During the COVID-19 pandemic cybersecurity threats have proliferated considerably. For example, Google reported that, at one point, it was blocking over 18 million malicious COVID related emails every single day.1
Take this troubling statistic in the wider context of an enormous increase in remote working — and the fact that 95% of cybersecurity breaches are related to human error — and it’s easy to see how important it is for businesses to stay up to date with this ever-evolving threat landscape.2 To deal with the newer breed of sophisticated cyber criminal you’ll also need to limit the possibility of in-house errors and insider sabotage.
With all this in mind, sensible business practice would be to recognise the need for expert third-party cybersecurity vendors — even if you already work with such a vendor, you may find that your specific needs have altered enough to require fresh assistance.
Things to consider when choosing a vendor
Before choosing a vendor you’ll need to take stock of your business, its operations, and its potential cybersecurity requirements. Broadly speaking, you can begin by asking yourself a number of questions. These might include —
- What is the size of your organisation?
- What is your in-house cybersecurity capacity (if any)?
- What percentage of your business operations are performed remotely?
- Are your business operations cloud-based, on-site, or hybrid?
- Are you looking for any services in particular (such as penetration testing, malware protection, BaaS, or network security)?
- What kind of budget are you working with?
Each cybersecurity vendor has their own unique area of expertise. Whether it’s more supported (outsourced) solutions, a cloud-hybrid expert, or a vendor best suited for smaller businesses, the insight afforded by answering these questions allows you to make an informed decision on what particular vendor will be best suited.
With this in mind, let’s turn to look at some of the cybersecurity vendors out there.
1. Arctic Wolf
The cybersecurity solution offered by Arctic Wolf has four main components:
- Managed Detection and Response’: (MDR) provides faster detection and response to cyber threats, all whilst eliminating false positives and alert fatigue. The Arctic Wolf ‘Concierge Security Team’ (CST) augments this process, working directly with your organisation to continuously monitor, respond, and to offer longer-term strategic guidance.
- ‘Managed Risk’: This relates to the scanning of networks, endpoints, and cloud environments. The result is a more quantified understanding of risky software, assets, and accounts within your operational environment, allowing you and the CST to strengthen security accordingly.
- ‘Managed Cloud Monitoring’: This feature enables simultaneous detection of cloud-specific vulnerabilities and attacks across multiple SaaS and IaaS platforms. Cloud security improvements are streamlined by experts from the CST.
- ‘Managed Security Awareness’: This uses a cloud-native platform to limit the risk of social engineering attacks as well as threats related to human error. The CST service undertakes security awareness training for employees and frequent automated phishing tests, all assisted by analytics and machine learning.
The standout feature of Arctic Wolf as a vendor is their CST — having the support, input, and skills of real experts at your fingertips (as a customer) is undeniably valuable at all levels of cybersecurity.
Well suited to:
The human training component offered by the CST might well make them the best fit for businesses that are particularly concerned with employee awareness and human error — huge factors in a business’ overall cybersecurity.
Darktrace’s cybersecurity offering principally revolves around their ‘Darktrace Immune System’ and ‘Cyber AI’ services. The Darktrace Immune system has two variations (‘Enterprise’ and ‘Industrial’) and operates like the more familiar biological immune system — namely, by identifying and responding to threats.
Darktrace’s ‘Cyber AI Analyst’ is designed to mimic the behaviour of human security analysts. It functions to triage and interpret security incidents, and compiles these incidents into digestible reports.
Both the Darktrace Immune System and their Cyber AI services use machine learning and AI to understand behavioural patterns of users, devices, and how these interact within wider systems. Darktrace’s autonomous AI allows their services to continually refine themselves in light of security issues and ongoing business operations.
Unsupervised machine learning can be seen as having an advantage over human security analysts in that it can undertake hundreds of parallel investigations simultaneously, all under the direction of the Cyber AI analyst.
Well suited to:
You may find that Darktrace’s product is well suited to your business if traditional human (in-house or third-party) security teams or non-autonomous analytics are struggling to keep pace with any especially large-scale cybersecurity requirements.
The Falcon Complete package is their most holistic MDR offering. With this solution you’re provided with next-gen antivirus protection, endpoint detection and response capabilities, active threat hunting services, as well as 24/7 support from a team of seasoned individuals that are dedicated to threat detection and response. The Falcon Platform used across all tiers is 100% cloud-native, meaning that the need for additional software or hardware is eliminated.
The unique feature of CrowdStrike’s cybersecurity offering lies in its heavily tiered system. By being broken down into four distinct service bundles (each with the option of being supported by additional modules added later) CrowdStrike involves great flexibility into potential cybersecurity options.
Well suited to:
This diverse and flexible product offering is likely to appeal to businesses who aren’t entirely sure of the level of security their business needs, or who are particularly budget conscious. Smaller-size businesses might benefit from lower tiers of protection, as well as the option to scale-up or scale-down through additional security modules if and when their needs change.
FireEye’s product offering involves a number of services. These include:
- The ‘Helix’ security platform
- Network and security forensics
- Endpoint security
- Email security
- Multi-cloud security
- On-demand detection
Together these components offer network visibility, protection against email-based attacks (including phishing and impersonation-based threats), comprehensive endpoint security and advanced threat detection, expert cloud protection across multiple workloads, and various analytics tools (including SIEM). These components are unified under FireEye’s Helix security platform.
The Helix security platform, designed with rapid and scalable deployment in mind, is notable among FireEye’s cybersecurity services. The SaaS platform applies to both FireEye’s functions and third-party solutions, offering threat intelligence, automation, case management, and control.
The SIEM analytics behind the Helix platform utilises Big Data to construct an holistic picture of IT security, whilst user behaviour analytics illuminate both internal and external threats.
Well suited to:
The scalable deployment method of the Helix SaaS platform is well suited to maintaining cost-efficiency. By only using those cybersecurity services which are necessary, businesses with cost as a primary consideration are likely to find utility in this platform.
NetScout’s security product offering is fairly extensive, but generally it can be broken down into cloud application security and cybersecurity/DDoS protection. For an idea of NetScout’s services consider the following:
- Omnis Security Platform: This is a solution readily suited to scalability. It unpacks your network and turns its features into ‘Smart Data’. This data is then used to generate comprehensive visibility (and rapid response times) across potentially fragmented infrastructure.
- Omnis Cyber Investigator: A feature that operates across entire organisations, functioning to isolate and investigate risks. Through using SIEM analytics visibility is increased, and the damage of cyberattacks and undiagnosed threats are minimised.
- Omnis IDS: This is a network-based intrusion detection system. Like the Cyber Investigator, it is a sophisticated solution to undetected threats, and operates across physical, cloud, and cloud-hybrid settings.
Visibility is a key feature of the solutions which NetScout offers. For example, the ’Cyber Threat Horizon‘ service assists in making not just your organisation visible, but your industry, suppliers, and customers too. This level of clarity is essential for thoroughly rooting out threats.
Well suited to:
The emphasis on visibility is likely to appeal to organisations who have previously suffered from blind spots. Considerably large-scale businesses with certain complex operations are going to benefit from a cybersecurity vendor — like NetScout — that really focuses on transparency and detail.
ExtraHop’s security solutions are undertaken by their ‘Reveal(x) 360’ platform, a could-native NDR cybersecurity solution which is designed to unify security functions across hybrid, multi-cloud, and ‘containerised’ environments.
With emphasis on complete visibility, real-time analytics-based detection, and intelligent threat response, Reveal(x) 360 gives businesses the ability to:
- Detect advanced kinds of threats
- Monitor and analyse workloads and data
- Respond to incidents
- Undertake vulnerability assessments
- Audit and comply with cybersecurity requirements
ExtraHop’s platform doesn’t just deal with external threats, it’s also geared up to nullify advanced threats arising from inside an organisation. The ‘zero trust’ approach verifies entire systems, users, and devices, bringing clarity to all relevant operations.
Well suited to:
Given ExtraHop’s zero trust model — alongside their use of behavioural analytics and context-based investigations — this cybersecurity vendor potentially pairs well with businesses who have suffered from threats like internal bad actors in the past.
Determining the right solution for you
If there’s anything that the diversity in these comparisons shows it’s that choosing a vendor must be done within the context of your specific business and its operational requirements.
But you can be overwhelmed by the nuances of each individual vendor, and uncertain whether these vendors will genuinely pair well with the ins-and-outs of your business. To help make sense of all this information it’s advisable to pair with an industry-leading expert who really understands what the cybersecurity space offers.
At Nexstor, we are those experts, and we offer precisely that service. With an audit or chat with us we’ll not only be able to assist you in determining the right vendor, we’ll also offer advice on how certain products will be best implemented within your organisation specifically.
If you want to make your business cyber secure and get back to doing what you do best, get in touch today for a free assessment.