We have been using AccessData tools for years and they never disappoint.
This is a simple tool but it may be one of the most important in your kit.
EnCase has a long history in law enforcement and, in recent years, has moved strongly into the corporate world.
Distil inspects each http request in real time to determine if it is a malicious bot.
This should be in every digital forensic lab, especially those that need to track evidence for use in court.
XRY Office is a mobile device analysis tool, unusual in that it is very strong in recovering forensic data from devices that are locked without having to know the unlock code.
PacketSled is a cloud-based breach detection and network forensics tool that provides real-time detection of threats as they cross the wire, and retroactive investigation of host activity including the application of new indicators to historical data.
We are looking at three powerful tools in the UFED series: UFED 4PC Ultimate, UFED Link Analysis and the new UFED Cloud Analyzer.
This product is the poster child for next-generation anti-malware.
The Swiss Army knife of endpoint security.
ESET Endpoint Security is one of the products that does a lot of different functions.
EnCase Endpoint Security really has two parts: Threat Detection and Incident Response.
Advanced Endpoint Protection (AEP) is a very competent anti-malware tool that really focuses on the task at hand: protecting the endpoint from malware threats.
Pulse Secure PulseWorkspace is just for mobile device endpoints. It functions on iOS or Android and, as we are seeing more frequently, it depends on containerization.
SureView Insider Threat is largely an investigative platform.
SentinelOne EPP (Endpoint Protection Platform) is an anti-malware approach to endpoint security on Windows, OS X and Android devices.
VIPRE Business Premium is one of the endpoint products that focuses on malware and it does it well.
While Smart Protection Complete suite has a strong anti-malware component, it also features port and device controls, endpoint encryption and DLP.
This cloud access security broker supports a huge number of cloud applications and is simple to deploy and seamless to users.
This suite of tools from Alert Logic protects data in multiple locations, including on-premises.
The heart of Bitglass Enterprise Edition (BEE) is digital rights management (DRM).
CloudSOC is a new security stack defined for the cloud, residing in the cloud and provisioned from the cloud.
FireLayers Secure Cloud Gateway (SCG) is another approach to securing applications in the cloud.
Stops the spread of attacks with security that enforces precise inbound and outbound communications on every workload based on natural language policies for application interactions.
Integrated security management tool deployed in the cloud.
Provides situational awareness of network architecture, segmentation and cybersecurity, supporting decision-making impacting security and compliance relating to cloud or virtual environments.
Combines security configuration management, threat detection, predictive analytics and automated incident response for cloud assets from branded applications, such as Microsoft Office 365, to infrastructure, such as AWS.
Addresses compliance, security and privacy issues for cloud-based applications.
Centralizes and de-duplicates security tools, such as anti-malware, in a virtual environment.
Automatically and continuously discovers all assets in the virtual infrastructure, allows the grouping of these assets into logical Catbird Trust Zones.
Virtual system security, specifically for Hyper-V environments.
Cloud security automation through encryption.
Behavior-based machine learning and predictive analytics.
Virtualizes existing management tools using proprietary container technology to encapsulate them in their entirety, and enables them to be centrally managed and automated via a policy engine.
A suite of protection functions for VMware, Citrix and Microsoft virtualized environments.
Prevents impact of malware by isolating all user activity and cleaning any malicious files before presenting to the user.
Secure file sharing and collaboration in the cloud.
The Boldon James Classifier bundle is a comprehensive data leakage prevention solution that is easy to implement in organizations large and small.
Code Green Network’s TrueDLP product is an extremely effective solution to data leak protection.
Identity Finder Sensitive Data Manager takes a robust approach to data leakage prevention, offering maximum security across almost any networked device.
Varonis DatAdvantage and the Data Classification Framework work to identify where any and all of your sensitive and proprietary information lies.
The AlienVault Unified Security Management platform is one of the most unique products we have ever had the pleasure of reviewing.
Check Point Software 1180 Next Generation Threat Prevention Appliance (NGTP) is a unified threat management (UTM) firewall, router, gateway and wireless access point.
The CorreLog SIEM Correlation Server is a flexible solution to strengthening security on a network.
Cyberoam CR1000iNG-XP is a next-generation firewall appliance that includes VPN, email, anti-virus, HTTP and HTTPS and FTP anti-virus, anti-spam and IPS with custom signatures inside the modular appliance.
The Dell SonicWALL NSA 3600, along with its TotalSecure license bundle, is the company’s offering for the UTM gateway and next-generation firewall market.
The EiQ Networks SecureVue software suite is a comprehensive log and asset management system that lets network administrators quickly get the full picture of what is going on in their network.
The EventTracker Security Center v7.6 is a great solution for enterprise security information and event management (SIEM).
LogRhythm is a security information and event manager that is extremely customizable, functional and user friendly.
The EventLog Analyzer from ManageEngine is quickly installed and easily scalable software that can be implemented for a network’s SIEM solution.
Intel Security’s McAfee Enterprise Security Manager (ESM) is a security information and event management suite. It is available as a VM or hardware appliance and supports a massive number of products to produce useful information for security administrators.
The EventSentry from Netikus brings to the table a plethora of functionality to ensure system security.
The NetIQ Sentinel may be one of the best SIEM solutions for your network.
SolarWinds Log & Event Manager is one of the most popular SIEMs on the market today – and with good reason.
The Firebox M440 is the latest next-generation firewall offering from WatchGuard.
The ZyXEL Communications USG1900 is a comprehensive UTM firewall that is brilliantly simple to set up.
DualShield is an enterprise-grade, unified, multifactor authentication platform that protects all commonly used business applications with a large selection of multifactor authentication methods.
DIGIPASS 760 is a trusted hardware device for visual transaction-signing that creates a secure optical communication channel between the end-user (client) and the organization (server).
Entrust IdentityGuard is a dual-factor authentication server, app, smart card manager, biometrics server and general jack-of-all-trades when it comes to dual-factor authentication.
SafeNet Authentication Service is a cloud-based authentication service that uses a wide range of tokens and custom agents to support multifactor authentication to include one-time passwords generated by a phone app, SMS, a hardware token or email.
The Imation IronKey F200 Flash Drive is a simple, easy to set up and extremely secure device for users who need to transport confidential data between computers.
LoginTC from Cyphercor is a cloud-based solution that uses a mobile device or a desktop for authentication. It has easy-to-use iOS, Android and Chrome desktop applications to approve logins to a variety of products.
PortalGuard is a multifactor authentication, web-based single sign-on (SSO) through internet information services (IIS) and self-service password reset server and application rolled into one.
The RSA Authentication Manager is a dual-factor authentication system designed from the ground up for enterprise deployment.
SecureAuth IdP is an identity provider – with a unique approach to securing user access control.
The Swivel Appliance is a competitive solution for two-factor authentication methods for clients searching for a secure product.
The BeyondTrust UVM20 Security Management Appliance is the preconfigured hardware offering of Retina CS Enterprise Vulnerability Management.
Core Security’s Core Insight is the gold standard for penetration testing and vulnerability assessment.
Qualys Express Lite is a cloud-based vulnerability assessment tool intended for small businesses.
Rapid7 Nexpose Ultimate is a comprehensive vulnerability scanner that is determined to convince you of its findings.
The SAINT Security Suite is a robust software package that quickly and easily gives a heads-up view of vulnerabilities on the network.
Secunia Corporate Software Inspector (CSI) inspects software on any Windows or Android device with an agent.
The Skybox Enterprise Suite is an enterprise vulnerability assessment tool that is deployed to aid in vulnerability and threat management, as well as security policy management.
Tenable Network Security Nessus is one of the most comprehensive and widely deployed vulnerability assessment tools.
The Tripwire IP360 appliance is a solution for advanced enterprise threat detection, vulnerability management and risk assessment.
This product collects threat intelligence data from a variety of sources.
Engineers at OpenDNS have developed a suite of tools that they use to manage, monitor and investigate potential cyberthreats, especially those that impact name servers directly. One of those tools is Investigate.
This is a solid, technically oriented open source intelligence service.
This is a general open source intelligence tool with a solid, though not extensive, focus on cyberintelligence.
This is an extremely powerful system for gathering, analyzing and acting on cyberthreat intelligence.
ThreatStream’s OPTIC is a cyberthreat intelligence platform that manages the lifecycle of threat intelligence via integration across an enterprise’s security infrastructure.
This is a very good threat intelligence tool where almost all of the threat sources and analytics are under the covers.
Adds a lot of value to your security stack by applying threat intelligence. Provides a prodigious amount of extremely useful research, much of it from analysts around the globe.
Threat intelligence appliance that ties the Norse DarkMatter infrastructure to your network.
The Barracuda Web Application Firewall is a hardware-based device which is used to monitor, assess and remediate web-based application vulnerabilities.
The FortiDB 1000D is a hardware appliance that monitors, audits and identifies vulnerabilities in databases. There are three deployment options: network sniffer, native audit and network agents.
Sensitive Data Manager ties discovery to business issues making classification easier and more relevant.
This is a clean product with a well thought-out goal and a well-executed solution. It is part of the overall CA suite of access control products with which it integrates smoothly, and it offers dynamic classification and recognition.
Allows users to apply relevant visual and metadata labels.
Provides classification for data, largely in a Microsoft environment, plus mobile environments.
Threat protection centered outside the firewall.
Detects anomalous behavior on websites.
Account takeover detection and prevention.
Provides evidence-based bot and malware detection with high certainty, in real-time, on any browser-based web request.
Besides automating user creation, the Avatier suite of products offers seamless integration with HR software, enables IT departments to set up a web portal for users to reset their passwords, and it can also create workflows so that high-level IT personnel aren’t bogged down with lower-level requests.
The ForeScout CounterACT is a policy-based network access control product that allows for inventory, classification and regulation of endpoints and network devices.
The Forum Systems Sentry API Gateway is a comprehensive application security appliance that allows users to set up robust security over a variety of different protocols and data formats.
The Hexis Cyber Solutions NetBeat NAC is a well-designed network access control solution that can be deployed in minutes.
Sign up to our newsletters
SC Magazine Articles
- Chinese govt. complied with U.S. request to arrest hackers
- Obama administration will not push for legislation requiring mandatory encryption
- Data Security in the 21st Century: Understanding what data to protect
- Consumers need to up password security: Darren Guccione of Keeper Security
- U.S. authorities identify Chinese companies that benefited from military cybertheft