If organizations are struggling to keep up with security challenges, it certainly isn't because of a lack of available tools. Over the past two decades or so, security vendors have brought to market a bewildering array of products designed to address the challenges enterprises face from constantly evolving threat and infrastructure landscapes.
These tools perform a broad range of functions from endpoint and network protection to cloud security to identity and access control. Some are absolutely fundamental to enterprise security. Others are less so but provide important point solutions for certain organizations or infrastructures.
The following is a listing of product categories separated into two groups. The first includes the types of tools that are essential to enterprise security. The second are product types that are great to have, but in most organizations are not must-have.
Note: The products listed under each category are representative of tools in that particular class. Their inclusion in this list does not indicate the products are market leaders or are the most popular products in that particular category.
10 essential security tools
1. Network access control (NAC)
NAC products allow enterprises to enforce security policies on devices and users attempting to access their network. NAC products can help identify who and from where someone is attempting to log in. They also help ensure that the device being used has the needed security patches, antivirus software and other controls before granting the user role-based access to enterprise assets.
Why NACs are essential
With the growing complexity of enterprise IT infrastructures and ever-changing regulations, you need a way to know what is connecting to your network and that you are handling access rules and controls consistently. Most of the NAC vendors have had to adapt their products to better address the increased use of mobile devices, including employee-owned smartphones and tablets, and the growing number of internet of things (IoT) devices connecting to a network.
NAC products
Aruba ClearPass Policy Manager provides role and device-based network access control. Organizations can use the product to enforce security policies on corporate and personally owned devices that employees, trusted outsiders, and guests use to access their network.
ForeScout CounterACT provides enterprises a way to discover, classify and assess all devices on their network without requiring an endpoint agent on them. The technology is designed to enable instant visibility into any device that connects to an enterprise network and to enforce policy-based access control on them. It uses a combination of active scanning techniques and passive discovery and profiling to discover devices—including rogue devices—on the network.
2. Data loss protection (DLP)
DLP tools protect against sensitive data being accidentally or maliciously transmitted outside an organization. They work by monitoring network traffic for data elements that match specific characteristics or patterns—such as those associated with credit card or Social Security numbers. Administrators can use the products to alert them about sensitive data potentially egressing the network or they can use them to actively block transmission of such data. Increasingly many DLP products are designed to protect against data leaks in the cloud.
Why DLP tools are essential
Hackers can and will get past an organization’s defenses and gain access to data and systems. DLP tools are a key weapon to detect hacker activity once they are in. They are also critical for identifying possible insider threats by red-flagging unusual employee behavior. Recent privacy regulations that can levy significant fines if a data loss occurs only increase the value of having a good DLP solution in place.
DLP products
Symantec Data Loss Prevention is designed to protect against data leaks via endpoints, cloud apps, email and web communications. The technology ships with out-of-the-box policies that organizations can use to ensure compliance with regulations such as the EU’s General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS).
McAfee DLP is part of a broader suite of data protection and encryption technologies. It protects against data leaks on the network, at the endpoint, on storage systems and in the cloud. McAfee DLP can be deployed through the company's ePolicy Orchestrator security management platform. It supports features that allow enterprises to create an inventory of assets, categorize large volumes of unclassified data and to scan the data for policy violations.
3. Firewalls
Firewalls are purpose-built systems for filtering network traffic using rules that administrators set. Firewalls protect against malware, unauthorized logins and a variety of other security threats. Administrators can use a firewall to block traffic based on originating IP or IP range, URLs, the ports to which traffic may be headed and other criteria. The latest firewalls also do deep packet inspection, application level traffic filtering and intrusion detection and prevention.
Why firewalls are essential
While the move to the cloud is eliminating the kinds of boundaries that traditional firewalls were designed to defend, most firewall products today have evolved beyond pure perimeter defense to providing more client-side protections against some of the biggest risks including URL and attachment filtering, patch discovery, and inline patching.
Firewall products
Fortinet FortiGate is a next-generation firewall technology that can be deployed at the network edge, in data centers, internal network segments and in the cloud. FortiGate is powered by a special-purpose security processor and can, among other things, inspect SSL for malware hiding in encrypted traffic.
Cisco Firepower NGFW Series is a family of fully integrated firewall products with capabilities for threat prevention, threat detection, application firewalling, and advanced malware protection.
4. Intrusion prevention systems (IPS)
An IPS is an inline technology that usually is deployed right behind the enterprise firewall for inspecting traffic flows and automatically dropping malicious data packets and taking other proactive action to mitigate threats. It incorporates the functions of intrusion detection systems (IDSs), which only scan networks and report on potential threats, and adds capabilities to automatically respond to anomalies based on preset rules.
Why an IPS is essential
An IPS complements a firewall or other network defense by doing deeper analysis on network traffic to identify patterns that match known threats. Having an IPS in place can significantly cut down on response time and prevent additional damage from the threat source by blocking traffic from the source address and resetting the connection.
IPS products
Cisco Next Generation IPS (NGIPS) is available in both hardware and software form factors. The products include features like Cisco's Application Visibility and Control (AVC) technology for monitoring against application-level threats, the company's Advanced Malware Protection (AMP) sandboxing and malware blocking capability and URL filtering.
Trend Micro TippingPoint Threat Protection System is anext generation IPS that touts real-time detection, enforcement and remediation of threats. Key features include on-box SSL inspection, advanced threat analysis and a real-time machine learning capability for detecting evolving and short-lived threats.
5. Endpoint protection
Endpoint protection tools protect desktops, laptops and other endpoint devices against viruses, worms and a wide range of other malware and malicious activity. Tools in this category often combine traditional antivirus capabilities with antimalware protection, firewall and intrusion detection functions.
Why endpoint protection is essential
Endpoint protection tools offer both malware detection and remediation capabilities against known and unknown threats that make it past detection and prevention defenses at the network level. Many endpoint protection tools enable continuous monitoring of endpoint devices and typically can be managed centrally. In this age of ransomware, cryptomining and phishing, protection at the client layer is vitally important.
Endpoint protection products
ESET Endpoint Security combines antivirus and antimalware capabilities with web filtering, firewall and botnet protection features. The product is positioned as capable of protecting against ransomware, targeted attacks, fileless attacks and advanced persistent threats.
Symantec Endpoint Security is agent-based and integrates endpoint detection and remediation (EDR), deception and hardening against known and new threats. The technology allows organizations to deploy baits and decoys to trick attackers into revealing their presence and can limit or quarantine suspicious apps.
6. Identity and access management (IAM)
IAM products help organizations control user access to enterprise systems and data. Such products help ensure that authorized individuals are able to gain access to the right enterprise resources at the right time. Many IAM products allow organizations to control access to enterprise assets based on a user's role in the organization.
Why IAM is essential
As companies migrate more applications and data to the cloud, traditional boundaries dissolve and perimeter protection becomes less meaningful. Identity becomes the new perimeter. That makes the ability to accurately authenticate and authorize people and devices connecting to your network a requirement.
IAM products
SailPoint Technologies IdentityIQ is an on-premise identity governance platform designed to give organizations complete visibility overs users and the applications, systems and data they access. The technology integrates features that allow organizations to put control in place to ensure that access to enterprise systems and data is always in compliance with corporate policies.
Centrify Next Gen Access is designed to help organizations control access to endpoints, applications and infrastructure. The products allow organizations to enable SSO and MFA. The technology can also be used to manage privileged user access to critical enterprise resources.
For information on more IAM products, see The best IAM software: Rating the top 10 products.
7. Cloud access security brokers (CASB)
CASBs allow organizations to enforce security policies on users accessing cloud services. CASBs can be deployed on premises or in the cloud and are placed between the cloud service provider and the cloud service user. They can be used to enforce a slew of security policies including authentication, authorization, SSO and malware detection and prevention.
Why CASBs are essential
The latest iterations of CASBs have more features and integrate better with other enterprise security tools. That’s good, because it allows CASBs to pinpoint where an organization is most vulnerable to security threats or compliance issues. They can also help organizations manage identity and authentication across multiple cloud applications.
CASB products
Netskope Security Cloud can be deployed entirely in the cloud, as an on-premise appliance, or both. Organizations can use Security Cloud to enforce policies on enterprises users accessing sanctioned or unsanctioned cloud services via a browser, desktop app or a mobile app.
McAfee Skyhigh Security Cloud gives enterprises a way to gain complete visibility over user behavior in the cloud including what apps and data they access and the context of that access. It supports features that enable real-time policy enforcement across cloud services.
8. Antimalware tools
Antimalware tools are often confused with antivirus software, though their capabilities are somewhat different. Antimalware products can protect organizations not just against viruses and worms but also against spyware, ransomware, Trojans and a range of other threats. In fact, enterprise-class antimalware tools have largely replaced standalone antivirus solutions.
Why antimalware is essential
Classic computer viruses are no longer the top threat. Ransomware and cryptomining now account for the vast majority of attacks initiated at the client level. Organizations need both antivirus and antimalware capabilities to defend against these modern threats.
Antimalware products
Kaspersky Anti-Virus works by scanning PCs for viruses, ransomware, spyware and other malicious code. Recent editions of the software can scan for drive-by cryptomining tools as well.
Webroot SecureAnywhere Business Endpoint Protection is an endpoint protection tool that can help enterprises protect against malware threats across multiple vectors including email, browsers, apps, files and URLs. The company touts an advanced behavioral heuristics capability for identifying previously unknown threats.
For information on more enterprise antimalware products, see The best antivirus software? Kaspersky, Bitdefender and Trend Micro lead in latest tests.
9. Endpoint detection and response (EDR)
EDR tools detect and remediate threats on endpoint devices. The products work by monitoring user and endpoint system and constantly comparing the behavior against behaviors associated with known threats.