We go hands-on with some of the most innovative, useful and, arguably, best security software from today’s most important cybersecurity technology categories.

Threats are constantly evolving and, just like everything else, tend to follow certain trends. Whenever a new type of threat is especially successful or profitable, many others of the same type will inevitably follow. The best defenses need to mirror those trends so users get the most robust protection against the newest wave of threats. Along those lines, Gartner has identified the most important categories in cybersecurity technology for the immediate future.

We wanted to dive into the newest cybersecurity products and services from those hot categories that Gartner identified, reviewing some of the most innovative and useful from each group. Our goal is to discover how cutting-edge cybersecurity software fares against the latest threats, hopefully helping you to make good technology purchasing decisions.

Each product reviewed here was tested in a local testbed or, depending on the product or service, within a production environment provided by the vendor. Where appropriate, each was pitted against the most dangerous threats out there today as we unleashed the motley crew from our ever-expanding malware zoo.

With each review, listed in alphabetical order, we will endeavor to show how these new and trending cybersecurity tools work, where they fit into a security architecture, and how they defend against the latest types of threats and attacks.

Best security software, 2018

Balbix – Category: Vulnerability management
Balbix may technically be a vulnerability manager, but it does it so much better and also so much more that it breaks the bounds of its category. Balbix is able to analyze each kind of vulnerable asset sitting on a network, what kind of data it holds, how many users interact with it, whether or not it’s public-facing, and other factors to determine its importance to an organization. It then compares each vulnerability with active threat feeds, and predicts the likelihood of a breach in the near future, as well as the loss or harm to the enterprise should it be successfully exploited.

BluVector — Category: Network security
BluVector offers advanced detection and response, and even threat hunting, all performed at machine speeds. BluVector works almost right away, but also has deep machine learning capabilities, so it gets even smarter over time. It will learn the intricacies of each network that deploys it, tweaking its algorithms and detection engines in a way that makes the most sense for the environment.

Bricata — Category: Intrusion detection
At it’s core, Bricata offers advanced IPS/IDS protection with multiple detection engines and threat feeds to defend network traffic and core assets. But it goes a step farther, adding the ability to launch threat hunts based on events, or simply anomalies.

Cloud Defender — Category: Cloud security
Cloud Defender is a user-friendly tool that lets local IT staff inspect their cloud deployments to look for evidence of hidden threats or breaches. But it can also be used in a SaaS model, with the cybersecurity team at Alert Logic taking over most cloud-based cybersecurity functions.

Cofense Triage — Category: phishing defense
Deployed as an on-premises virtual appliance, Triage connects with almost any corporate e-mail program and helps to manage responses to user reports of suspected phishing. Triage is still evolving, but even now represents one of the most advanced defenses against phishing.

Contrast Security — Category: Application security
Contrast Security has one of the most elegant solutions out there for application security. The secret sauce is its use of bytecode instrumentation, a feature in Java used to help integrate programs and application features during development.

Corelight – Category: Network security
In the tradition of other great network analysis tools like Bro and Sourcefire, Corelight gives security pros deep insight into data traffic on the systems they defend.

Digital Guardian — Category: Endpoint security
The Digital Guardian Threat Aware Data Protection Platform is at the forefront of the effort to counter advanced threats, offering ready-to-deploy endpoint security locally on-premises or as a service, and with whatever automation level a host organization feels comfortable supporting.

enSilo — Category: Endpoint security
The enSilo platform offers traditional endpoint protection alongside the ability to offer post-infection protection. It can also trap threats, holding them in place and rendering them harmless until a threat hunter can arrive to investigate.

ForeScout — Category: Network asset management
ForeScout is one of a very few programs that can help to track and manage operational technology and IoT devices alongside of information technology. Everything from lighting controllers to HVAC units can be discovered and managed.

InSpec 2.0 — Category: Compliance
The InSpec 2.0 platform from Chef tackles compliance head-on, tailored to the specific rules and guidelines that a company wants or needs. It is designed to both make sense of regulatory and technical guidelines and ensure that a network is protected according to those rules.

Intellicta Platform — Category: Compliance
The Intellicta Platform from TechDemocracy acts like an SIEM console, but for compliancy issues. It pulls information from a series of network collectors and correlates that data into a continuously-monitored compliancy dashboard.

Insight Engines — Categories: Network security, threat hunting
Think of the Insight Engines tool as Google for network security, allowing natural language searches and returning honed information to answer each query. This comparison doesn’t do the program justice, but is a good starting point for understanding how it works.

Mantix4 — Category: Threat hunting
Mantix4 takes threat hunting into the software as a service (SaaS) realm. While the program provides robust threat hunting tools for use by clients, the company also employs a team of experts to hunt on their behalf.

RiskIQ Digital Footprint — Category: vulnerability management
One thing that sets the RiskIQ Digital Footprint apart from just about every other security program reviewed for CSO magazine is the setup and installation phase. There is none. Digital Footprint scans for vulnerability information from outside the firewall, just like a potential attacker would.

Seceon Open Threat Management Platform — Category: Network security
The Open Threat Management Platform essentially acts as both an SIEM and a frontline security appliance. Thrifty firms may want to consider eliminating some of their other cybersecurity programs if they duplicate what the OTM is doing, especially if the OTM is consistently catching what they miss.

Solebit — Category: endpoint security/sandboxing
By shifting malware detection away from signatures and behavior to whether any kind of code exists where it’s not supposed to be, the SoleGATE Security Platform from Solebit has the potential to disrupt both endpoint security and sandboxing.

Vectra Cognito — Category: Traffic monitoring
The Vectra Cognito platform incorporates artificial intelligence (AI), deep machine learning and traffic monitoring into a tool that is able to detect threats that other programs miss, even if they are already entrenched inside a protected network.

Best security software, 2017

Acalvio ShadowPlex — Category: Deception
Deception is an emerging field, and some of the drawbacks preventing easy, useful deployments are still being worked out. Acalvio ShadowPlex addresses some of those problems, offering clients unlimited deception assets without constant overhead or maintenance.

Attivo — Category: Deception
Attivo addresses the one main weakness of most deception technology, having to rely on other programs to respond to an attack once revealed by the deception network. The Attivo platform offers quick response capabilities and the ability to interact with third-party programs for additional backup, configured using an intuitive drag and drop interface that requires very little training.

Barracuda Web Application Firewall — Category: Network security
Calling the Barracuda WAF a firewall is seriously selling it short. It’s more like the core of an independent bastion of cybersecurity, able to inspect both inbound and outgoing traffic. The WAF functions like a reverse proxy and is placed at the front of the data pathway.

Bay Dynamics Risk Fabric — Category: Vulnerability management
Failure to understand context is one of the major problems in the vulnerability management space that the Bay Dynamics Risk Fabric program is designed to solve. By adding real context to raw scan results, IT teams are given a much better picture of the true risks hiding within their networks, including the potential costs if those problems are not fixed quickly.

Bitdefender HVI — Category: Remote browser
The Bitdefender Hypervisor Introspection (HVI) tool sits below the hypervisor and prevents any of these tactics such as buffer overflows, heap sprays, code injection and API hooking from executing, protecting the virtual browser from ever becoming compromised.

CAWS Continuous Security Validation Platform — Category: Vulnerability management
At its core, CAWS is a testing lab dedicated to finding and fixing threats against networks. Customers who make use of the program can elect to use one of two flavors of the product: A public instance that identifies threats and provides detailed information about how customers can patch their own networks, and a private instance that runs threats against a mirror network.

Crossbow — Category: Vulnerability management
The vulnerability assessment platform is one of the most realistic tools, but also one of the most dangerous, that CSO has ever reviewed. All of the attacks that it can load or create are real, using actual techniques and tactics that have historically broken through cybersecurity defenses at many organizations.

Cyphon — Category: Managed detection
For armored car service Dunbar, protecting its clients’ money is more than just building secure physical structures and deploying armored trucks with armed guards. It’s also about protecting the digital infrastructure and cyber assets that support those operations. Cyphon was first created, to be used internally by the company to protect its assets. After that, rolling it out as service to clients easily fit into their protection-as-a-service model.

GreatHorn — Category: Network security
Because most email gateway appliances only scan for known bad domains or the presence of malware, “please hand me the cash”-type social engineering phishing attacks normally breeze through security. GreatHorn was designed to close that security gap, as well as lock down the rest of the mail stream.

GuardiCore Centra — Category: Network security
Micro segmentation is one of the most advanced security methods that organizations can employ to protect critical assets, users, and data from both outside hackers and malicious insiders. Authorizing every process, app, user and service within a network, and what each of them can do and how they can interact, while denying everything else, is a heck of a gauntlet to throw down. The GuardiCore Centra solution eliminates much of the complexity normally associated with micro segmentation from the initial installation to ongoing program management.

InfoZen — Category: DevOps
For this review, InfoZen was brought in to create a fully-end-to-end DevOps scanning solution using their InfoZen Cloud and DevOps Practice service. Even within our admittedly tiny test environment, the benefits of the InfoZen toolset and automatic processes were obvious.

Kenna Security — Categtry: Vulnerability management
Kenna Security’s vulnerability management platform is designed to prioritize the most dangerous vulnerabilities that could potentially harm a protected network. In a nutshell, it monitors most major threat feeds, and compares that data with assets inside a protected network.

Lacework — Category: Cloud security
Managing even a local data center is a tough job. Keeping a cloud secure is even more difficult. Lacework helps to filter all the chaos, removing false positives, and generating actionable threat intelligence in real-time for IT teams tasked with keeping their clouds secure.

Minerva — Category: Endpoint security
Minerva’s Anti-Evasion Platform targets the new breed of environmentally-aware malware. The idea is that most normal threats will be blocked by traditional antivirus and Minerva will stop anything that attempts to get around that protection.

Promisec — Category: Endpoint security
Every organization can use a little help managing their detection and response of threats, and the many issues that crop up every day within their enterprise. Promisec can provide that help, wrestling endpoints into compliance, automatically if desired, and keeping a watchful eye over them to ensure they stay that way.

RedSeal — Category: Network security
When CSO’s sister site Network World conducted its firewall manager review, the original plan was to invite RedSeal to participate. The problem was that while RedSeal originally did manage firewalls, their product has now evolved into something else. RedSeal shares some similarities to firewall managers, but is now in a separate, unique product group.

SecBI — Category: Traffic analysis
SecBI’s new software aims to eliminate two of the problems with using traffic analysis in cybersecurity: volume processing of data for actionable threat intelligence and a reliance on network trapping hardware. We dig into how it works.

Sqrrl — Category: Traffic monitoring
Sqrrl Data turns network traffic monitoring into a true threat hunting platform that is easily capable of unmasking advanced threats that many other programs miss — or fail to identify as the grave threat they truly are.

ThreatConnect — Category: Managed detection
There is no shortage of threat feeds available today. Adding a tool like ThreatConnect, which can bridge the gap between theoretical threat information and the real world, is an invaluable tool for managing and optimizing detection and response capabilities.

vArmour — Category: Cloud security
The vArmour suite of tools is designed, first, to reestablish a software perimeter internally and then to hone the rules and policies that make up that backbone, delving all the way into the realm of micro segmentation.

Waratek — Category: Container security
Waratek is entering this space from a completely different angle compared to other container security firms, relying on just-in-time compiling and focusing exclusively on one of the biggest security risks within most organizations, applications running Java.

XebiaLabs DevOps Platform — Category: DevOps
DevOps is a hot topic in security these days, and for good reason: Software security flaws are often only discovered after an attacker has exploited them, which can cause huge losses of both data and revenue. Here’s a look at how XebiaLabs helps navigate DevOps deployments and operations.