Top security software, 2017: How cutting-edge products fare against the latest threats

John Breeden II | Nov. 20, 2017
We go hands-on with some of the most innovative, useful and, arguably, best security tools from today's most important cybersecurity technology categories.

security threat

Threats are constantly evolving and, just like everything else, tend to follow certain trends. Whenever a new type of threat is especially successful or profitable, many others of the same type will inevitably follow. The best defenses need to mirror those trends so users get the most robust protection against the newest wave of threats. Along those lines, Gartner has identified the most important categories in cybersecurity technology for the immediate future.

We wanted to dive into the newest cybersecurity products and services from those hot categories that Gartner identified, reviewing some of the most innovative and useful from each group. Our goal is to discover how cutting-edge cybersecurity software fares against the latest threats, hopefully helping you to make good technology purchasing decisions.

Each product reviewed here was tested in a local testbed or, depending on the product or service, within a production environment provided by the vendor. Where appropriate, each was pitted against the most dangerous threats out there today as we unleashed the motley crew from our ever-expanding malware zoo.

With each review, listed in alphabetical order, we will endeavor to show how these new and trending cybersecurity tools work, where they fit into a security architecture, and how they defend against the latest types of threats and attacks.

 

Acalvio ShadowPlex

Category: Deception

Deception is an emerging field, and some of the drawbacks preventing easy, useful deployments are still being worked out. Acalvio ShadowPlex addresses some of those problems, offering clients unlimited deception assets without constant overhead or maintenance. And then those same, façade-like deception points can instantly spring to life when needed, unmasking attackers, keeping them engaged, recording valuable threat intelligence and then acting alone or with a SIEM like Splunk to eliminate them from a protected network. Read more...

 

Attivo

Category: Deception

Attivo addresses the one main weakness of most deception technology, having to rely on other programs to respond to an attack once revealed by the deception network. The Attivo platform offers quick response capabilities and the ability to interact with third-party programs for additional backup, configured using an intuitive drag and drop interface that requires very little training. After that, things like internal sandboxing and phishing e-mail protection are just icing on the cake of an already very impressive product. Read more...

 

Bay Dynamics Risk Fabric

Category: Vulnerability management

Many vulnerability management programs will direct IT teams to the critical threat on the non-critical asset, and place another vulnerability that could potentially cripple your organization thousands of places down on the priority scale. It’s not the program’s fault. It just doesn’t know context. That is one of the major problems in the vulnerability management space that the Bay Dynamics Risk Fabric program is designed to solve. By adding real context to raw scan results, IT teams are given a much better picture of the true risks hiding within their networks, including the potential costs if those problems are not fixed quickly. Read the full review...

 

Bitdefender HVI

Category: Remote browser

The Bitdefender Hypervisor Introspection (HVI) tool sits below the hypervisor and prevents any of these tactics such as buffer overflows, heap sprays, code injection and API hooking from executing, protecting the virtual browser from ever becoming compromised. Read more...

 

Crossbow

Category: Vulnerability management

The vulnerability assessment platform is one of the most realistic tools, but also one of the most dangerous, that CSO has ever reviewed. All of the attacks that it can load or create are real, using actual techniques and tactics that have historically broken through cybersecurity defenses at many organizations. Read the full review...

 

Cyphon

Category: Managed detection

For armored car service Dunbar, protecting its clients' money is more than just building secure physical structures and deploying armored trucks with armed guards. It’s also about protecting the digital infrastructure and cyber assets that support those operations. Cyphon was first created, to be used internally by the company to protect its assets. After that, rolling it out as service to clients easily fit into their protection-as-a-service model. Read more...

 

GuardiCore Centra

Category: Network security

Micro segmentation is one of the most advanced security methods that organizations can employ to protect critical assets, users, and data from both outside hackers and malicious insiders. Authorizing every process, app, user and service within a network, and what each of them can do and how they can interact, while denying everything else, is a heck of a gauntlet to throw down. The GuardiCore Centra solution eliminates much of the complexity normally associated with micro segmentation from the initial installation to ongoing program management. Read more...

 

InfoZen

Category: DevOps

For this review, InfoZen was brought in to create a fully-end-to-end DevOps scanning solution using their InfoZen Cloud and DevOps Practice service. Even within our admittedly tiny test environment, the benefits of the InfoZen toolset and automatic processes were obvious. Read more...

 

Kenna Security

Categtry: Vulnerability management

Kenna Security's vulnerability management platform is designed to prioritize the most dangerous vulnerabilities that could potentially harm a protected network. In a nutshell, it monitors most major threat feeds, and compares that data with assets inside a protected network. Read more...

 

Lacework

Category: Cloud security

Managing even a local data center is a tough job. Keeping a cloud secure is even more difficult. Lacework helps to filter all the chaos, removing false positives, and generating actionable threat intelligence in real-time for IT teams tasked with keeping their clouds secure. Read more...

 

Minerva

Category: Endpoint security

Minerva's Anti-Evasion Platform targets the new breed of environmentally-aware malware. The idea is that most normal threats will be blocked by traditional antivirus and Minerva will stop anything that attempts to get around that protection. Read more...

 

Promisec

Category: Endpoint security

Every organization can use a little help managing their detection and response of threats, and the many issues that crop up every day within their enterprise. Promisec can provide that help, wrestling endpoints into compliance, automatically if desired, and keeping a watchful eye over them to ensure they stay that way. It can act as a force multiplier for large organizations with mature cybersecurity architectures, or as a perfect first step for smaller and medium-sized companies discovering that their size is no defense against threats and regulatory concerns. Read more...

 

RedSeal

Category: Network security

When CSO's sister site Network World conducted its firewall manager review, the original plan was to invite RedSeal to participate. The problem was that while RedSeal originally did manage firewalls, their product has now evolved into something else. RedSeal shares some similarities to firewall managers, but is now in a separate, unique product group. We tested the RedSeal appliance to see where it fits into cybersecurity defenses. Read more...

 

SecBI

Category: Traffic analysis

SecBI's new software aims to eliminate two of the problems with using traffic analysis in cybersecurity: volume processing of data for actionable threat intelligence and a reliance on network trapping hardware. Here's how it works.

Sqrrl

Category: Traffic monitoring

Sqrrl Data turns network traffic monitoring into a true threat hunting platform that is easily capable of unmasking advanced threats that many other programs miss — or fail to identify as the grave threat they truly are. Learn more...

 

ThreatConnect

Category: Managed detection

There is no shortage of threat feeds available today. Subscribing to just the publicly available, free feeds, can net an organization thousands of reports per day. Subscribing to paid ones could potentially provide more targeted information, but the data is no less complicated to manage. Adding a tool like ThreatConnect, which can bridge the gap between theoretical threat information and the real world, is an invaluable tool for managing and optimizing detection and response capabilities. Read more...

 

vArmour

Category: Cloud security

The vArmour suite of tools is designed, first, to reestablish a software perimeter internally and then to hone the rules and policies that make up that backbone, delving all the way into the realm of micro segmentation. Read more...

 

Waratek

Category: Container security

Waratek is entering this space from a completely different angle compared to other container security firms, relying on just-in-time compiling and focusing exclusively on one of the biggest security risks within most organizations, applications running Java. Coming to the security space from the prospect of compiler engineers gives the Waratek software a unique flavor and approach that has been overlooked and unexplored by most other companies. Read more...

 

XebiaLabs DevOps Platform

Category: DevOps

DevOps is a hot topic in security these days, and for good reason: Software security flaws are often only discovered after an attacker has exploited them, which can cause huge losses of both data and revenue. Here's a look at how XebiaLabs helps navigate DevOps deployments and operations. Read more...

 

Read more reviews:

IDG Insider