THE ULTIMATE GUIDE TO IT SECURITY VENDORS 1
The Ultimate
S
ecurity is one of the biggest
challenges any organization faces,
and thus it commands a large – and
growing – share of IT budgets. With daily
headlines about breaches and privacy
concerns and tough new regulations
like the EU’s General Data Protection
Regulation (GDPR), organizations face a
greater need than ever to protect their
networks and data from threats both
inside and outside the firewall.
The editors of eSecurity Planet understand
the challenges that security teams and
eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.
CISOs face, and we’re committed to staying
on top of the industry to give you the
information you need to stay out of the
headlines. For this white paper, we’ve
chosen top vendors in 13 critical areas of IT
security, such as SIEM and EDR. You’ll find
key details on 85 vendors who are among
the best in their specialty, along with links
for further reading. And the number of
vendors we cover continues to grow. For
our latest picks for top security vendors,
follow our Products section.
While it might be tempting to look at raw
numbers, such as the number of times
a particular company made one of our
top vendor lists, and declare a certain
company the top security vendor, the fact
is that another product or even a niche
one from an up-and-coming startup might
be the one that best fits your needs. And
there’s no such thing as an all-Symantec
or all-RSA or all-McAfee shop; few, if any,
companies buy all their security tools from
a single vendor. So a SIEM system from one
company might work for you and an EDR
solution and firewall from other vendors
The Ultimate Guide to IT Security Vendors • 1 •
Guide to IT
Security Vendors
might best meet your needs. There are so
many security technologies covering data
centers, endpoints, mobile, remote and
CONTENTS
cloud operations that it’s worth a look at
the big picture to understand IT security Introduction.............................. 1
strategies and see how they all work
together to keep your data safe. SIEM Solutions.......................... 2
Here’s a breakdown of the top vendor lists CASB Solutions......................... 3
included here:
• IBM and Cisco landed on the most top Enterprise Detection and
Response (EDR)......................... 4
vendor lists, six out of the 13.
• McAfee, RSA and Forcepoint (owned Next-Generation firewalls
by Raytheon and formerly known as (NGFWs)...................................... 5
Websense) ranked on four lists each.
Threat Intelligence................... 6
• Check Point, Palo Alto, Microsoft,
Symantec and Micro Focus (thanks to its
acquisition of HPE’s software business)
Intrusion Detection.................. 7
made three of the top vendor lists.
Network Access Control.......... 8
• Ten vendors were named to two lists
each: SolarWinds, HPE Aruba, Trend Identity and Access
Micro, Splunk, Entrust, Alien Vault, Management............................. 9
LogRhythm, Sophos, Barracuda and
FireEye.
User and Entity Behavior
If you’ve been counting, that means that
Analytics (UEBA).....................10
65 vendors are mentioned once each.
That’s a lot of talented up and comers (and Patch Management................11
a few big names) to choose from.
Encryption...............................12
So without further ado, here’s a brief
explanation of each security technology, Enterprise Mobility
along with a chart detailing some
Management...........................13
features of the top vendors in that
market, chosen based on criteria such
as market share, financial strength and Secure Web Gateways............13
analyst and user ratings.
eSecurity Planet
 THE ULTIMATE GUIDE TO IT SECURITY VENDORS 2

Security Information and Event Management (SIEM)

Security information and event management (SIEM) is the
technology that can tie all your systems together and give
you a comprehensive view of IT security.
IT security is typically a patchwork of technologies – firewalls,
intrusion prevention, endpoint protection, threat intelligence
and the like – that work together to protect an organization’s
network and data from hackers and other threats. Tying
all those disparate systems together is another challenge,
however, and that’s where SIEM can help.
SIEM systems manage and make sense of security logs
from all kinds of devices and carry out a range of functions,
including spotting threats, preventing breaches before they
occur, detecting breaches, and providing forensic information
to determine how a security incident occurred as well as its
possible impact.
Here are the 10 SIEM vendors we selected, along with some
details of each offering. For more on the selected vendors, see
our comprehensive article Top 10 SIEM Products.

Top SIEM Vendors

VENDOR/PRODUCT USE CASES METRICS INTELLIGENCE DELIVERY PRICING

Micro Focus Enterprises 350+ data sources, Integrates with Appliance, software Based on data ingested
ArcSight 75,000 events per machine learning, or cloud and events per second
second (EPS) intelligence (EPS)
platforms
Splunk Enterprise Highly-regulated Most users ingest Integrates with Software or cloud Based on max daily
Security industries several petabytes Splunk UBA & data volume; starts at
daily machine learning $1,800/GB/day
toolkit
eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.

IBM Security Enterprises and 400+ sources, scales UBA, forensics, Cloud or hardware, Cloud starts at $800/
QRadar regulated industries to millions of events packet inspection, software or virtual month; on-premises at
per second Watson integration appliance $10,400

AlienVault Lower-cost option for Up to 15,000 EPS Global network Cloud or virtual or Lower-cost open
Unified Security on-premises or AWS sharing 1 million hardware appliance source-based product
Management threats daily

LogRhythm Scales from midrange Highly scalable Machine analytics Appliance, software Subscription pricing
to enterprise decentralized for advanced threats or virtual instance tied to volume
architecture consumption

McAfee Enterprise Support for public 50,000+events per Automated task and Physical or virtual Based on EPS capacity,
Security Manager sector, education and second, billions of policy changes appliance starting at $39,995
healthcare events stored

Micro Focus MSSPs and distributed Event taxonomy Integrates with Software or virtual Based on EPS and per
Sentinel Enterprise enterprises comprises more than NetIQ technologies appliance device
200 fields
Solar Winds Log & Security teams Up to 250 million Thresholds can be Virtual appliance Starts at $4,495 for 30
Event Manager looking for easy, events per day set for abnormal nodes
lower-cost solution behavior
Trustwave SIEM Mid-market and Millions of daily Analytics and threat Appliance, software Subscription or fee-
Enterprise enterprise events intelligence from or managed service based consulting
SpiderLabs
RSA NetWitness Financial, government, 30,000 EPS, 10Gbps Streaming analytics, On-premises, Based on throughput
energy, telecoms & 100,000 endpoints machine learning , virtual, cloud and per 50 GB of logs and
per scalable system automation hybrid options 1TB of packets

The Ultimate Guide to IT Security Vendors • 2 • eSecurity Planet

 THE ULTIMATE GUIDE TO IT SECURITY VENDORS 3

Cloud Access Security Brokers (CASB)

Cloud access security brokers (CASB) help IT departments
monitor cloud service usage and implement centralized
controls to ensure that cloud services are used securely.
CASBs provide a solution to many of the security problems posed
by the use of cloud services – both approved and unapproved.
They do this by interposing themselves between end users –
whether they are on desktops on the corporate network or on
mobile devices connecting using unknown networks – or by
harnessing the power of the cloud provider’s own API.
CASBs may run in a corporate data center or in a hybrid mode
that involves the data center and the cloud, but the majority of
companies choose a CASB that operates exclusively from the
cloud, unless regulatory or data sovereignty considerations
require an on-premises solution.
These are the six CASB vendors we chose, along with some
details on each. For greater detail on each, see our
article 6 Top CASB Vendors.

Top CASB vendors

eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.

VENDOR USE CASES FEATURES TECHNOLOGY DELIVERY PRICING

Forcepoint Large to very large Deep support for top cloud API, proxy and Cloud Subscription based on
enterprises applications, with ability to hybrid number of users, plus
support many more options like governance
and audit

Skyhigh Mid to large Threat protection and DLP; Combination of Cloud, software Priced on per-user, per-
Networks enterprises dedicated GDPR offering API and proxy or appliance year basis
depending on use
case

Cisco Systems Organizations with Micro services exposed via API Cloud Priced on number of apps
1,000+ employees APIs can support home- and users
grown apps

Microsoft Small and mid-sized Deep integration with API, with in- Cloud $5 a month per user; also
companies Microsoft security and Office session proxy part of Microsoft Mobility
365 control + Security

Bitglass Small through large Integrated IAM; agentless Hybrid Cloud Priced per user per
enterprises support for any app or device month

Netskope Enterprises Covers thousands of cloud API, proxy and Cloud, appliance Priced per user per year
services; DLP and threat hybrid or both
analytics

The Ultimate Guide to IT Security Vendors • 3 • eSecurity Planet

 THE ULTIMATE GUIDE TO IT SECURITY VENDORS 4

Enterprise Detection and Response (EDR)

Endpoint Detection and Response (EDR) addresses the need for
continuous monitoring and response to advanced threats. EDR
differs from other endpoint protection platforms (EPP) such as
antivirus and anti-malware software in that its primary focus
isn’t to automatically stop threats in pre-execution phase on an
endpoint. Rather, EDR is focused on providing the right endpoint
visibility with the right insights to help security analysts discover,
investigate and respond to very advanced threats and broader
attack campaigns stretching across multiple endpoints. Many
EDR tools, however, combine EDR and EPP.
Here are the 10 EDR vendors we selected, along with a few key
details on each of them. For more detail, see Top 10 Endpoint
Detection and Response (EDR) solutions.

Top EDR Solutions

VENDOR USE CASES METRICS INTELLIGENCE DELIVERY PRICING

FireEye From 250 to 300,000 1,000+ researchers; Automated threat Cloud or appliance Starts at $30 per
endpoints; cloud for 1,000 Mbps throughput detection and endpoint, plus
SMBs prevention for known intelligence feeds and
and unknown threats appliance costs
Carbon Black All markets and Up to 150,000 endpoints Defense Cloud analytics Software or cloud Starts at $30 per
sizes, but strongest per cluster, with engine identifies endpoint per year
in high-risk unlimited clusters malicious activity
industries
Guidance Large organizations Can scale to hundreds of Automated alert Software Starts at $57,995 for
Software thousands of nodes response, validation, up to 2,000 nodes on a
triage and incident perpetual license
response
eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.

Cybereason Organizations of Can render 8 Machine learning and Cloud or on- Starts at $50 per
any size or vertical million questions per analytics premises endpoint before
with little security second with unlimited volume discounting
talent scalability
Symantec Boasts 25% of Scales to hundreds of AI and world’s largest Physical or virtual Starts at $40 per seat
Endpoint all deployments thousands of endpoints threat intelligence appliance per year
Protection worldwide and network
with EDR 350,000 customers
RSA Strongest in More than 300 Behavioral-based Agents deployed Pricing on a per-
NetWitness finance, healthcare, behavioral indicators analytics engine and across multiple form endpoint basis
Endpoint government, can be customized machine learning factors; management
energy, telcos console on-premises

Cisco AMP for Strong in high-risk Top score from NSS Adaptive intelligence, Cloud, private cloud, Pricing is based on
Endpoints verticals Labs; 20 billion threats automated detection or on-premises length of subscription
blocked per day and response appliance and number of
endpoints
Tanium Large organizations Millions of endpoints Automation workflows Appliance, virtual Company doesn’t
and 15-second visibility data collection and machine, or disclose pricing
across all endpoints corrective actions standalone server
CrowdStrike Large organizations More than 30 billion APIs and feeds for Cloud Subscription-based
events per day from integration with pricing
millions of sensors SIEM, IDS, and Threat
across 176 countries Intelligence platforms
CounterTack From SMBs to Can complete billions of Via a strategic Platform or cloud $14,000 per perpetual
enterprises scans per second partnership with SAP seat; $7,500 annual
subscription seat

The Ultimate Guide to IT Security Vendors • 4 • eSecurity Planet

 THE ULTIMATE GUIDE TO IT SECURITY VENDORS 5

Next-Generation Firewalls (NGFWs)

Firewalls have evolved significantly over the past decade to
include an array of advanced features, and these more advanced
offerings are called next-generation firewalls (NGFWs).
NGFWs contain features such as support for single-enterprise
firewalls, as well as branch offices, multi-tiered demilitarized
zones (DMZs), and virtual versions that can be deployed within
the cloud. In addition, NGFWs come with comprehensive
management and reporting, policy enforcement for applications
and user control, intrusion prevention, deep packet inspection,
sandboxing, and incorporate threat intelligence feeds.
Here are our picks for top NGFW vendors. For more detail on
each, see Ten Top Next-generation Firewall (NGFW) Vendors.

Top Next-Generation Firewall Vendors

VENDOR USE CASES METRICS INTELLIGENCE DELIVERY PRICING

Sophos SMB and mid-market primarily,
as well as IaaS on Azure
Throughput of 11,800 Mbps, 30 Analytics into root cause of Hardware, software Pricing starts at
million concurrent connections malware attacks, machine and virtual $249/year for entry-
and 300,000 new connections learning for better detection appliance level appliance.
per second rates Pricing depends on
performance and
features

Check Strong in retail, financial Firewall throughput from 90 Inspects at the CPU-level to On premises, Prices range from
Point services, government, Mbps in small office devices to stop attacks, and OS-level threat virtually, in public $499 up to a few
healthcare, service providers, 128 Gbps in high-end chassis- emulation clouds hundred thousand
utilities, manufacturing based systems dollars

Barracuda Strong in central and southern 40 Gbps firewall throughput, Machine leaning and On-premse and From $699 plus
EMEA and North America, 10 Gbps VPN throughput and intelligence features to identify virtual versions support
especially inmid to large up to 15,000 users potential malware
enterprises with globally
dispersed WANs or needing
secure cloud connectivity

Juniper Small- to mid-size enterprise 2 Tbps firewall, six nines of Juniper Sky Advanced Threat Appliances, Low-end
eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.

Networks markets as well as service reliability, more than 100 Gbps Prevention cloud-based service, software, private appliances start
providers, telecom, financial IPS, and 100 million concurrent which leverages reporting and and public clouds around $300
services and healthcare user sessions analytics tools, and machine
learning algorithms

Fortinet Data centers, distributed
mid-to-large enterprises,
communications service
providers, government,
defense, finance, education
and retail
Firewall throughput of up to Machine learning-based threat Hardware Entry-level
630 Gbps, IPS of up to 120 intelligence and deep analytics appliance, virtual hardware
Gbps, NGFW throughput of machine, cloud and appliances start at
up to 100 Gbps, and a threat SaaS around $500
intelligence network of 3.3
million sensors

Forcepoint Distributed enterprises and Can manage 2,000 firewalls Analysis of the behavior Physical appliance, Starting at under
government agencies and IPS devices with the ability of anomalous network virtual and cloud $1,000
to update hundreds in minutes connections deployments

SonicWall SMBs, midmarket and large Gateway throughput of up to More than a million SonicWall On premises From around $500
enterprise 9 Gbps, TLS/SSL inspection sensors provide data that is appliances for a small business
throughput of up to 3 Gbps and analyzed via machine learning or branch office up
up to 10 million connections using deep learning algorithms to around $80,000

Palo Alto All industries 200 Gbps of firewall Automated event aggregation Physical and virtual No pricing data
Networks throughput, 100 Gbps of threat and filtering appliances avaialble
prevention throughput, 1.2
million connections per second
and up to 80 million sessions

Cisco SMBs to large enterprise 1.2 Tbps clustered throughput, IP, URL, and DNS threat Physical and virtual Starting at under
57 million concurrent intelligence firewalls $1,000
connections, 500,000 new
connections per second

Huawei Asia/Pacific region or EMEA, 10 Gbps attack and defense Traffic analysis Physical appliances, Starting price less
especially in enterprises performance and avirtual firewall than $2,000
compatible with
Microsoft Azure

The Ultimate Guide to IT Security Vendors • 5 • eSecurity Planet

 THE ULTIMATE GUIDE TO IT SECURITY VENDORS 6

!
Threat Intelligence
Threat intelligence is a critical security tool that uses global They incorporate one or many data feeds and subject the data
security intelligence to detect malicious activity inside your to detailed analysis. Advanced analytics are used to isolate
network. unusual patterns in systems and mine other valuable data.

These solutions can take a number of different forms. Threat
intelligence feeds take security data from vendors, analysts and
other sources about threats and unusual activity happening all
around the world. Malicious IP addresses, domains, file hashes
and other data stream in constantly from external parties.
This can help companies understand behaviors that might be
affecting their own networks.
Threat intelligence platforms (TIPs) take this a step further.
At a minimum, a threat intelligence platform should have
actionable indicators that can be used to identify potential
threats to an organization (such as known bad IP addresses
and URLs, and malware hashes), and support collaboration and
investigation workflow for the security analyst and broader
community.
Here are our picks for top threat intelligence vendors. For more
detail on each, see Eight Top Threat Intelligence Companies.

Top Threat Intelligence Platforms

VENDOR USE CASES METRICS INTELLIGENCE DELIVERY PRICING

IBM Retailers, financial Unlimited queries Machine learning and Via web browser The API is free for 5,000
services, enterprise per month, and up IBM Watson analytics or through an records/month; the
to 5,000 records per API interface to commercial API starts at
month interface with $2,000 per user/month
existing security
solutions
eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.

Anomali Financial services, Can process millions Machine learning and SaaS, on-premises, Pricing varies based on
enterprise of Indicators of integration with other or hybrid customer environment
Compromise (IOCs) security platforms
Palo Alto Large enterprises Receives hundreds of Statistical analytics, SaaS-based security Licensed as a per-user
Networks millions of samples correlation and services annual subscription or
per month, and over a machine learning enterprise-wide
trillion artifacts across
petabytes of data
RSA financial institutions, Can ingest 30,000 EPS Automated On premises, in Tiered throughput or
governments and oil/ per system and up to segmentation and private clouds, on subscription licensing
gas/energy/telcos 100k endpoints per enforcement virtual machines, or
system public cloud
LogRhythm Financial services, 26 billion messages Pattern matching and Software and Pricing begins at $27,000
retail, manufacturing, per day and over 10K advanced correlation hardware
and government gigabytes per day to machine learning
and statistical analysis
FireEye Financial services, More than 1,000 Automation enables it Via API integration, Subscriptions range from
government and IT experts responding to go from alert to fix intelligence portal, $100,000 to $500,000
to incidents and in seconds and email delivery
researching attacks
LookingGlass Enterprise and third Over 140 sources of Machine-readable Hosted or on- Open-source business
Cyber Solutions party risk monitoring threat data gathered threat intelligence premise model
AlienVault Companies with Receives 10 million Automation and Cloud, virtual or Monthly subscription;
smaller IT security indicators of machine learning hardware appliance Tiers start at $1,575/
teams compromise every month for a 250 GB data
day volume

The Ultimate Guide to IT Security Vendors • 6 • eSecurity Planet

 THE ULTIMATE GUIDE TO IT SECURITY VENDORS 7

STOP
Intrusion Detection and Prevention Systems
Intrusion detection and prevention systems (IDPS) help spot
intruders before they can do serious damage.
An IDPS monitors network traffic for signs of a possible
attack. When it detects potentially dangerous activity, it
takes action to stop the attack. Often this takes the form
of dropping malicious packets, blocking network traffic or
resetting connections. The system also usually sends an alert
to security administrators about the potential malicious
activity.
The IDPS appliance market contains standalone physical and
virtual appliances that inspect defined network traffic, either
on-premises or in the cloud. IDPS capabilities have been
integrated into some next-generation firewalls, but the markets
remain distinct.
Here are our picks for top IDPS vendors. Darktrace is included
despite not being classified as an IDPS because its technology
has the potential to disrupt the market. For more detail,
see 9 Top Intrusion Detection and Prevention Systems.

Top Intrusion Detection and Prevention (IDPS) Providers

VENDOR USE CASES METRICS INTELLIGENCE DELIVERY PRICING

McAfee NSP is deployed across Aggregate Performance - 40 Bot analysis, endpoint- Physical or virtual Starting from $10,995
all market segments in Gbps; Maximum number of enhanced application appliance
the data center, cloud, connections ranges from 40,000 control, analysis of flow data,
or hybrid enterprise on the 100 Mbps appliance up self-learning DoS profiles and
environments to 32 million on the 40 Gbps an analytics feature to report
appliance potentially malicious hosts

Trend Large and very large 40 Gbps inspection throughput TippingPoint solutions Hardware and Starts at $6,000
Micro enterprises in a 1U form factor; can be provide real-time, threat virtual offerings
stacked to deliver 120 Gbps in a prevention for vulnerabilities
eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.

3U form factor. Network traffic through Digital Vaccine

inspection throughputs 250 threat intelligence
Mbps to 120 Gbps

Hillstone Government, finance, Can identify more than 3,000 Advanced threat detection Appliance Starts at $18,000
education, ISP and applications, including mobile engine and abnormal
enterprises customers and cloud applications. IPS behavior detection engine.
throughput up to 14 Gbps

Darktrace Large enterprise sites The Darktrace vSensor extracts Machine learning Hardware No pricing provided
across all verticals only relevant metadata, sending appliance and
1% of network traffic onto the software
master appliance

NSFocus Fortune 500 companies, Up to 20 Gbps of application- Virtual sandboxing appliance Physical and virtual No pricing provided
mobile providers, global layer data processing capacity is capable of detecting, appliances
financial institutions, analyzing and mitigating
SMEs and service known, zero-day, and
providers advanced persistent threats

H3C All market sizes Millisecond response to threats Defense and traffic pattern SecBlade IPS No pricing provided
self-learning capabilities modules for
switches and routers

Huawei Large- and medium-size NIP can identify more than 1,200 Protocol anomaly detection, Physical appliances Starting at less than $2,000
enterprises, as well as network applications traffic anomaly detection,
carrier-grade enterprises and heuristic detection

Entrust Energy, utility, chemical, More than 10 million identity Data filtering, aggregation Hardware and No pricing provided
automotive, telecom and and payment credentials daily and integration with edge embedded versions
manufacturing analytics available

Cisco From remote offices to Appliances range from 50 Mbps URL-based security Software and 22 Prices vary, from low-cost
large data centers to 60 Gbps of inspected IDPS intelligence, AMP Threat Grid physicial and virtual small appliances to around
throughput integration, security research form factors $100,000 for the Firepower
team 4100 enterprise appliance

The Ultimate Guide to IT Security Vendors • 7 • eSecurity Planet

 THE ULTIMATE GUIDE TO IT SECURITY VENDORS 8

Network Access Control (NAC)

Network Access Control (NAC) helps enterprises implement
policies for controlling devices and user access to their
networks. NAC can set policies for resource, role, device
and location-based access and enforce security compliance
with security and patch management policies, among other
controls.
all need some level of access. In some cases, it is from within
the campus and at other times access is remote. Adding to
the complexity are bring your own device (BYOD) policies,
the prevalence of smartphones and tablets, and the rise of
the Internet of Things (IoT). NAC tries to tame that complexity
through policy management, monitoring and control.

NAC is an effort to create order out of the chaos of These are our picks for top NAC vendors. For more detail,
connections from within and outside the organization. see 9 Top Network Access Control (NAC) Solutions.
Personnel, customers, consultants, contractors and guests

Top NAC Solutions

VENDOR USE CASES METRICS INTELLIGENCE DELIVERY PRICING

Impulse Education, 500 to 50,000 users, no Automatic detecion, Virtual or physical Starts at $7,000
government, network performance fingerprints new appliances support for 250 concurrent
enterprise hit devices 25,000 endpoints devices
and can scale
Extreme Networks Education, Can scale up to 200,000 Rules-based Physical or virtual Per-user pricing
entertainment, endpoints architecture and appliance model
hospitality, healthcare automation
eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.

Auconet Large companies 100% device discovery; Also offers network Physical or virtual Varies by architecture
and complex largest implementation monitoring and asset appliance or cloud and range of
implementations 500,000+ ports management functions
ForeScout Government/defense, 1 million+ port Automated Physical or virtual Starts at $3,701 for
financial services, implementations; can segmentation and appliances with virtual and $4,995 for
healthcare, retail protect medical devices enforcement failover option physical appliance
Pulse Secure Enterprises and Up to 50,000 concurrent Automatic Physical or virtual Pricing ranges from
service providers users and 115 logins per deployment and appliance $11-$80 per user,
with heterogenous second threat detection depending on volume
environments
HPE Aruba Education, finance, 10 million+ Shares information Physical or virtual Costs vary with size
healthcare, authentications per day with third-party and appliance
retail, distributed UEBA products
environments
Bradford Networks Regulated industries, Support for more than Automated Software Sold through channel
technology, 1,500 networking containment; partners
entertainment devices integrates with
endpoint, threat
solutions
Cisco Systems Government and 500,000 concurrent Adaptive Physical or virtual Based on subscription
regulated industries sessions and 1.5 intelligence, machine appliance term and number of
million endpoints per learning, automated points protected
deployment response
InfoExpress Popular with One deployment covers Automated discovery Software or Server software
educational 200 campuses and appliance $4,995; seat licences
organizations 100,000 users start at $55 each

The Ultimate Guide to IT Security Vendors • 8 • eSecurity Planet

 THE ULTIMATE GUIDE TO IT SECURITY VENDORS 9

PASSWORD
Identity and Access Management
Controlling access to networks, data and applications is one
of the most critical roles a security team plays. One popular
solution to the challenge is identity and access management
(IAM) products.
IAM platforms let IT departments ensure that cloud, on-
premises and hybrid environments provide the right level of
access to the right roles and individuals at the right time.
access to the resources they need, and that the process of
onboarding, offboarding, role management, authentication,
access management and the like is automated and scalable.
IAM solutions often include technologies such as multi-factor
authentication and enterprise mobility management to
address the myriad ways data can be accessed in on-premises,
cloud, hybrid and mobile environments.

The goal of IAM products and services is to ensure that Here are top IAM picks. For more detail,
authorized workers, partners and customers have appropriate see 10 Top IAM Products.

Top Identity and Access Management Products

VENDOR USE CASES OVERVIEW FEATURES DELIVERY PRICING

Microsoft Azure Microsoft cloud Integrates with SSO, MFA, role management, Cloud Free for Azure users,
Active Directory services, with on-premises Active security & user monitoring with additional costs
support for other Directory based on service
major cloud services and support levels
IBM Security Enterprises Provides IAM and SSO, MFA, log management, Cloud, on- Contact company
Identity and Access governance across compliance, identity premises for pricing
Assurance extended enterprises federation, onboarding

Oracle Enterprises Provides IAM for SSO, MFA, compliance, Cloud Enterprise pricing
eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.

Identity Cloud employees, partners and integrated directory solution starts at $1 per
Management customer across hybrid hosted named user
environments
Okta Enterprises IAM and mobility SSO, MFA, Universal Cloud, on- Universal Directory
management for Directory, compliance, premises starts at $1/month/
employees, partners, unified management, activity user
customers monitoring
Centrify Enterprises Manage access across SSO, MFA, compliance, Cloud, Starts at $4/user/
applications, devices and activity monitoring, mobile mobile month
environments management
RSA SecurID Access Enterprises IAM, governance and SSO, MFA, risk analytics, Cloud, on- Starts at $1/user/
lifecycle management in biometrics, compliance, premises month
one suite activity monitoring
Keeper Security Small businesses Secure access to SSO, MFA, encryption, Cloud, on- Business version
to enterprises; encrypted passwords, compliance, activity premises $30/year/user;
consumer version websites and monitoring, role management consumer version
too applications offered too
SailPoint Enterprises Unified IAM across cloud, SSO, MFA, compliance, activity Cloud, on- Contact company
IdentityIQ mobile, on-premises monitoring, role management premises for pricing
OneLogin Small businesses to 5,000 integrated apps, SSO, MFA, compliance, Cloud SSO free for 3 apps/5
enterprises custom modules for monitoring, offboarding, personal apps;
defense, restaurants mobile management $2-$8 per user for
advanced features
Ping Enterprises Unifies users, networks, SSO, MFA, directory, Cloud, on- Contact company
devices and apps governance, user portal, premises for pricing
thousands of supported apps

The Ultimate Guide to IT Security Vendors • 9 • eSecurity Planet

 THE ULTIMATE GUIDE TO IT SECURITY VENDORS 10

User and Entity Behavior Analytics (UEBA)

Organizations that want to add advanced analytics or machine event management (SIEM), network traffic analysis, identity
learning capabilities to their IT security arsenal have a relatively and access management (IAM), endpoint security, data loss
new option: user and entity behavior analytics (UEBA). prevention or employee monitoring tools.

Although UEBA solutions have only been around for a few years,
they are quickly becoming popular among large enterprises.
According to Gartner, sales of standalone UEBA solutions are
doubling each year and could top $200 million this year. In
addition, many vendors are incorporating UEBA capabilities
into other security tools, such as security information and
UEBA solutions identify patterns in typical user behavior and
then pinpoint anomalous activities that do not match those
patterns and could correspond with security incidents.
Here are our top UEBA picks. For more detail,
see 19 Top UEBA Vendors.

Top UEBA vendors

VENDOR USE CASES SPECIAL FEATURES DELIVERY
Balabit Finance, telecom Automated incident response, behavioral On-premises software
biometrics
Dtex Security operations teams Forensic audit trail On-premises software
E8 Security Enterprise security operations teams Unsupervised machine learning; one-click On-premises software
search and filter
Exabeam Large organizations, federal agencies Ransomware detection and prevention Physical appliance or cloud-ready
virtual machine
Forcepoint Security operations teams Consolidated risk scores for individuals; On-premises software
video replays of users’ screens
Fortscale Organizations of all sizes; security vendors Darknet analysis; DLP integration On-premises software or embedded in
eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.

other security solutions

Gurucul Corporate security operations Large library of machine learning Appliance, virtual machine, cloud or
algorithms; fuzzy logic-based link analysis bare metal
Haystax Federal government, financial industry, Integrated view of insider trustworthiness; Software or cloud-based
corporate IT security, public safety low rate of false positives
HPE Niara Security operations teams Integrated forensics; ingests data from On-premises or cloud software or
nearly any source appliance
Interset Security operations teams Used by multiple U.S. intelligence agencies; On-premises or cloud
more than 200 machine learning models
Microsoft Small businesses Mobility support; deep packet inspection On-premises software
Palo Alto Security operations teams Malware detection; low volume of highly Hardware or virtual appliance, on-
Networks actionable alerts premises or cloud
Preempt Security operations teams User risk scoring; forensics; reduced alerts On-premises software
RedOwl Security operations and surveillance teams, Detects workplace violence and On-premises software, appliance or
especial in financial services harassment, IP theft; user risk scoring virtual private cloud
Securonix Security operations teams, especially in very Fraud reporting; trade surveillance; patient On-premises software or cloud-based
large enterprises data analytics
Splunk Security operations teams Multi-dimensional behavior baseline; On-premises software or AWS service
anomaly exploration
Varonis Security operations teams “Security Time Machine” analyzes past data; On-premises software
ransomware detection
Veriato Security operations teams and HR Psycholinguistic analysis; screen snapshots; On-premises software
departments keystroke recording
ZoneFox Security operations teams, especially banks, Forensics, network monitoring and On-premises software or cloud-based
manufacturers and game developers federated security

The Ultimate Guide to IT Security Vendors • 10 • eSecurity Planet

 THE ULTIMATE GUIDE TO IT SECURITY VENDORS 11

Patch Management
No area of security is more important – or more overlooked – So here are our picks for top patch management products. For
than patch management. If you’re not applying patches and more detail, see Top Patch Management Solutions.
updating software and applications in a timely manner, you’re
giving the bad guys an easy way in.

Top Patch Management Providers

VENDOR USE CASES METRICS INTELLIGENCE DELIVERY PRICING

SolarWinds Microsoft Windows Patch Manager is deployed in N/A Windows application Patch Manager is licensed
servers and a wide range of environments on a per node basis, starting
workstations for both ranging from dozens of nodes at $3,617 for up to 250
Microsoft and third- to several thousand nodes (license with first-year
party products maintenance)

Flexera North America, and Used to discover, verify, validate Uses Vulnerability On-premises, virtual Pricing is per device, with no
Europe. and document vulnerabilities in Intelligence by Secunia appliance and cloud minimum number of devices
over 55,000 products Research

IBM BigFix is used First query results are returned An intelligent agent On premises BigFix starting prices range
by thousands of within 15 seconds, with full ensures that decision- from $2.49/client device/year
organizations of all query on 120,000 nodes making and calculations to $43.80/client/device per
sizes returned within 5 minutes are performed at the year depending on version
endpoint rather than in and features
the network

Ivanti SMB to large N/A Patch catalog updated On premises, Ivanti standalone solutions are
enterprise. twice weekly, plus Zero virtualized or cloud priced at $65 per server or $30
Day support with out of per workstation. Integrated
band releases for critical solutions start at $9 per
security updates  endpoint for perpetual or $5
eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.

per endpoint for subscription

Red Hat Enterprise computing, N/A AI-based predictive On-premise software $192/$199 per managed
server provisioning, analytics from Red Hat (Satellite), Software- server for Satellite/Insights,
configuration, and Insights as-a-Service (Insights) respectively
patch management of
Linux systems

Kaseya MSPs and mid-market Kaseya manages over 10
enterprises million endpoints with its
management, monitoring and
patching solution
Endpoints can securely On-premises or cloud $0.50/endpoint/month
share patches for rapid
deployment without the
overhead of huge patch
downloads over the
internet

Micro SMEs to large More than 10,000 pre-tested Automatic patch Software or virtual No pricing data avaialble
Focus enterprises patches for more than 100 major deployment based on pre- appliance
current and legacy applications defined policies
and operating systems

Verismic SMBs to enterprises, Verismic has deployed over five Automatically discovers Software as a Service Subscription based
as well as MSPs million patches globally network devices,
and predictive patch
management prioritizes
patching and threat
remediation

BMC Targets include larger BMC BladeLogic supports Provides operational On-premises solution, No pricing data avaialble
enterprise customers some enterprises with more context to security scans though there are also
with complex than 150,000 servers under customers running
patching and security management BladeLogic inside of
needs AWS and Azure

Kace Mid to large Patches up to 20,000 machines Detects missing patches; Hardware, virtual No pricing data avaialble
enterprises, including in four hours; solution includes can be scheduled at least appliance, and ‘as a
regulated industries endpoint management disruptive times service’

The Ultimate Guide to IT Security Vendors • 11 • eSecurity Planet

 THE ULTIMATE GUIDE TO IT SECURITY VENDORS 12

Encryption
A decade ago, encryption was hot enterprise security news.
As a measure of its effectiveness as a technology, it has been
incorporated as a key feature in many security suites since.
But that doesn’t mean it has faded in importance. With data
protection and privacy regs getting stronger every year (yes,
we’re talking about you, GDPR), encryption is more important
than ever.
The encryption products we selected are those that have
stood the test of time. In the early years of the millennium,
there were scores of encryption tools available. But through
consolidation, acquisition and attrition, these are the ones
that have emerged in what can now be considered a mature
market. For more details, see Top 10 Enterprise Encryption
Products.

Top Encryption Products

VENDOR USE CASES METRICS INTELLIGENCE DELIVERY PRICING

IBM Compliance, GDPR Overhead of less than Real-time monitoring, As embedded Licensing based on
regulations, and cloud 5% automated solutions, or external the quantity of servers.
provisioning and virtual or software Perpetual and fixed-
analytics appliances term licensing available
Check Point SMB to enterprise Deployments of more N/A Software packaged Based on the sale of
than 200,000 seats, inside a Check Point hardware blades
deployment rates of Software Blade
50,000 seats per month
eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.

ESET Healthcare, retail and files no greater than 3.99 Fully automated Management Sliding scale starting at
other compliance GB; remote wipe and server installed on a $56 per user
markets control Windows machine
Dell Government, Performance impact Automation to gather Software client Per seat perpetual
healthcare, critical under 3%, deployments internal metrics and for license with one-year
infrastructure and of 350,000 or more load balancing support starts at about
utilities $79 USD
McAfee SMB to enterprise Scales to very large Remote command Software and agents On a per-node basis
deploments execution options
to interact with
orchestration and
security systems
Micro Focus Big Data, Internet of Some clients protecting Real-time auditing, Virtual appliance Pricing varies by per
Things, compliance, 10 billion transactions monitoring and application or per node
and hybrid IT per day reporting
Bitdefender Healthcare, finance Scales to millions of N/A Cloud or on-premises Starts at $22.95 per
and other compliance endpoints endpoint per year
markets
Sophos Government, Hundreds of thousands Automated encryption Cloud or on-premises Pricing per user per
healthcare, education of users with no year, starting at $20
and finance performance drop (cloud)
Symantec Government, financial Scales to 500,000 users Advanced data Software or cloud Perpetual or
and healthcare or more detection subscription licensing
Trend Micro SMB to enterprise Scales to very large Machine learning and Software Pricing starts at $33.75
deploments behavioral analytics per user for 501 users

The Ultimate Guide to IT Security Vendors • 12 • eSecurity Planet

 THE ULTIMATE GUIDE TO IT SECURITY VENDORS 13

Enterprise Mobility Management

Managing mobile apps and devices is a challenge faced
by all organizations these days. One technology that has
evolved to address mobile security, access and control is
enterprise mobility management (EMM), itself an evolution
of mobile device management (MDM) and bring your own
device (BYOD) practices and technologies.
Here are our picks for top EMM vendors. For more detail,
see 5 Top Enterprise Mobility Management (EMM) Solutions.

Top EMM Vendors

VENDOR FEATURES INTELLIGENCE PRICING

VMware AirWatch Unified endpoint management, end-to-end security, Automated deployment 5 levels, from $4.33 to $9.33 per
identity management, productivity apps and management device/month
MobileIron Administrative console, secure gateway, apps, secure Policy engine Three levels; pricing not disclosed
email & content access, VPN
Citrix XenMobile Unified endpoint, device, app and content Business app creation Starts at $5/device/month
management; secure gateway without code
BlackBerry Device, app, identity and content management Jailbreak detection, Not disclosed
compliance, controls for
regulated sectors
eSecurityPlanet • The Ultimate Guide to IT Security Vendors © 2018 QuinStreet, Inc.

IBM MaaS360 Visibility and control, productivity suites, threat and Watson integration adds Starts at $4/device/month
malware protection, secure collaboration, gateway AI and machine learning

WWW
Secure Web Gateways
Secure web gateways may be getting competition from
NGFWs, UTMs and CASBs, but they remain very much a market
presence, with some organizations preferring dedicated
protection from internet threats. We don’t have a chart for this
last group, so we’ll send you to 9 Top Secure Web Gateway
Vendors for more info, and name the vendors here:

Top 9 Secure Web Gateway Vendors

Symantec zScaler
iboss Cisco
McAfee Barracuda
F5 Networks Forcepoint
Check Point Software

The Ultimate Guide to IT Security Vendors • 13 • eSecurity Planet