companies with as little as hundred employees or as many as hundreds of thousands.
Cisco: Network security appliances that integrate a next-generation firewall with a next-gen intrusion-prevention system and advanced malware protection. Other solutions include application control and URL filtering.
Fortinet: Entry-level, midgrade, and high-end next-generation firewalls. Leverages a “security fabric” approach that includes threat intelligence, endpoint security, and other features.
Juniper Networks: Delivers firewalls, a real-time intelligence platform, network management and orchestration, analytics, and other solutions. Options include an application-aware component for preventing application-borne threats.
Palo Alto Networks: Next-generation firewall technology that classifies the traffic on all ports, including content, threats and applications, and ties that traffic to the user regardless of location or device.
WatchGuard: Popular with SMBs, WatchGuard delivers next generation physical or virtual firewalls that include features such as intrusion prevention, application control, data loss prevention, and an advanced persistent threat blocker.
Zscaler: As the leading cloud based web security gateway, Zscaler combines features of next generation firewalls with web gateways without the need to deploy or maintain hardware or software. Among other things, the solution decrypts SSL to inspect data for malware, botnets, and other advanced threats.
Data loss prevention
Also called data leak prevention, enterprise data loss prevention solutions ensure sensitive data does not leave the network. Generally, they focus on data loss via email, USB drives, and mobile devices, and identifying sensitive data stored on network file servers.
Check Point: Delivers fingerprinting of sensitive files, watermarking, SSL encrypted traffic inspection, and central policy management to prevent sensitive data from leaving the company. Integrates with Microsoft Exchange Server to protect outgoing email.
Digital Guardian: One of the better endpoint DLP agents that can integrate complex use cases. Network DLP solution available as hardware, software, or virtual appliance.
GTB Technologies: Focused specifically on DLP, GTB’s technology includes data fingerprinting and native SSL decryption to intercept accidental disclosure and theft of sensitive data.
Fidelis Security: Prevents network data loss natively, without a third-party proxy. Integrates with other capabilities such as network forensics and advanced threat detection.
Forcepoint: A joint venture of Raytheon and Vista Equity Partners (owner of Websense), Forcepoint’s DLP suite covers network, endpoints and data discovery on-premises and in the cloud.
Intel Security: Protects data in on-premises systems, mobile devices and other end-points. The solution combines DLP with encryption to prevent data leakage and ensure enterprises remain compliant with internal/external policies.
Symantec: Can prevent data loss from on-premises, and mobile devices and email. It can use content matching using regular expressions or “full file fingerprint” to detect unstructured data.
Advanced threat protection
Advanced threat protection solutions protect against unknown threats that, unlike known threats, can’t be detected based on signatures. They rely on sandboxing, big-data analytics, machine learning, and whitelisting to protect against advanced persistent threats.
Cisco: Provides threat intelligence, real-time malware blocking, and advanced sandboxing. Features include file analysis against 700+ behavioral markers, and malware detection using one-to-one signature matching, machine learning and fuzzy fingerprinting.
FireEye: One of the pioneers in leveraging a virtual execution engine to identify and stop advanced threats that can circumvent traditional security approaches based on firewalls and malware signatures.
Fortinet: Dubbed as FortiSandbox, the product offers advanced threat detection, automated mitigation, and insights to halt attacks and data loss by analyzing potential malware and malicious URLs in a safe sandbox environment. The solution extends from the network edge all the way to the endpoint device.
Hexis Cyber Solutions: Uses an integrated approach that identifies threats using a big-data platform, deep forensic scanning, analytics, and a library of threats; then validates and automatically removes the threats.
IBM Security: IBM’s Threat Protection System integrates 450 security tools from more than 100 vendors. It uses adaptive architecture that changes with the environment, as well as advanced analytics and automatic quarantine of noncompliant endpoints.
RSA: Provides a combination of network, endpoint, log, and identity data and techniques such as behavior analysis and threat intelligence to detect, investigate, and respond to threats.
Trend Micro: Combines sandbox analysis with activity monitoring across the network to correlate threat intelligence, and detect malware and command and control communication. Can be deployed as physical hardware or a virtual appliance
Tripwire: Their Adaptive Threat Protection product is a next-generation solution based on real-time security intelligence and analysis that includes logs, events, endpoints, threats, and vulnerabilities.
Trustwave: Managed advanced threat protection for networks, applications, and databases, along with other solutions such as big-data analytics.
Unisys: Unisys Stealth takes a unique approach to advanced threat protection by concealing endpoints and making them undetectable to unauthorized parties, both inside and outside the organization.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.