Cybersecurity spending grows each year — almost $58 billion was spent in 2021, and annual budgets are forecasted to steadily increase with time — but increased security spending doesn’t always make information more secure.
“Losses due to data exfiltration, stolen IP, and ransomware are accelerating,” Steve Nicol, vice president of sales and marketing for Cigent, told Built In in 2019. In other words, the increase in complexity of cyberattacks means there will frequently be new gaps to fill in a security framework.
So what accounts for these gaps? Well, cybersecurity is an elaborate process. Effective security systems have multiple layers, like an onion. Each layer mitigates a different type of threat and fits with the others to form an intricate barrier between hackers and sensitive data. Importantly, users themselves can utilize tools to personally implement one of these layers.
Top Cybersecurity Tools
- Fortinet FortiGate
- McAfee AntiVirus
- Carbon Black (CB) Defense
- Vircom modusCloud
- Cigent Bare Metal
- NewSoftwares Folder Lock
- Portswigger Burp Suite
- Rapid7 Metasploit
- CrowdStrike Falcon Insight EDR
Built In spoke with three cybersecurity professionals — Nicol, Rachel Busch, Cigent’s director of sales; and Deveeshree Nayak, an information security lecturer at the University of Washington at Tacoma — who offered insights about key security layers and demystified the tools of their trade.
Network Firewalls
A firewall, Nayak said, is like a house door: an outer layer of security that determines what can enter your system. Her eminently sensible advice: “You want to keep your door closed. It protects you from danger.
Firewall software, which comes preloaded on most Macs and PCs, shields individual devices from malware, viruses and other inappropriate content. Preset firewalls are typically pretty generic, so enterprises regularly use hardware firewalls as well. Though it’s worth noting hardware often can prevent inappropriate communications from coming and going by taking a holistic view of your network, Nicol said.
Company location: Santa Clara, California
Palo Alto Networks makes an array of next-generation network firewalls. Its hardware ranges from an enterprise-scale solution for large offices to a “ruggedized” device for harsh climates. To complement these, the company also offers virtual firewalls for Cloud-based environments. (Secure as hardware firewalls are, they can’t protect remote servers.) These virtualized firewall processors slip threat prevention into Cloud-based development and deployment pipelines, so that DevOps engineers can deploy quickly and frequently without compromising security.
Company location: San Jose, California
Cisco’s intrusion prevention software, Firepower, is integrated into its next-generation firewalls. Once activated, the software updates automatically every three to five minutes, staying abreast of the latest threats. Take WannaCry, the 2017 ransomware attack that locked more than 200,000 people out of their computers until they paid a ransom. Cisco engineers had created defenses against WannaCry months before it made national news. Firepower also comes in handy when an attack sneaks onto a network by helping enterprises scope and contain the impact.
Company location: Sunnyvale, California
Fortinet’s Fortigate hardware firewall excels at what software firewalls do: blocking suspicious websites and malware downloads, and scanning even encrypted data for threats. (Some firewalls can’t scan encrypted data, even though it constitutes up to 90 percent of all the data devices receive.) Fortigate has technological capabilities far beyond that, too. Its AI-enabled software constantly monitors all the network’s active users and applications for threats, and it can recognize and block cutting-edge malware, even when it’s never encountered it before.
Antivirus Software
For individuals, firewalls and antivirus software constitute the bare minimum of security. At an enterprise level, though, two security layers aren’t always enough. “Our clients have had those and still have been hacked,” Busch said.
If a firewall is the door to your house, Nayak said, antivirus software might be the door to your bedroom that protects you against threats already in your system by scanning existing files.
“They look for certain signatures of files to identify malware attacks,” Nicol said.
Company location: Santa Clara, California
McAfee has been a household name since the 1990s thanks to its popular antivirus software and its colorful founder. But while the man and his company have parted ways, the former continues to offer innovative protection (for PC devices) against ransomware, spyware and other threats. McAfee also bundles its antivirus software into multi-layer security packages for enterprises, which feature tools like endpoint detection and response software.
Company location: Mountain View, California
Symantec’s Norton family of antivirus softwares have more than 50 million users globally, many of them PC users. Though it has some Mac functionality, this antivirus works best in PC environments, where its machine learning algorithms autonomously identify and neutralize malware and misbehaving apps. Using an emulation protocol, the software even test-opens files on a virtual computer before opening them on users’ actual devices, which unearths hidden bugs. This sounds like it could slow operating systems, but the tests finish in milliseconds.
Company location: Fort Lauderdale, Florida
Bitdefender’s premium antivirus software offers a grab bag of security features in one antivirus product. Besides protecting against ransomware and other malware, (in Autopilot Mode, it can handle these threats without user input), it also offers other features like a password wallet, a designated ultra-secure browser for online banking and phishing protection. This premium antivirus also comes with 200 MB of daily access to a VPN, which lets users connect securely to even the most dubious public WiFi networks.
Endpoint Detection and Response (EDR) Software
This souped-up software checks file signatures for signs of malignancy, but also monitors behavior. “A good EDR system can detect suspicious activity running on an endpoint," said Nicol — whether that endpoint is a PC, a Mac or a server.
EDR is especially important, Busch explained, when a hacker has entered a system. For the hack to have serious impact, the hacker must be able to siphon information out of your network. But EDR software can essentially quarantine compromised devices, so no new intel can be sent or received. That cuts off hacks at the knees.
Even in less serious situations, EDR monitoring makes unusual activity visible to system administrators. That can be essential to flagging moles and much more. It’s pricey, though, so EDR is typically only used by major companies.
Company location: Fully Remote
Red Canary works with security teams so that they have the expertise and technology to proactively defend against digital threats. The company’s Managed Detection and Response product enables comprehensive protection. It provides 24/7 monitoring, actionable intelligence on cyber adversaries, collaborative incident response and other solutions for the whole enterprise, which includes securing endpoints.
Company location: Chicago, Illinois
Coro’s cybersecurity solution is a single dashboard where users can manage 14 different security modules that are intended to fortify security defenses across all areas of a business. For example, the endpoint detection and response module provides continuous monitoring for all of an organization’s endpoint devices. It works to identify and quickly resolve issues, as well as make details about incidents easy to view and manage.
Company location: Palo Alto, California
VMWare’s EDR tool continuously scans enterprise networks, even tracking the activity of devices (or endpoints) while they’re offline. When its predictive models sense early signs of a threat, it tracks the problem to its source and highlights all the potentially affected endpoints along the way. The software also allows administrators to isolate issues in various ways. By sequestering specific computers, for instance. Or banning a problem app from the network. CB Defense comes with built-in antivirus, too, which means it can jump on attacks from hackers and malware alike.
Company location: Sunnyvale, California
CrowdStrike’s Falcon Insight EDR monitors network activity in real time, all the time. It stores activity data, too; within five seconds, administrators can use powerful search functionality to review the activity that occurred in a specific five-second window or over the course of an entire year. Administrators rarely need to run manual searches, though; this SaaS tool flags threats on its own and suggests targeted response solutions that contain and shut down intrusions. It’s also not prone to what CrowdStrike terms “silent failure,” which occurs when attackers lurk on a network for multiple days.
Company location: Mountain View, California
Some EDR software prioritizes visibility (the displaying of all the threats across a network to centralized system administrators), but SentinelOne’s ActiveEDR software prioritizes speed. When it confronts a threat, it doesn’t merely upload data to the cloud on the threat’s exact dimensions and wait for a human to respond. Instead, it equips each individual device with decision-making AI. The trained algorithms investigate, document and ultimately neutralize threats. They then send rigorously contextualized incident reports to a central repository for human review. This outsourcing of threat-hunting to AI frees up security personnel to focus on outlier threats and macro-level patterns.
Company location: Boston, Massachusetts
Cynet Security’s 360 AutoXDR platform seeks to streamline EDR cybersecurity efforts for IT teams. Within the platform, administrators are provided a holistic view of end-user device activity and vulnerabilities, with tools given to automate response, protection and event correlation in the wake of cyberattacks. The software is supported for Windows, Mac and Linux systems, and can be deployed on-premises, in hybrid cloud or fully on the cloud.
Anti-Phishing Tools
Phishing is all about persuading people to click on malicious links by promising that those links are benign — even important. It happens primarily through messaging platforms like email and chat apps, whose built-in spam filters block most generic phishing attempts from generous Nigerian princes and the like.
Targeted phishing attempts, though, can be harder to block. Generic spam is often sent out to thousands of people at once, while a targeted phishing email might be sent only to one user from an author posing as a trusted friend or institution.
“Some [cyberattacks] are so targeted, and they look so real,” Busch said.
Neutralizing that type of scam, which can trick even tech-savvy CEOs, requires special anti-phishing tools.
Company location: Fully Remote
Duo Security offers a comprehensive zero trust security platform tailored to businesses and government entities. Its products facilitate secure access management solutions for remote workforces and provide a single sign-on, or SSO, solution for streamlined application access. Serving organizations like K-12 schools, hospitals, online banking providers and government agencies, Duo Security’s cybersecurity solutions encompass cloud-based security, mobile security, two-factor authentication and proactive measures against data breaches and credential theft.
Company location: Fully Remote
Telesign, a cybersecurity company specializing in communications security for businesses, leverages proprietary machine learning models to analyze phone data attributes and global traffic patterns to facilitate fraud prediction and risk assessment. The company offers a suite of services including number masking, telephone identity verification and voice verification. With custom API solutions powered by artificial intelligence, Telesign helps clients in industries like e-commerce and fintech safeguard against fraud.
Company location: San Carlos, California
Acquiring Avanan in 2021, Check Point Software Technologies is a provider of the company’s cloud-designated anti-phishing software. The technology, designed specifically for cloud-based email, uses AI to scan messages, detect phishing attacks and provide reports for future prevention measures. Implementation is available for Gmail, Microsoft 365 email and even cloud communication applications like Slack and Box.
Company location: Montréal, Quebec, Canada
Vircom’s cloud-based, enterprise-level spam filter is a SaaS offering, which means no hardware and no update installation. Users simply sign up online for an array of email protection services, including domain-level email encryption and a backup inbox to use during server outages. One essential feature is an anti-phishing layer that’s designed to prevent personalized attacks. It scans emails for domain spoofing and checks link safety in real time.
Company location: Fairlawn, Ohio
TrustedSec’s information security consulting team assesses enterprise-level cybersecurity by running targeted phishing campaigns. Sort of. Rather than actually stealing or corrupting sensitive information, they track which employees click on risky links and attachments and assess the workforce’s overall security savvy. (In addition to email phishing, they also attempt network break-ins via phone call, SMS and personal encounters.) The company’s work helps clients check the effectiveness of their cybersecurity training and the robustness of their breach response protocols.
Encryption Tools
Encryption essentially encodes data, making it harder for outsiders to access. You’ve probably heard the term “plaintext” — that’s unencrypted data. Once encrypted, it becomes “ciphertext,” and users need a key to decode it. Typically a password, it could also be a physical key or a fingerprint.
As Nicol explained, there are two main types of encryption: software encryption and hardware encryption. Software encryption is more selective, encrypting individual files and folders. Hardware encryption involves encrypting an entire device. As more and more enterprises move to the Cloud, however, hardware encryption has become less practical. The downside is that while software encryption is certainly better than nothing, according to Nicol, “hardware [encryption] is far more difficult to hack.”
Company location: Cupertino, California
A prominent example of hardware encryption is Apple’s TouchID-enabled MacBooks and MacBook Minis. First released in 2018, they contain hard drives that are encrypted by default and can be decrypted only via the owner’s fingerprint. At setup, Apple’s TouchID technology encrypts and stores users’ identifying biodata, such as a fingerprint, in a T2 security chip. The chip is physically separated from the hard drive, which makes it virtually immune to malware. It’s even more secure when paired with encrypted hardware.
Company location: Stockholm, Sweden
AxCrypt’s software allows for the automatic encryption of files for businesses or individuals. The product offers AES-128 or AES-256 encryption strength, collaborative key-sharing and password management services for stored files. AxCrypt can be implemented onto cloud-based applications like Dropbox and Google Drive, as well as be used on mobile devices.
Company location: Beaverton, Oregon
NetSoftwares’ Folder Lock software can encrypt files, but it can also “lock” them. Doing so hides files from the Windows operating system so users need a password to access and open them. On its own, the lock feature functions as snoop protection; it’s even stronger paired with encryption. On Folder Lock, users can encrypt and/or lock files, folders and entire drives; the software also allows for encrypted Cloud storage. In a way, it’s “shredding” feature functions as irreversible encryption. A kind of hyper-deleting tool, it keeps even forensics software from piecing a deleted file back together.
Company location: Fort Myers, Florida
Cigent’s Bare Metal was designed for the core paradox of encryption: People encrypt essential information rather than just deleting it, because they need to refer to it later. But when they refer to it, they have to unencrypt it, leaving it vulnerable.
Bare Metal essentially functions as a lookout in these situations. If a threat is sensed, it locks down the important decrypted file and stashes it in the computer’s firmware. Once that happens, even discovering the sensitive file’s existence requires authentication.
Penetration Testing Software
Penetration testing software essentially tests all the security tools above. Does your security system have enough layers? Do those layers actually work? Penetration testing is often handled by human experts rather than software. But Nayak said some software also plays a key role in penetration testing, and can even run certain tests autonomously.
Company location: Boston, Massachusetts
Rapid7’s Metasploit does the tech equivalent of turning dirt into gold by transforming hacks into cybersecurity improvements. The software connects to a constantly-updated database of “exploits,” or successful real-world hacks. Users can run automated simulations of any of these on their enterprise networks to see how their defenses respond to realistic threats that evade antivirus programs and spread aggressively. For IT teams, it’s good practice in containing breaches. It also helps them identify and prioritize network vulnerabilities.
Company location: Knutsford, Cheshire, United Kingdom
PortSwigger’s Burp Suite’s vulnerability scanner autonomously crawls enterprise web presences in search of 100 common security holes — things like volatile content, cross-site scripting and SQL injections. The software relies on a mix of static and dynamic techniques for its tests, which means it peruses underlying JavaScript and observes the application in action. Administrators can schedule recurring Burp Suite scans, each of which culminates in detailed visual maps of an application’s strengths and weaknesses.
Company location: Bel Air, Maryland
This open-source software by Open Web Application Security Project (OWASP) scans web applications both passively and actively. The passive scanner monitors every request and response that’s sent to an app, in the process flagging suspicious messages. The active scanner conducts automated penetration testing, which attacks the app to test its reaction. That can be a complex process; users can, for instance, use a “fuzzing” feature to identify vulnerabilities too nuanced for an autonomous scan. But don’t be intimidated — the hundreds of volunteers who created ZAP designed it to work for cybersecurity newbies, too.
