CrowdStrike Falcon Endpoint Protection Enterprise unifies the technologies required to stop breaches, including next-gen antivirus and EDR, managed threat hunting, and threat intelligence automation, delivered via a single lightweight agent.
10. Mobile threat defense
Mobile threat defense assists protects mobile devices from viruses, worms, ransomware, phishing, spyware, and data loss. Gartner described products in this class as needing to protect mobile devices at the application level, the network level, and the device level.
Why mobile threat defense is essential
Nearly all organizations struggle with managing the mobile devices that connect to their networks — both those they own and those their employees own. An enterprise mobility management (EMM) or mobile device management (MDM) offering will not have the security detection and prevention capabilities as a mobile threat defense tool. Without those capabilities, mobile devices can be a vector for hackers to gain access to a network.
Mobile threat defense product examples
Wandera continuously scans apps installed on a mobile device for signs of malware or other malicious activity. It compares data from scans with that collected from billions of end points to identify threats. Wandera also protects against attempted malware downloads, phishing attempts, and other threats at the network level.
Zimperium zIPS Mobile Intrusion Prevention System is an IPS designed to protect Android and iOS devices against mobile attacks at the device, network, and application layer. zIPS monitors mobile devices for malicious activity and uses ML to analyze deviations from typical behavior for the device.
11. Backup and disaster recovery
Backup and disaster recovery is an essential security control for any organization. Options abound, ranging from local backups to air-gapped server-based backups to the cloud. Backups and disaster recovery plans are essential for recovering from ransomware, although it is vital to ensure the image or files to be restored are free from malware or ransomware before the restore takes place.
Why backup and disaster recovery are essential
While backup and disaster recovery are known components of every enterprise’s standard operation, bare-metal restores (BMRs) from the cloud might still be novel for SMBs. Speed is a prime consideration for recovery and cloud-based BMR speeds have improved significantly in the past several years. Secured, encrypted backups are yet another key security control often required to qualify for cyber insurance.
Backup and disaster recovery product examples
Faronics Deep Freeze Enterprise is an on-premises disk imaging offering that touts recovery on restart using a restore button. The application supports Windows and Mac servers and workstations, as well as enterprise networked endpoints. Deep Freeze Cloud, the off-prem version, is a SaaS option.
Axcient x360Recover allows users to perform a BMR from a direct-to-cloud (D2C) backup snapshot in the Axcient cloud. A BMR uses a disk image and restores it to on-premises servers or workstations. The program, popular with MSPs, allows users to protect data in Windows, Linux, MacOS, VMware, the public cloud, and IaaS models.
Additional backup and recovery resources
12. Incident response management
Incident response management systems are critical for identifying data breaches and ensuring response teams follow a predefined set of actions to protect your data, ensure evidence of the breach is not compromised, and keep all key stakeholders appropriately involved in the incident response.
Why an incident response management is essential
Depending on your organization’s industry, you might be required to have an incident response management system to comply with industry or governmental compliance regulations and cyber insurance policy requirements. Such systems are designed to ensure appropriate actions are taken in the right order and all reporting for compliance is conducted in a timely basis.
Incident response management product examples
EHSInsight Incident Management Module streamlines reporting and tracking workplace incidents, ensuring your team can handle all types of incidents, including near misses. It centralizes all relevant records, making it easier to manage and analyze incident data. After all, not all incidentsare data breaches.
Conopy’s incident response software can determine if an incident is legally considered a “breach,” if personally identifiable information (PII) or protected health information (PHI) was compromised, and if the enterprise could be bound by strict, non-negotiable notification deadlines enforced by GDPR, HIPAA, FERPA, and other data privacy regulations.
Additional incident response management resources
13. AI infrastructure security
AI is on the rise in the enterprise, with organizations increasingly launching proofs of concepts to explore the business value of putting large language models (LLMs) and other emerging AI tools to work in service of optimizing and automating business workflows. But in a rush to adopt AI, many companies are skipping out on security hardening practices, opening their enterprises and data to new vulnerabilities and threats. As a result, new categories of security tools are arising to help improve the security and governance of enterprises’ emerging AI infrastructures and strategies.
Why AI infrastructure security is essential
AI is becoming table stakes for enterprise survival, and the technology’s appetite for data puts organizations at greater risk of leakage and exposure. Moreover, the automated nature of AI applications and the near obscurity of how models derive their insights and actions exposes enterprises to model manipulations and thus outputs they may not otherwise know to be problematic. AI infrastructure security tools can also ensure that vital business data does not get injected into LLMs and that business users are following prescribed governance guidelines when interacting with AIs.
AI infrastructure security product examples
CalypsoAI released an enterprise-grade AI security engine designed to protect AI usage across all use cases, ensuring regulatory compliance. It can detect and protect personally identifiable information and intellectual property while using role-based access controls and permissions. It can secure protected information from being entered into external large language models with filtering and audit tools.
Lakera Guard secures gen AI applications with highly accurate, low-latency controls. It defends LLMs against prompt injection attacks, sidestepping attacks, and direct attacks.
Additional AI infrastructure security resources
1. Third-party risk management (TPRM)
TPRM covers a broad range of threats, going deeper than direct business partners, as secondary, tertiary, and beyond partners can be sources of network threats. For example, a direct business partner that uses a translation firm in Asia (secondary partner), which outsources some work to a smaller firm in a country that might have US sanctions against it (tertiary partner), could be the source of malware that works its way up the partner chain. Organizations with aggressive TPRM programs could require their partners to provide audit statements that declare their supply chain is free from potential threats.
Why you might need TPRM
According to Forrester Research, around two-thirds of all data breaches have a TPRM component. Sometimes attackers go after a business partner to reach a larger target; often the issues can be an accidental breach caused by a partner inappropriately accessing data on a portal not intended for its use. For these reasons, cyber insurance vendors see TPRM as a serious issue.
TPRM product examples
ProcessUnity’s CyberGRX Exchange uses data analytics, real-world attack scenarios, and real-time threat intelligence to provide a portfolio analysis of an organization’s third-party ecosystem, helping prioritize risks to make smarter decisions. Vendor onboarding is automated, establishing a single, standardized process for introducing a provider into the database.
Mastercard RiskRecon’s third-party risk analysis methodology considers 11 security domains and 41 security criteria to produce contextualized insights into third-party security performance. This attack surface coverage supports enterprise risk management (ERM) beyond TPRM. The software rates TPRM on two scales, managing risks across attack surfaces such as email security, application security, and network filtering.
Additional TPRM resources
2. Post-quantum cryptography (PQC)
While commercial quantum computers are years away from being ubiquitous, they will necessitate a major change in companies’ cryptography strategies. Asymmetric cryptography, such as RSA and elliptic curve cryptography (ECC), likely will become obsolete when quantum systems ship, so enterprises need to plan on migrating to quantum-resilient cryptography now. Hardware acceleration is generally considered superior to software-based encryption and decryption because of the exceptionally high speeds at which quantum computers will process data, although you still will see some software-based encryption.
Why you might need PQC
Because of how quantum computing handles mathematical processes, traditional asymmetric cryptography methods such as integer factorization will be easily compromised. To combat this, enterprises should develop plans to migrate to symmetric approaches, such as hashing, hardware-based symmetric encryption, or another quantum-resilient approach.
Post-quantum cryptography product examples
IBM z16 is a quantum-safe security processor for IBM Z mainframes that uses cryptographic methods that protect against attacks from both traditional and quantum computers. The IBM z16 platform has an on-chip acceleration Telum processor designed for real-time AI inferencing to help identify fraud.
MagiQ QPN’s security approach exchanges encryption keys with absolute security: Quantum Key Distribution. By sending key bits encoded at the single photon level on a photon-by-photon basis, quantum mechanics guarantees an eavesdropper observing a photon irretrievably changes the information encoded on that photon. The eavesdropper can neither copy nor clone, nor read the information encoded on the photon without modifying it, making this key exchange uncompromisingly secure.
Additional PQC resources
3. Privileged access management (PAM)
Privileged access management is another of security control cyber insurance carriers and brokers desire. It is used to protect admin and service accounts that bypass other security controls from unauthorized access. PAM uses audit logs that record account activities, which can be used for compliance and incident investigations.
Why you might need PAM
PAM offerings are a branch of IAM that focuses on controlling and monitoring privileged accounts. It allows just-in-time access for users with higher-level access, which is a prime target of cyber attackers.
PAM product examples
Delinea Secret Server concentrates on offering authorization for varying identities, ensuring controlled access to critical hybrid cloud infrastructure as well as sensitive data. Aiming to bring down risk, guarantee compliance, and streamline security within an organization, it prioritizes privileged access as a pivotal part of cybersecurity strategies.
CyberArk Privileged Access Manager automatically discovers and onboards privileged credentials and secrets used by human and non-human identities. Centralized policy management allows admins to set policies for password complexity, frequency of password rotations, which users may access which safes, and more.
Additional PAM resources
4. Security information and event management (SIEM)
SIEM helps organizations aggregate, correlate, and analyze logs and security event data from security systems, computer and network devices, applications, databases, and other sources across the enterprise network. It can enable early threat detection and help organizations investigate and respond to incidents and ensure compliance with regulatory requirements for log retention and management.
Why you might need SIEM
SIEM is used mostly in larger organizations or public companies where its centralized management and reporting capabilities help with regulatory compliance. The price point for SIEM products tends to be high and experienced technicians who manage these systems are expensive, so many smaller companies can’t afford it.
SIEM product examples
Splunk Enterprise Security is an analytics-driven SIEM product that enables real-time visibility into the security status of your network. It supports “correlation searches” that admins can configure to be alerted on events that meet specific static and dynamic thresholds.
LogRhythm NextGen SIEM collects and correlates a broader set of forensic data than SIEM products that focus on collecting exception-based data. It uses behavioral- and scenario-based analytics to help reduce the mean time to detect security incidents and respond to them. Admins can use the platform to track their mean time to detect and mean time to respond to incidents so they can monitor their own performance.
Additional SIEM resources
5. Web content filtering
Content filtering appliances and software enable organizations to enforce policies restricting access to websites and content deemed inappropriate, offensive or illegal. The tools can also be used to control access to bandwidth hogging sites and services as well.
Why you might need a web content filtering tool
Many organizations use such tools to block access to content and sites that might be considered as impacting productivity such as social media sites or sports sites. Organizations often deploy web content filtering to comply with industry or regulatory requirements.
Web content filtering products
Forcepoint URL Filtering allows organizations to block or control access to web content using over 120 security and content categories. The technology supports the creation of custom filters for permitting or denying access to users on a timed or a permanent basis.
Barracuda Web Security Gateway can be used to restrict access to sites and content, based on organizational policies. The content filtering function is part of a broader suite of web security and management capabilities that include anti-spyware, malware and virus protection.
6. Endpoint encryption
Endpoint encryption tools encrypt sensitive data on desktops, laptops, and other endpoint devices. Some products support encryption on removable media such as USB drives and SD cards. Endpoint encryption typically supports both full disk encryption and file-level encryption capabilities.
Why you might need endpoint encryption
If you have valuable data or intellectual property stored on endpoint devices, then you need to do more than trust your network or cloud security measures to keep bad actors from taking them. Encrypting important files at the device level means they are useless to hackers if they gain access.
Endpoint encryption product examples
Check Point Full Disk Encryption Software Blade encrypts user data, OS files, temporary files, and even erased files on a disk. The encryption is certified to FIPS, meaning it’s approved for use within the US federal government.
Sophos SafeGuard Encryption offers full-disk encryption using Microsoft BitLocker and Mac FileVault. It also can be used to encrypt files individually. It encrypts data as it is created and supports always-on Synchronized Encryption to continuously validates the user, application, and device integrity before enabling access to encrypted data.
7. Patch management
Patch management is the process of updating software, drivers, and firmware to fix vulnerabilities, improve performance, and ensure compliance. It’s another key control required by many cyber insurance carriers. Patch management is also useful in ensuring organizations comply with industry regulations and laws, such as PCI DSS and GDPR.
Why you might need patch management
Patch management can be used in identifying, acquiring, testing, and installing patches; deciding which patches are needed for specific devices and software; making sure patches are installed correctly; and documenting the process.
Patch management product examples
Altera patch management is an AI-powered patch management tool that generates scripts in seconds and automates patch scheduling. You can design, plan, and implement patches at scale, ensuring seamless operations and predictable user experiences across your network.
ConnectWise Automate can manage patches across multiple machines, automate approvals, and set policies for Microsoft and third-party software. It offers out-of-the-box scripts, around-the-clock monitoring, and other automation capabilities.
Additional patch management resources
8. Virtualization security
Virtualization security products can help organizations monitor and secure virtualized environments and software-defined infrastructure against malware and other threats. The products can help organizations get better visibility into and control over virtual and software-defined environments.
Why you might need virtualization security
If you run virtualized environments, you need security to match. Traditional approaches and tools will not adequately protect you. Virtualization security tools provide controls and processes at each virtual machine. They also allow for setting consistent security policies across the virtual environment.
Virtualization security product examples
Bitdefender GravityZone is engineered for deployment in virtualized environments. Companies can use it to manage security on on-premises and cloud-based virtual machines via a single console and without the need for multiple agents on the VMs.
Hytrust Cloud Control is an access control, forensic logging, and policy enforcement product for VMware environments. It ensures only hypervisor admins are allowed to take approved actions and block actions that are not approved. The technology also enforces policies where secondary approval might be needed for certain particularly impactful actions.
9. Enterprise password managers
Password managers help ensure users have strong, unique passwords, typically storing the passwords securely in encrypted fashion and helping enforce policies for strong passwords, shared accounts, and provisioning and de-provisioning users. Many enterprise password managers integrate with Active Directory and other user directories and offer centralized administration capabilities.
Why you might need an enterprise password manager
Many companies look to SSO to help their employees and admins escape password hell. But SSO leaves gaps. For example, not all cloud applications can easily be brought into an SSO solution. An enterprise password manager can help employees maintain good password practices while reducing the stress level of admins tasked with enforcing those practices.
Enterprise password management product examples
BeyondTrust Password Safe controls scripts, files, code, and embedded keys. It eliminates hard-coded credentials and can define and automate controlled access using REST APIs. It also can secure and control access to privileged credentials, and automate password rotation.
LastPass Enterprise integrates with Active Directory and other directories such as Okta and Microsoft Azure ID to assist in account creation, group management, and user account termination. Admins can use it to centralize password management functions, control shared access, and implement MFA.
Additional enterprise password manager resources
10. Cloud workload protection platform (CWPP)
CWPP products broadly focus on protecting workloads not just on containers but any cloud instance. These tools help organizations detect vulnerabilities, protect against malware and intrusion attempts, and ensure cloud workloads are protected in compliance with required standards.
Why you might need CWPP
If a significant amount of your IT infrastructure is run in the cloud, you should consider a cloud workload security solution even if it’s hosted by a leading provider. The more varied the workloads you run, the more you need a workload tool to manage and secure your cloud instance.
CWPP product examples
Fidelis CloudPassage Halo permits organizations to use the workload protection service to assess the attack surface of their cloud workload, identify vulnerabilities, and manage local access controls on the servers hosting their data. The service helps detect policy violations, configuration changes, and other issues that might weaken workload security.
Dome9 Compliance Engine is designed to help organizations continuously monitor cloud workloads running on AWS, Microsoft Azure, Google Cloud, and multicloud settings. The hosted service helps organizations assess compliance status, identify issues that may putt that status at risk, and fix those issues in place.
