Cybersecurity spending grows each year — almost $58 billion was spent in 2021, and annual budgets are forecasted to steadily increase with time — but increased security spending doesn’t always make information more secure.
“Losses due to data exfiltration, stolen IP, and ransomware are accelerating,” Steve Nicol, vice president of sales and marketing for Cigent, told Built In in 2019. In other words, the increase in complexity of cyberattacks means there will frequently be new gaps to fill in a security framework.
So what accounts for these gaps? Well, cybersecurity is an elaborate process. Effective security systems have multiple layers, like an onion. Each layer mitigates a different type of threat and fits with the others to form an intricate barrier between hackers and sensitive data. Importantly, users themselves can utilize tools to personally implement one of these layers.
Top Cybersecurity Tools
- Fortinet FortiGate
- McAfee AntiVirus
- Carbon Black (CB) Defense
- Vircom modusCloud
- Cigent Bare Metal
- NewSoftwares Folder Lock
- Portswigger Burp Suite
- Rapid7 Metasploit
- CrowdStrike Falcon Insight EDR
Built In spoke with three cybersecurity professionals — Nicol, Rachel Busch, Cigent’s director of sales; and Deveeshree Nayak, an information security lecturer at the University of Washington at Tacoma — who offered insights about key security layers and demystified the tools of their trade.
Network Firewalls
A firewall, Nayak said, is like a house door: an outer layer of security that determines what can enter your system. Her eminently sensible advice: “You want to keep your door closed. It protects you from danger.
Firewall software, which comes preloaded on most Macs and PCs, shields individual devices from malware, viruses and other inappropriate content. Preset firewalls are typically pretty generic, so enterprises regularly use hardware firewalls as well. Though it’s worth noting hardware often can prevent inappropriate communications from coming and going by taking a holistic view of your network, Nicol said.
Company location: Woburn, Massachusetts
STR is a digital security company that uses AI, data conditioning and data science to address cyber threats and national security issues. It creates algorithms that are created to work with human intelligence. The company was founded in 2010 and hires for a wide range of roles across cybersecurity, program management, engineering and more.
Company location: Boston, Massachusetts
Tufin is a cybersecurity software company that makes digital tools for managing and automating security policy processes. Each of its tiers of security centralize firewall management. These tiers start with the basic SecureTrack+ for establishing security in hybrid-cloud networks and run up to Tufin Enterprise for automated operational security in complex networks. The company’s solutions aim to reduce areas of digital vulnerability within cloud processes.
Company location: Cambridge, Massachusetts
MacPaw is a software company that makes security add-on apps for Mac users to protect customer data. MacPaw’s Moonlock Engine product division makes anti-malware technology that scans for assets that include launcher apps, drives, mail attachments and archives. It aims to help MacOS and iOS users optimize their devices.
Company location: Santa Clara, California
Palo Alto Networks makes an array of next-generation network firewalls. Its hardware ranges from an enterprise-scale solution for large offices to a “ruggedized” device for harsh climates. To complement these, the company also offers virtual firewalls for Cloud-based environments. (Secure as hardware firewalls are, they can’t protect remote servers.) These virtualized firewall processors slip threat prevention into Cloud-based development and deployment pipelines, so that DevOps engineers can deploy quickly and frequently without compromising security.
Company location: San Jose, California
Cisco’s intrusion prevention software, Firepower, is integrated into its next-generation firewalls. Once activated, the software updates automatically every three to five minutes, staying abreast of the latest threats. Take WannaCry, the 2017 ransomware attack that locked more than 200,000 people out of their computers until they paid a ransom. Cisco engineers had created defenses against WannaCry months before it made national news. Firepower also comes in handy when an attack sneaks onto a network by helping enterprises scope and contain the impact.
Company location: Sunnyvale, California
Fortinet’s Fortigate hardware firewall excels at what software firewalls do: blocking suspicious websites and malware downloads, and scanning even encrypted data for threats. (Some firewalls can’t scan encrypted data, even though it constitutes up to 90 percent of all the data devices receive.) Fortigate has technological capabilities far beyond that, too. Its AI-enabled software constantly monitors all the network’s active users and applications for threats, and it can recognize and block cutting-edge malware, even when it’s never encountered it before.
Antivirus Software
For individuals, firewalls and antivirus software constitute the bare minimum of security. At an enterprise level, though, two security layers aren’t always enough. “Our clients have had those and still have been hacked,” Busch said.
If a firewall is the door to your house, Nayak said, antivirus software might be the door to your bedroom that protects you against threats already in your system by scanning existing files.
“They look for certain signatures of files to identify malware attacks,” Nicol said.
Company location: Santa Clara, California
McAfee has been a household name since the 1990s thanks to its popular antivirus software and its colorful founder. But while the man and his company have parted ways, the former continues to offer innovative protection (for PC devices) against ransomware, spyware and other threats. McAfee also bundles its antivirus software into multi-layer security packages for enterprises, which feature tools like endpoint detection and response software.
Company location: Mountain View, California
Symantec’s Norton family of antivirus softwares have more than 50 million users globally, many of them PC users. Though it has some Mac functionality, this antivirus works best in PC environments, where its machine learning algorithms autonomously identify and neutralize malware and misbehaving apps. Using an emulation protocol, the software even test-opens files on a virtual computer before opening them on users’ actual devices, which unearths hidden bugs. This sounds like it could slow operating systems, but the tests finish in milliseconds.
Company location: Fort Lauderdale, Florida
Bitdefender’s premium antivirus software offers a grab bag of security features in one antivirus product. Besides protecting against ransomware and other malware, (in Autopilot Mode, it can handle these threats without user input), it also offers other features like a password wallet, a designated ultra-secure browser for online banking and phishing protection. This premium antivirus also comes with 200 MB of daily access to a VPN, which lets users connect securely to even the most dubious public WiFi networks.
Endpoint Detection and Response (EDR) Software
This souped-up software checks file signatures for signs of malignancy, but also monitors behavior. “A good EDR system can detect suspicious activity running on an endpoint," said Nicol — whether that endpoint is a PC, a Mac or a server.
EDR is especially important, Busch explained, when a hacker has entered a system. For the hack to have serious impact, the hacker must be able to siphon information out of your network. But EDR software can essentially quarantine compromised devices, so no new intel can be sent or received. That cuts off hacks at the knees.
Even in less serious situations, EDR monitoring makes unusual activity visible to system administrators. That can be essential to flagging moles and much more. It’s pricey, though, so EDR is typically only used by major companies.
Company location: Fully Remote
Red Canary works with security teams so that they have the expertise and technology to proactively defend against digital threats. The company’s Managed Detection and Response product enables comprehensive protection. It provides 24/7 monitoring, actionable intelligence on cyber adversaries, collaborative incident response and other solutions for the whole enterprise, which includes securing endpoints.
Company location: Chicago, Illinois
Coro’s cybersecurity solution is a single dashboard where users can manage 14 different security modules that are intended to fortify security defenses across all areas of a business. For example, the endpoint detection and response module provides continuous monitoring for all of an organization’s endpoint devices. It works to identify and quickly resolve issues, as well as make details about incidents easy to view and manage.
Company location: Palo Alto, California
VMWare’s EDR tool continuously scans enterprise networks, even tracking the activity of devices (or endpoints) while they’re offline. When its predictive models sense early signs of a threat, it tracks the problem to its source and highlights all the potentially affected endpoints along the way. The software also allows administrators to isolate issues in various ways. By sequestering specific computers, for instance. Or banning a problem app from the network. CB Defense comes with built-in antivirus, too, which means it can jump on attacks from hackers and malware alike.
Company location: Sunnyvale, California
CrowdStrike’s Falcon Insight EDR monitors network activity in real time, all the time. It stores activity data, too; within five seconds, administrators can use powerful search functionality to review the activity that occurred in a specific five-second window or over the course of an entire year. Administrators rarely need to run manual searches, though; this SaaS tool flags threats on its own and suggests targeted response solutions that contain and shut down intrusions. It’s also not prone to what CrowdStrike terms “silent failure,” which occurs when attackers lurk on a network for multiple days.
Company location: Mountain View, California
Some EDR software prioritizes visibility (the displaying of all the threats across a network to centralized system administrators), but SentinelOne’s ActiveEDR software prioritizes speed. When it confronts a threat, it doesn’t merely upload data to the cloud on the threat’s exact dimensions and wait for a human to respond. Instead, it equips each individual device with decision-making AI. The trained algorithms investigate, document and ultimately neutralize threats. They then send rigorously contextualized incident reports to a central repository for human review. This outsourcing of threat-hunting to AI frees up security personnel to focus on outlier threats and macro-level patterns.
Company location: Boston, Massachusetts
Cynet Security’s 360 AutoXDR platform seeks to streamline EDR cybersecurity efforts for IT teams. Within the platform, administrators are provided a holistic view of end-user device activity and vulnerabilities, with tools given to automate response, protection and event correlation in the wake of cyberattacks. The software is supported for Windows, Mac and Linux systems, and can be deployed on-premises, in hybrid cloud or fully on the cloud.
Anti-Phishing Tools
Phishing is all about persuading people to click on malicious links by promising that those links are benign — even important. It happens primarily through messaging platforms like email and chat apps, whose built-in spam filters block most generic phishing attempts from generous Nigerian princes and the like.
Targeted phishing attempts, though, can be harder to block. Generic spam is often sent out to thousands of people at once, while a targeted phishing email might be sent only to one user from an author posing as a trusted friend or institution.
“Some [cyberattacks] are so targeted, and they look so real,” Busch said.
Neutralizing that type of scam, which can trick even tech-savvy CEOs, requires special anti-phishing tools.
Company location: Fully Remote
Duo Security offers a comprehensive zero trust security platform tailored to businesses and government entities. Its products facilitate secure access management solutions for remote workforces and provide a single sign-on, or SSO, solution for streamlined application access. Serving organizations like K-12 schools, hospitals, online banking providers and government agencies, Duo Security’s cybersecurity solutions encompass cloud-based security, mobile security, two-factor authentication and proactive measures against data breaches and credential theft.
Company location: Fully Remote
Telesign, a cybersecurity company specializing in communications security for businesses, leverages proprietary machine learning models to analyze phone data attributes and global traffic patterns to facilitate fraud prediction and risk assessment. The company offers a suite of services including number masking, telephone identity verification and voice verification. With custom API solutions powered by artificial intelligence, Telesign helps clients in industries like e-commerce and fintech safeguard against fraud.
Company location: San Carlos, California
Acquiring Avanan in 2021, Check Point Software Technologies is a provider of the company’s cloud-designated anti-phishing software. The technology, designed specifically for cloud-based email, uses AI to scan messages, detect phishing attacks and provide reports for future prevention measures. Implementation is available for Gmail, Microsoft 365 email and even cloud communication applications like Slack and Box.
Company location: Montréal, Quebec, Canada
Vircom’s cloud-based, enterprise-level spam filter is a SaaS offering, which means no hardware and no update installation. Users simply sign up online for an array of email protection services, including domain-level email encryption and a backup inbox to use during server outages. One essential feature is an anti-phishing layer that’s designed to prevent personalized attacks. It scans emails for domain spoofing and checks link safety in real time.
Company location: Fairlawn, Ohio
TrustedSec’s information security consulting team assesses enterprise-level cybersecurity by running targeted phishing campaigns. Sort of. Rather than actually stealing or corrupting sensitive information, they track which employees click on risky links and attachments and assess the workforce’s overall security savvy. (In addition to email phishing, they also attempt network break-ins via phone call, SMS and personal encounters.) The company’s work helps clients check the effectiveness of their cybersecurity training and the robustness of their breach response protocols.
Encryption Tools
Encryption essentially encodes data, making it harder for outsiders to access. You’ve probably heard the term “plaintext” — that’s unencrypted data. Once encrypted, it becomes “ciphertext,” and users need a key to decode it. Typically a password, it could also be a physical key or a fingerprint.
As Nicol explained, there are two main types of encryption: software encryption and hardware encryption. Software encryption is more selective, encrypting individual files and folders. Hardware encryption involves encrypting an entire device. As more and more enterprises move to the Cloud, however, hardware encryption has become less practical. The downside is that while software encryption is certainly better than nothing, according to Nicol, “hardware [encryption] is far more difficult to hack.”
Company location: Chicago, Illinois
Keeper Security makes password and data management products that client companies use to maintain cybersecurity while allowing appropriate access to employees and users. It secures access to documents and other digital assets by using “zero knowledge” encryption software that stores password data without revealing it to anyone outside the owner. This reduces risk significantly, with further mitigation from controls for password strength, credential sharing and permissions.
Penetration Testing Software
Penetration testing software essentially tests all the security tools above. Does your security system have enough layers? Do those layers actually work? Penetration testing is often handled by human experts rather than software. But Nayak said some software also plays a key role in penetration testing, and can even run certain tests autonomously.
Company location: Boston, Massachusetts
Rapid7’s Metasploit does the tech equivalent of turning dirt into gold by transforming hacks into cybersecurity improvements. The software connects to a constantly-updated database of “exploits,” or successful real-world hacks. Users can run automated simulations of any of these on their enterprise networks to see how their defenses respond to realistic threats that evade antivirus programs and spread aggressively. For IT teams, it’s good practice in containing breaches. It also helps them identify and prioritize network vulnerabilities.
Company location: Knutsford, Cheshire, United Kingdom
PortSwigger’s Burp Suite’s vulnerability scanner autonomously crawls enterprise web presences in search of 100 common security holes — things like volatile content, cross-site scripting and SQL injections. The software relies on a mix of static and dynamic techniques for its tests, which means it peruses underlying JavaScript and observes the application in action. Administrators can schedule recurring Burp Suite scans, each of which culminates in detailed visual maps of an application’s strengths and weaknesses.
Other Cybersecurity Tools
Company location: Boston, Massachusetts
Immersive Labs makes cybersecurity tools that upskill and train teams for cybersecurity best practices and resilience. By assessing and improving readiness in client teams, it’s able to quantify and improve on digital threat preparation, create protocols and policies for cyber resilience and ultimately render a client company less vulnerable to infiltration by even highly sophisticated cyberattacks. The Immersive Labs Resilience Score is the metric that tracks this readiness and compares it to benchmarks in various industries.
Company location: San Diego, California
Drata makes automation software for security and compliance in IT. Its products track and monitor the actions of a client company’s cybersecurity processes, collecting process data. Companies can use this data to prepare for compliance audits for standards such as HIPAA, GDPR and PCI, and to maintain internal best practices for privacy and security.
Company location: Westminster, Colorado
FusionAuth makes an identity and access management platform that software developers can integrate into apps and websites. It facilitates processes like secure logins and user authentication so that the users of these digital products can rely on their security while accessing them with minimal inconvenience. The FusionAuth cybersecurity framework is built around the principles of authorization, authentication, user management and identity federation, which together build a cohesive cybersecurity strategy for any digital asset.
Company location: New York, New York
Axio makes software for managing cybersecurity risk. It serves B2B clients who need to be able to estimate and respond to projected outcomes from vulnerability to cyber threats. Through its platform, Axio clients can quantify, model and handle their risk exposure. The information gleaned from these processes generates insights into where it’s worthwhile to invest in increased cybersecurity, where risk is manageable and how to implement resiliency measures.
Company location: Vernon Hills, Illinois
CDW is an IT company with a lineup of services and solutions that cover a variety of areas, including cybersecurity. For example, CDW offers assessments to help its clients build identity and access management strategies in addition to providing penetration testing services to help organizations ensure a solid cybersecurity posture.
Company location: Boston, Massachusetts
Software experts use Snyk’s technology to integrate security best practices into the development lifecycle. The company’s Snyk Code product, for example, offers automatic vulnerability scanning capabilities to help developers efficiently and accurately identify and fix code issues.
Company location: Foster City, California
Exabeam offers cybersecurity services that include cloud threat neutralization, machine analytics-based threat detection, a security operations center, end-to-end threat detection and threat remediation.
Company location: Austin, Texas
Hypori offers SaaS that provides virtual mobility technology to federal agencies and businesses through its platform, Hypori Halo. The company’s zero-trust approach allows users to access enterprise resources without allowing data to reside on users’ individual devices. This solution allows Hypori customers to prevent security risks while also feeling free from liability.
Company location: Fully Remote
Huntress offers a cybersecurity platform for protection against, detection of and response to threats for small and mid-sized businesses. It works in collaboration with its security operations center where its team of analysts work 24/7 to ward off cyberthreats. The company does this through threat detection and visibility that help analysts gain insight into response efforts.
Company location: Orlando, Florida
BLACKCLOAK says its digital executive protection offerings are designed to defend high-profile individuals, families and corporations against cyber threats. The company’s concierge cybersecurity and privacy platform is equipped with features for addressing a variety of risks and attacks, including ransomware, identity theft, data breaches and SIM swapping.
