Best security software, 2019: Lab-tested reviews of today's top tools

We go hands-on with some of the most innovative, useful and, arguably, best security software on the market.

Movie preview test pattern

Threats are constantly evolving and, just like everything else, tend to follow certain trends. Whenever a new type of threat is especially successful or profitable, many others of the same type will inevitably follow. The best defenses need to mirror those trends, so companies get the most robust protection against the newest wave of threats.

Our goal with these reviews is to discover how cutting-edge cybersecurity software fares against the latest threats, hopefully helping you to make good technology purchasing decisions.  We'll explain how these new and trending cybersecurity tools work, who they're for, and where they fit into a security architecture.

Each of these products was tested in a local testbed or, depending on the product or service, within a production environment provided by the vendor. Where appropriate, each was pitted against the most dangerous threats out there today as we unleashed the motley crew from our ever-expanding malware zoo.

Here, listed in alphabetical order, are some of the most innovative and useful, and, dare we say, best security products on the market today.

Best security software — 2018, 2019 reviews

AttackIQ FireDrill - Category: Penetration testing
AttackIQ FireDrill was created to watch our watchers. It’s a penetration testing tool, but one that is configured to operate from the inside, with the primary goal of identifying flaws, misconfigurations and outright shortcomings in all other cybersecurity defenses. Read the full review

Balbix - Category: Vulnerability management
Balbix may technically be a vulnerability manager, but it does it so much better and also so much more that it breaks the bounds of its category. Balbix is able to analyze each kind of vulnerable asset sitting on a network, what kind of data it holds, how many users interact with it, whether or not it’s public-facing, and other factors to determine its importance to an organization. It then compares each vulnerability with active threat feeds, and predicts the likelihood of a breach in the near future, as well as the loss or harm to the enterprise should it be successfully exploited. Read the full review.

BluVectorCategory: Network security
BluVector offers advanced detection and response, and even threat hunting, all performed at machine speeds. BluVector works almost right away, but also has deep machine learning capabilities, so it gets even smarter over time. It will learn the intricacies of each network that deploys it, tweaking its algorithms and detection engines in a way that makes the most sense for the environment. Read the full review.

BricataCategory: Intrusion detection
At it’s core, Bricata offers advanced IPS/IDS protection with multiple detection engines and threat feeds to defend network traffic and core assets. But it goes a step farther, adding the ability to launch threat hunts based on events, or simply anomalies. Read the full review.

Cloud DefenderCategory: Cloud security
Cloud Defender is a user-friendly tool that lets local IT staff inspect their cloud deployments to look for evidence of hidden threats or breaches. But it can also be used in a SaaS model, with the cybersecurity team at Alert Logic taking over most cloud-based cybersecurity functions. Read the full review.

CyCognito - Category: Network monitoring
The CyCognito platform was designed to provide the kinds of advantages that old school penetration testing used to, but on a continuous basis and for modern, global enterprise networks comprised of mixed physical and virtual assets. It basically studies networks the same way that hackers do, from the outside with no help or internal bias inserted into the process.Read the full review.

Cofense TriageCategory: phishing defense
Deployed as an on-premises virtual appliance, Triage connects with almost any corporate e-mail program and helps to manage responses to user reports of suspected phishing. Triage is still evolving, but even now represents one of the most advanced defenses against phishing. Read the full review.

Contrast SecurityCategory: Application security
Contrast Security has one of the most elegant solutions out there for application security. The secret sauce is its use of bytecode instrumentation, a feature in Java used to help integrate programs and application features during development. Read the full review.

Corelight - Category: Network security
In the tradition of other great network analysis tools like Bro and Sourcefire, Corelight gives security pros deep insight into data traffic on the systems they defend. Read the full review.

Digital GuardianCategory: Endpoint security
The Digital Guardian Threat Aware Data Protection Platform is at the forefront of the effort to counter advanced threats, offering ready-to-deploy endpoint security locally on-premises or as a service, and with whatever automation level a host organization feels comfortable supporting. Read the full review.

enSiloCategory: Endpoint security
The enSilo platform offers traditional endpoint protection alongside the ability to offer post-infection protection. It can also trap threats, holding them in place and rendering them harmless until a threat hunter can arrive to investigate. Read the full review.

ForeScoutCategory: Network asset management
ForeScout is one of a very few programs that can help to track and manage operational technology and IoT devices alongside of information technology. Everything from lighting controllers to HVAC units can be discovered and managed. Read the full review.

Forum SentryCategory: Access control
The Forum Sentry API Security Gateway's access control abilities are impressive, but it goes beyond access control and deep into security, monitoring all those connections that it forms and enforcing very granular security policies. Read the full review.

GreatHorn — Category: Email protection
GreatHorn takes a modern and highly effective approach to protecting enterprise email that goes well beyond the capabilities of legacy mail scanners. Read the full review.

InSpec 2.0Category: Compliance
The InSpec 2.0 platform from Chef tackles compliance head-on, tailored to the specific rules and guidelines that a company wants or needs. It is designed to both make sense of regulatory and technical guidelines and ensure that a network is protected according to those rules. Read the full review.

Intellicta PlatformCategory: Compliance
The Intellicta Platform from TechDemocracy acts like an SIEM console, but for compliancy issues. It pulls information from a series of network collectors and correlates that data into a continuously-monitored compliancy dashboard. Read the full review.

Insight EnginesCategories: Network security, threat hunting
Think of the Insight Engines tool as Google for network security, allowing natural language searches and returning honed information to answer each query. This comparison doesn't do the program justice, but is a good starting point for understanding how it works. Read the full review.

JASK Autonomous Security Operations Center (ASOC)Category: SIEM
Everything about the JASK ASOC is different from how a traditional SIEM operates. For one, the entire ASOC infrastructure exists inside a secure Amazon Web Services cloud. Network administrators only need to install a JASK software sensor to help facilitate the link between the local console and the brains of the platform in the cloud. The ASOC doesn’t even issue alerts in the traditional sense. Instead, it coordinates all of the events and anomalies that it discovers and groups them together. Only once it believes that it has found solid evidence of a threat does it present what it calls an insight to IT teams monitoring the SOC. Read the full review.

Mantix4Category: Threat hunting
Mantix4 takes threat hunting into the software as a service (SaaS) realm. While the program provides robust threat hunting tools for use by clients, the company also employs a team of experts to hunt on their behalf. Read the full review.

Ping Identity Category: vulnerability management
Enterprise networks have grown too complex to easily manage all user credentials through something like Active Directory, and letting apps handle logins creates silos that can become a security nightmare. Ping Identity offers a good alternative to these two scenarios. Read the full review.

RiskIQ Digital FootprintCategory: identity management
One thing that sets the RiskIQ Digital Footprint apart from just about every other security program reviewed for CSO magazine is the setup and installation phase. There is none. Digital Footprint scans for vulnerability information from outside the firewall, just like a potential attacker would. Read the full review.

Seceon Open Threat Management PlatformCategory: Network security
The Open Threat Management Platform essentially acts as both an SIEM and a frontline security appliance. Thrifty firms may want to consider eliminating some of their other cybersecurity programs if they duplicate what the OTM is doing, especially if the OTM is consistently catching what they miss. Read the full review.

SentinelOne - Category: endpoint security
Having powerful, protected, and independent agents sitting on endpoints gives SentinelOne a huge advantage against the increasingly sophisticated attacks of today. And because those agents are capable of acting independently, they can respond instantly as attacks happen, later sharing that information with human security teams for analysis. Read the full review.

Senzing — Category: Data examination
Used to combat fraud or uncover accidental data duplication, Senzing is a powerful yet lightweight tool with an artificial intelligence that is actually extremely smart.Read the full review.

SlashNextCategory: email protection
SlashNext has taken the old adage of doing one thing very well to heart. There are two products available to organizations. The first is a detailed and dedicated phishing threat feed that can be used to block phishing sites as they pop up. The second is an appliance that provides even more protection and is able to halt even targeted attacks aimed at a single organization that wouldn’t trigger any other kind of alert. Read the full review.

SolebitCategory: endpoint security/sandboxing
By shifting malware detection away from signatures and behavior to whether any kind of code exists where it’s not supposed to be, the SoleGATE Security Platform from Solebit has the potential to disrupt both endpoint security and sandboxing. Read the full review.

StackRox — Category: Cloud security
StackRox fully integrates with Kubernetes so that it touches all three phases of containerization deployment: the building of the containers, the deployment of them into the cloud infrastructure, and finally the running of those containers as they perform their intended functions. Read the full review.

Threat StackCategory: Cloud security
With a large number of organizations moving their data and applications to the cloud, there is an acute need for a platform designed to natively detect malicious activity occurring there without hindering the underlying network or the business functions that rely on it. The Threat Stack Cloud Security Platform was made to fill that need. Read the full review.

Vectra CognitoCategory: Traffic monitoring
The Vectra Cognito platform incorporates artificial intelligence (AI), deep machine learning and traffic monitoring into a tool that is able to detect threats that other programs miss, even if they are already entrenched inside a protected network. Read the full review.

2017 reviews

Acalvio ShadowPlex


Barracuda Web Application Firewall

Bay Dynamics Risk Fabric

Bitdefender HVI

CAWS Continuous Security Validation Platform




GuardiCore Centra


Kenna Security










XebiaLabs DevOps Platform

Read more security software reviews:

This story, "Best security software, 2019: Lab-tested reviews of today's top tools" was originally published by CSO.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon