58 Integrations with LogRhythm SIEM
View a list of LogRhythm SIEM integrations and software that integrates with LogRhythm SIEM below. Compare the best LogRhythm SIEM integrations as well as features, ratings, user reviews, and pricing of software that integrates with LogRhythm SIEM. Here are the current LogRhythm SIEM integrations in 2024:
-
1
Kroll Cyber Risk
Kroll
We are the world incident response leader. Merging complete response capabilities with frontline threat intelligence from over 3000 incidents handled per year and end-to-end expertise we protect, detect and respond against cyberattacks. For immediate assistance, contact us today. Tackle every facet of today and tomorrow’s threat landscape with guidance from Kroll’s Cyber Risk experts. Enriched by frontline threat intel from 3000 incidents cases every year, our end-to-end cyber risk solutions help organizations uncover exposures, validate the effectiveness of their defenses, implement new or updated controls, fine-tune detections and confidently respond to any threat. Get access to a wide portfolio of preparedness, resilience, detection and response services with a Kroll Cyber Risk retainer. Get in touch for more info. -
2
Keeper Security
Keeper Security
Keeper Security is transforming the way people and organizations around the world secure their passwords and passkeys, secrets and confidential information. Keeper’s easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Keeper’s solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations globally, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging. Protect what matters at KeeperSecurity.com.Starting Price: $2.00 per user, per month -
3
BackBox
BackBox
BackBox offers a simple way to intelligently automate the backup, restoration, and management of all devices on a network by providing centralized management of devices such as firewalls, routers, switches, and load balancers. Each of these devices plays a critical role in the availability and security of an organization’s network, and BackBox ensures they all continue to function effectively and effortlessly, streamlining operations for optimal performance. BackBox provides a foundation to harmonize the configuration between multiple devices, enabling seamless integration, and assuring compliance to organization or industry security policies, standards, or guidelines. IT administrators can easily employ BackBox to track configuration changes and see the deviation with the baseline for compliance validation and remediation. -
4
SIRP
SIRP
SIRP is a no-code risk-based SOAR platform that connects everything security teams need to ensure consistently strong outcomes into a single, intuitive platform. SIRP empowers Security Operations Centers (SOCs), Incident Response (IR) teams, Threat Intelligence teams, and Vulnerability Management (VM) teams through integration of security tools and powerful automation and orchestration tools. SIRP is a no-code SOAR platform with a built-in security scoring engine. The engine calculates real-world risk scores that are specific to your organization for every incident, alert, and vulnerability. This granular approach enables security teams to map risks to individual assets and prioritize response at scale. SIRP makes all security tools and functions available to security teams at the push of a button, saving thousands of hours each year. Design and enforce best practice security processes using SIRP’s intuitive drag-and-drop playbook building module. -
5
Varonis Data Security Platform
Varonis
The most powerful way to find, monitor, and protect sensitive data at scale. Rapidly reduce risk, detect abnormal behavior, and prove compliance with the all-in-one data security platform that won’t slow you down. A platform, a team, and a plan that give you every possible advantage. Classification, access governance and behavioral analytics combine to lock down data, stop threats, and take the pain out of compliance. We bring you a proven methodology to monitor, protect, and manage your data informed by thousands of successful rollouts. Hundreds of elite security pros build advanced threat models, update policies, and assist with incidents, freeing you to focus on other priorities. -
6
VMware Carbon Black EDR
Broadcom
Threat hunting and incident response solution delivers continuous visibility in offline, air-gapped and disconnected environments using threat intel and customizable detections. You can’t stop what you can’t see. Investigations that typically take days or weeks can be completed in just minutes. VMware Carbon Black® EDR™ collects and visualizes comprehensive information about endpoint events, giving security professionals unparalleled visibility into their environments. Never hunt the same threat twice. VMware Carbon Black EDR combines custom and cloud-delivered threat intel, automated watchlists and integrations with the rest of your security stack to efficiently scale your hunt across even the largest of enterprises. The days of constantly reimaging are over. An attacker can compromise your environment in an hour or less. VMware Carbon Black EDR gives you the power to respond and remediate in real time from anywhere in the world. -
7
Validato
Validato
Validato allows IT and Security teams to test the effectiveness of security controls by simulating adversarial behaviors based on known threat scenarios. Validato provides unbiased data and finding on how effective security controls are at detecting and protecting against exploitation of MITRE ATT&CK Techniques. If you are looking to implement a Threat-Informed Defense approach to cyber defense, then Validato is an excellent choice for you.Starting Price: $10,000/year -
8
DNSSense
DNSSense
DNSEye detects malicious traffic on your network and reports whether this traffic can be blocked by your other security devices. DNS is used by all protocols like HTTP, HTTPS, SMTP, and IoT. DNS traffic provides information about your entire network, regardless of its network protocol. With DNS tunnelling, data exfiltration attacks cannot be detected by DLP products. It requires DNS log analysis for an effective solution. 80% of malware domains currently do not have an IP address. Malware requests that do not have an IP address can only be detected in the DNS log. DNSservers generate a large number of difficult-to-understand logs. DNSEye enables the collection, enrichment, and AI-based classification of the DNS logs. With its advanced SIEM integration, it saves time and EPS by transferring to SIEM only the data that SOC teams need to see. DNSEye can collect logs from many different brands and models of DNS servers without the need for making any change in your network structure.Starting Price: $1000 -
9
NorthStar Navigator
NorthStar.io, Inc.
NorthStar is redefining Risk-Based Vulnerability Management with simple, contextual vulnerability prioritization for easier remediation. Common challenges NorthStar addresses are listed below: • Prioritize issues that should be addressed first in order to make the best use of limited resources. • Address lingering exposures that could impact critical business services, applications, and data stores. • Bridge the visibility gap and discrepancies that exist between vulnerability assessment and patch management. • Track reduction in risk over time and validate the most important issues are being addressed first. • Deliver a complete view of their environment – all assets, vulnerabilities and exposures. • Eliminate manual processes and unnecessary spreadsheet work.Starting Price: $8 per device -
10
Axonius
Axonius
Axonius gives customers the confidence to control complexity by providing a system of record for all digital infrastructure. With a comprehensive understanding of all assets including devices, identities, software, SaaS applications, vulnerabilities, security controls, and the context between all assets, customers are able to mitigate threats, navigate risk, decrease incident response time, automate action, and inform business-level strategy — all while eliminating manual, repetitive tasks. Recognized as creators of the Cyber Asset Attack Surface Management (CAASM) category and innovators in SaaS Management Platform (SMP) and SaaS Security Posture Management (SSPM), Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically enforce policies and automate action. -
11
Microsoft Defender for IoT
Microsoft
Accelerate digital transformation with comprehensive security across your IoT/OT infrastructure. Microsoft Defender for IoT offers agentless network detection and response (NDR) that is rapidly deployed, works with diverse IoT, OT, and industrial control system (ICS) devices, and interoperates with Microsoft 365 Defender, Microsoft Sentinel, and external security operations center (SOC) tools. Deploy on-premises or via cloud. For IoT device builders, Defender for IoT offers lightweight agents for stronger device-layer security. Use passive, agentless network monitoring to safely gain a complete inventory of all your IoT/OT assets, with zero impact on IoT/OT performance. Analyze diverse and proprietary industrial protocols to visualize your IoT/OT network topology and see communication paths, and then use that information to accelerate network segmentation and zero trust initiatives.Starting Price: $0.001 per device per month -
12
Box Shield
Box
Shield lets you classify content your way, both manually and automatically. We're excited to announce our powerful, native capability that identifies PII and custom terms within files, and automatically classifies them based on your policies — helping you protect your data at scale. Placing controls close to your content helps prevent leaks in real time, while powering a frictionless end-user experience. Configure access policies within minutes to keep your data secure while letting people do their mission-critical work. Using machine learning, Shield brings you timely, accurate alerts on insider threats, account compromise, and malware attacks. Quickly evaluate alerts in Shield, or send them to your existing tools for further analysis. Shield works with the best-of-breed security tools you already have in place. Alerts containing more insights than ever before can be integrated with your SIEM and CASB for a unified view.Starting Price: $130 per month -
13
Cyble
Cyble
With an eagle-eye perspective into the threat landscape, our comprehensive research will help you identify and mitigate cyber risks before they become a threat to your organization. Our SaaS-based enterprise platform collects intelligence data in real-time across open and closed sources. This enables you to map, monitor and mitigate your digital risk footprint. Through a combination of our industry-leading Machine Learning capabilities and our peerless Human Analytics, we deliver actionable threat intel well before your organization is at risk. Secure your business from emerging threats and limit opportunities for your adversaries. Get a unified view of your organization’s external threat landscape with consolidation of intelligence from the dark web, deepweb, and surface web. Vision enables timely detection and response to cyber incidents. Effectively minimize the impact of attacks and implement recovery solutions with Vision’s advanced intelligence.Starting Price: On Request -
14
Activu
Activu
Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations and incidents. Our customers automatically see, share, and respond to events in real-time, with context, to improve incident response, decision-making, and management. Activu software, systems, and services benefit the daily lives of billions of people around the world. Founded in 1983 as the first U.S.-based company to develop video wall technology, more than 1,000 control rooms and command centers depend on Activu. The most Intuitive, Flexible, Feature rich wall control on the market. Organize information easily based on specific user needs. Easily create Layouts and Templates based on user needs. Organize, place and even move information across multiple video walls. Organize information assets in easily accessible, searchable Spaces. Support for virtually any information source type. -
15
WatchTower Security Management App
Check Point
Monitor your network with Check Point’s WatchTower Security Management app and quickly mitigate security threats on the go with your mobile phone. The intuitive WatchTower Security Management App provides real-time monitoring of network events, alerts you when your network is at risk, enables you to quickly block security threats, and configure the security policy for multiple gateways. View the devices connected to your network and any potential security threats. Real-time notification of malicious attacks or unauthorized device connections. Quickly block malware-infected devices and view infection details for further investigation. Customize notifications for your top-priority security events. View all security events by category and drill down for further information. Configure the security settings for multiple gateways. Manage advanced security policy settings securely via web user interface. -
16
Multi-Domain Security Management
Check Point
Multi-Domain Security Management delivers more security and control by segmenting security management into multiple virtual domains. Businesses of all sizes can easily create virtual domains based on geography, business unit or security function to strengthen security and simplify management. Enable granular and isolated role-based administration of a multi-tenant security management architecture. Single security management configuration for VPN, Firewall, IPS, and other protections. Create, view and control all network security management domains from a single console. Create and centrally manage multiple administrators in the multi-domain security management environments. Give administrators permission to manage specific domains or different aspects of the multi-domain system. Allow multiple administrators to work on different security management domains simultaneously. -
17
GTB Technologies DLP
GTB Technologies
Data Loss Prevention is defined as a system that performs real-time data classification on data at rest and in motion while automatically enforcing data security policies. Data in motion is data going to the cloud, internet, devices, or the printer. Our solution is the technology leader. Protecting on-premises, off-premises, and the cloud whether it be Mac, Linux, or Windows; our Data Loss Prevention security engine accurately detects structured & unstructured data at the binary level. GTB is the only Data Loss Prevention solution that accurately protects data when off the network. Discover, identify, classify, inventory, index, redact, re-mediate, index, control and protect your data including PII, PCI, PHI, IP, unstructured data, structured data, FERC, NERC, SOX, GLBA & more. Our patented and patent-pending, proprietary technology is able to prevent the syncing of sensitive data to unsanctioned or private clouds, while allowing its users to automatically identify “sync folders”. -
18
Code42 Incydr
Mimecast
Incydr gives you the visibility, context and control needed to stop data leak and IP theft. Detect file exfiltration via web browsers, USB, cloud apps, email, file link sharing, Airdrop, and more. See how files are moved and shared across your entire organization, without the need for policies, proxies, or plugins. Incydr automatically identifies when files move outside your trusted environment, allowing you to easily detect when files are sent to personal accounts and unmanaged devices. Incydr prioritizes file activity based on 120 contextual Incydr Risk Indicators (IRIs). This prioritization works on day 1 without any configuration. Incydr’s risk-scoring logic is use case-driven and transparent to administrators. Incydr uses Watchlists to programmatically protect data from employees who are most likely to leak or steal files, such as departing employees. Incydr delivers a complete range of technical and administrative response controls to support the full spectrum of insider events. -
19
Indent
Indent
Good security is necessary, but it doesn't need to be slow or painful, faster access unlocks more revenue. Give on-demand access that’s faster and easier, without frustrating your team. Users request access to apps, managers approve or deny them from Slack, and it's all auditable. End the process of manually cat herding approvals. Every time access is granted, it's a potential security risk. Indent helps teams scale security and least privilege by shifting users to temporary access without slowing down. Automate spreadsheet-based workflows needed for SOC 2, SOX, ISO, and HITRUST with controls and policies baked directly into access request workflows. Only provide access when it's needed instead of issuing permanent access, reducing your license footprint. Indent delivers cost savings without adding friction for end users. When you’re leading a fast-growing company toward success, your team needs to take big risks to deliver big returns.Starting Price: $8 per month -
20
D3 Smart SOAR
D3 Security
D3 Security leads in Security Orchestration, Automation, and Response (SOAR), aiding major global firms in enhancing security operations through automation. As cyber threats grow, security teams struggle with alert overload and disjointed tools. D3's Smart SOAR offers a solution with streamlined automation, codeless playbooks, and unlimited, vendor-maintained integrations, maximizing security efficiency. Smart SOAR's Event Pipeline normalizes, de-dupes, enriches and correlates events to remove false positives, giving your team more time to spend on real threats. When a real threat is identified, Smart SOAR brings together alerts and rich contextual data to create high-fidelity incidents that provide analysts with the complete picture of an attack. Clients have seen up to a 90% decrease in mean time to detect (MTTD) and mean time to respond (MTTR), focusing on proactive measures to prevent attacks. -
21
Exabeam
Exabeam
Exabeam helps security teams outsmart the odds by adding intelligence to their existing security tools – including SIEMs, XDRs, cloud data lakes, and hundreds of other business and security products. Out-of-the-box use case coverage repeatedly delivers successful outcomes. Behavioral analytics allows security teams to detect compromised and malicious users that were previously difficult, or impossible, to find. -
22
Imperva CDN
Imperva
Deploying your websites and applications around the globe can lead to more cyber attacks and fraud, unless you have effective security. The Imperva Content Delivery Network (CDN) brings content caching, load balancing, and failover built natively into a comprehensive Web Application and API Protection (WAAP) platform, so your applications are securely delivered across the globe. Let machine learning do the work for you. It efficiently caches your dynamically-generated pages, while ensuring content freshness. This significantly improves cache utilization and further reduces bandwidth usage. Take advantage of multiple content and networking optimization techniques to minimize page rendering time and improve user experience. Imperva’s global CDN uses advanced caching and optimization techniques to improve connection and response speeds while lowering bandwidth costs. -
23
Imperva WAF
Imperva
Web application attacks prevent important transactions and steal sensitive data. Imperva Web Application Firewall (WAF) analyzes traffic to your applications to stop these attacks and ensure uninterrupted business operations. A noisy WAF forces you to choose between blocking legitimate traffic or manually containing attacks your WAF let through. Imperva Research Labs ensure accuracy to WAF customers as the threat landscape changes. Automatic policy creation and fast rule propagation empower your security teams to use third-party code without risk while working at the pace of DevOps. Imperva WAF is a key component of a comprehensive Web Application and API Protection (WAAP) stack that secures from edge to database, so the traffic you receive is only the traffic you want. We provide the best website protection in the industry – PCI-compliant, automated security that integrates analytics to go beyond OWASP Top 10 coverage, and reduces the risks created by third-party code. -
24
Imperva DDoS Protection
Imperva
Imperva DDoS Protection secures all your assets at the edge for uninterrupted operation. Ensure business continuity with guaranteed uptime. When it comes to DDoS mitigation, the rule of thumb is: ‘moments to go down, hours to recover’. This is why, when defending against an attack, every second counts. Imperva gives you the peace of mind that attack traffic will be automatically blocked at the edge – without you having to scale up in bandwidth to pay for it. Imperva DDoS Protection for Websites is an always-on service that immediately mitigates any type or size of DDoS attack targeting web applications. Our DDoS protection for websites complements the Imperva cloud web application firewall (WAF), which blocks hacking attempts and attacks by malicious bots. A change to your DNS records ensures that all HTTP/S traffic to your domain(s) is routed through the Imperva network. Acting as a secure proxy, Imperva DDoS protection for websites masks your origin server IP. -
25
ThreatConnect Risk Quantifier (RQ)
ThreatConnect
ThreatConnect RQ is a financial cyber risk quantification solution that allows users to identify and communicate the cybersecurity risks that matter most to an organization in terms of financial impact. It aims to enable users to make better strategic and tactical-level. RQ automates the generation of financial cyber risk reporting as it relates to the business, cybersecurity initiatives, and controls. -
26
Scuba Database Vulnerability Scanner. Download Scuba, a free tool that uncovers hidden security risks. Scan enterprise databases for vulnerabilities and misconfiguration. Know the risks to your databases. Get recommendations on how to mitigate identified issues. Available for Windows, Mac, Linux (x32), and Linux (x64), Scuba offers over 2,300 assessment tests for Oracle, Microsoft SQL, SAP Sybase, IBM DB2 and MySQL. Scuba is a free tool that scans leading enterprise databases for security vulnerabilities and configuration flaws, including patch levels, that allows you to uncover potential database security risks. It includes more than 2,300 assessment tests for Oracle, Microsoft SQL Server, SAP Sybase, IBM DB2 and MySQL. It’s possible to run a Scuba scan from any Windows, Mac or Linux client. Depending on your database size, users, groups and network connection, an average Scuba scan normally takes 2-3 minutes. No pre-installation or other dependencies are required.
-
27
Trustwave DbProtect
Trustwave
A highly scalable database security platform that enables organizations to secure their relational databases and big data stores, both on premises and in the cloud, with a distributed architecture and enterprise-level analytics. Databases contain sensitive and proprietary information, making them a prized target for cybercriminals who are constantly looking for ways to access valuable data for large financial payoffs. Trustwave DbProtect helps your business overcome resource limitations to uncover database configuration errors, access control issues, missing patches, and other weaknesses that could lead to data leakage and misuse and other serious repercussions. A real-time view of database assets, vulnerabilities, risk levels, user privileges, anomalies and incidents via a single intuitive dashboard. The ability to detect, alert and take corrective action against suspicious activities, intrusions and policy violations. -
28
Netwrix Threat Manager
Netwrix
Threat detection software from Netwrix to detect and respond to abnormal behavior and advanced attacks with high accuracy and speed. IT infrastructures are getting more complex and the volume of sensitive information stored there is skyrocketing. At the same time, the threat landscape is evolving rapidly, with attacks becoming more sophisticated and more costly. Improve your threat management processes and know about anything suspicious happening in your network, whether it’s an external attack or an insider threat, with real-time alerts delivered via email or mobile notifications. Maximize the value of your investments and enhance security across the IT ecosystem by sharing data between Netwrix Threat Manager and your SIEM and other security solutions. Respond immediately upon threat detection by taking advantage of the extensive catalog of preconfigured response actions, or by integrating Netwrix Threat Manager with your own business processes using PowerShell or webhook facilities. -
29
Qualys WAS
Qualys
Robust cloud solution for continuous web app discovery and detection of vulnerabilities and misconfigurations. Fully cloud-based, it’s easy to deploy and manage, and scales to millions of assets. WAS finds and catalogs all web apps in your network, including new and unknown ones, and scales from a handful of apps to thousands. With Qualys WAS, you can tag your applications with your own labels and then use those labels to control reporting and limit access to scan data. WAS’ dynamic deep scanning covers all apps on your perimeter, in your internal environment and under active development, and even APIs that support your mobile devices. It also covers public cloud instances, and gives you instant visibility of vulnerabilities like SQLi and XSS. Authenticated, complex and progressive scans are supported. With programmatic scanning of SOAP and REST API services, WAS tests IoT services and APIs used by mobile apps and modern mobile architectures. -
30
GigaSECURE
Gigamon
The GigaSECURE® Security Delivery Platform is a next-generation network packet broker focused on threat prevention, detection, prediction and containment. The right tools get the right traffic at the right time, every time. Enable network security tools to keep up with increasing network speed. Gain insight into network traffic. Optimize and deliver relevant data for tool consumption. Reduce tool sprawl and lower costs. Efficient prevention coupled with rapid detection and containment improves your overall security posture. Threats don't stand a chance. GigaSECURE enables security teams to obtain broad access to and control of network data, no matter where it resides. It can be customized to extract specific application sessions, metadata and decrypted traffic. In this architecture, security tools can operate inline or out-of-band at peak performance without compromising network resiliency or speed. -
31
Check Point Infinity
Check Point
Organizations frequently implement multiple cyber security solutions in pursuit of better protections. As a result, they are frequently left with a patchwork security architecture that results in a high TCO. By adopting a consolidated security approach with Check Point Infinity architecture, businesses realize preemptive protection against advanced fifth-generation attacks, while achieving a 50% increase in operational efficiency and 20% reduction in security costs. The first consolidated security architecture across networks, cloud, mobile and IoT, providing the highest level of threat prevention against both known and unknown cyber-threats. 64 different threat prevention engines blocking against known and unknown threats, powered by threat intelligence. Infinity-Vision is the unified management platform for Check Point Infinity, the first modern, consolidated cyber security architecture built to prevent today’s most sophisticated attacks across networks, cloud, endpoints, etc. -
32
Check Point IPS
Check Point IPS
Intrusion Prevention Systems detect or prevent attempts to exploit weaknesses in vulnerable systems or applications, protecting you in the race to exploit the latest breaking threat. Check Point IPS protections in our Next Generation Firewall are updated automatically. Whether the vulnerability was released years ago, or a few minutes ago, your organization is protected. Check Point IPS delivers thousands of signature and behavioral preemptive protections. Our acceleration technologies let you safely enable IPS. A low false positive rate saves your staff valuable time. Enable IPS on any Check Point security gateway reducing total cost of ownership. On-demand hyperscale threat prevention performance providing enterprises cloud level expansion and resiliency on premises. Provide users with secure, seamless remote access to corporate networks and resources when traveling or working remotely. -
33
Barracuda PST Enterprise
Barracuda
PST files are often used by end-users as personal email archives. As a result, they are typically scattered widely across end-user devices and network storage, which makes them notoriously difficult to discover and manage consistently or effectively. Thanks to improvements to Microsoft Exchange and Office 365, your users no longer need to store data locally within PST files. However, legacy PST files still contain important data that you need to bring back under control. Barracuda PST Enterprise is designed specifically to help you address this challenge. You may have many terabytes of data stored in PST files located on end-user devices and on network servers. And these files are notoriously unreliable, since they are often corrupted and easily misplaced. The costs associated with storing, securing, and managing these large files, in terms of both system resources and IT administrative overhead, are significant. -
34
Network Critical
Network Critical
Network Critical’s scalable and persistent visibility layer optimizes network infrastructure without compromising operations or security. Our solutions and systems are used globally across sectors. Network Critical's visibility layer feeds tools and systems data that are required to monitor and control your network. Network Critical’s scalable and persistent visibility layer feeds tools and systems the crucial network data needed to optimize, monitor, and control changing network infrastructure without compromising operations or security. Network TAPs are the base layer of smart network access and are able to monitor events on a local network. This means complete network visibility is maintained across all network security and monitoring platforms. Provides excellent performance and flexibility, needed to manage tools that are protecting network infrastructure, securing information, and keep up with the ever-changing attack environment. -
35
Monitor your IBM i for critical security events and receive real-time notifications, so you can respond quickly—before important business information is deleted, corrupted or exposed. Send security-related events directly to your enterprise security monitor. Through integration with your security information and event management (SIEM) console, Powertech SIEM Agent simplifies and centralizes security and integrity monitoring. Monitor security-related events from the network, operating system, and any journal or message queue in real-time, including changes to user profiles and system values, invalid login attempts, intrusion detections, and changed or deleted objects. Maintain awareness of every security event on your system in real-time so you never miss a potential security breach. Powertech SIEM Agent for IBM i will provide alerts to ensure critical issues are escalated.
-
36
Filigran
Filigran
Embrace a proactive approach with end-to-end cyber threat management, from anticipation to response. Tailored to elevate cybersecurity through comprehensive threat intelligence, advanced adversary simulation, and strategic cyber risk management solutions. Get a holistic view of your threat environment and improved decision-making for faster incident response. Organize your cyber threat intelligence knowledge to enhance and disseminate actionable insights. Access consolidated view of threat data from multiple sources. Transform raw data into actionable insights. Enhance sharing and actionable insights dissemination across teams and tools. Streamline incident response with powerful case management capabilities. Create dynamic attack scenarios, ensuring accurate, timely, and effective response during real-world incidents. Build both simple and intricate scenarios tailored to various industry needs. Improve team dynamics with instant feedback on responses. -
37
Swimlane
Swimlane
Swimlane is a leader in security orchestration, automation and response (SOAR). By automating time-intensive, manual processes and operational workflows and delivering powerful, consolidated analytics, real-time dashboards and reporting from across your security infrastructure, Swimlane maximizes the incident response capabilities of over-burdened and understaffed security operations. Swimlane was founded to deliver scalable, innovative and flexible security solutions to organizations struggling with alert fatigue, vendor proliferation and chronic staffing shortages. Swimlane is at the forefront of the growing market for security automation and orchestration solutions that automate and organize security processes in repeatable ways to get the most out of available resources and accelerate incident response. -
38
Splunk SOAR
Splunk
Splunk SOAR (Security Orchestration, Automation, and Response) is a powerful platform that enables organizations to streamline and automate their security operations. It integrates with various security tools and systems, allowing teams to automate repetitive tasks, orchestrate workflows, and respond to incidents faster. With Splunk SOAR, security teams can create playbooks that automate incident response processes, reducing the time to detect, investigate, and resolve security threats. The platform also offers advanced analytics, real-time threat intelligence, and collaboration tools to enhance decision-making and improve overall security posture. By automating routine tasks and enabling more efficient use of resources, Splunk SOAR helps organizations respond to threats with greater speed and accuracy, minimizing risks and enhancing cybersecurity resilience. -
39
Ordr Platform
Ordr
Automatically identify, classify, and locate all network-connected devices and systems. Within a few hours of deployment—via network tap or SPAN—we passively discover high-fidelity information about every connected device including make, location, serial number, and application/port usage. This visibility is provided in real time for any new connected device and can be integrated with asset inventory solutions. Understand vulnerabilities, recalls, weak passwords or certificates associated with every device. Ordr also provides deep insight into device utilization so teams can ensure data-driven moves, adds, and changes as teams scale their capacity. These device insights are also critical to determine the longevity of certain devices, and allows teams to schedule maintenance tickets and support procurement decisions. We automatically group fleet devices, and monitor usage for tracking and comparison purposes. We also integrate with identity systems like Active Directory. -
40
Claroty
Claroty
Powered by our Continuous Threat Detection (CTD) and Secure Remote Access (SRA) solutions, our platform provides a full range of industrial cybersecurity controls that integrate seamlessly with your existing infrastructure, scale effortlessly, and have the industry's lowest total cost of ownership (TCO). The comprehensive industrial cybersecurity controls our platform provides revolve around the REVEAL, PROTECT, DETECT, CONNECT framework. Our platform's features empower you to achieve effective industrial cybersecurity, regardless of where you are on your industrial cybersecurity journey. The Claroty Platform is deployed across multiple industries, each with unique operational and security needs. Effective industrial cybersecurity starts with knowing what needs to be secured. Our platform removes the barriers that limit industrial networks from securely connecting to what enables the rest of the business to operate and innovate with an acceptable level of risk. -
41
ThreatQ
ThreatQuotient
Threat intelligence platform - ThreatQ, to understand and stop threats more effectively and efficiently your existing security infrastructure and people need to work smarter, not harder. ThreatQ can serve as an open and extensible threat intelligence platform that accelerates security operations through streamlined threat operations and management. The integrated, self-tuning threat library, adaptive workbench and open exchange allow you to quickly understand threats, make better decisions and accelerate detection and response. Automatically score and prioritize internal and external threat intelligence based on your parameters. Automate aggregation, operationalization and use of threat intelligence across all systems and teams. Improve effectiveness of existing infrastructure by integrating your tools, teams and workflows. Centralize threat intelligence sharing, analysis and investigation in a threat intelligence platform all teams can access. -
42
PassiveTotal
RiskIQ
RiskIQ PassiveTotal aggregates data from the whole internet, absorbing intelligence to identify threats and attacker infrastructure, and leverages machine learning to scale threat hunting and response. With PassiveTotal, you get context on who is attacking you, their tools and systems, and indicators of compromise outside the firewall—enterprise and third party. Investigation can go fast, really fast. Find answers quickly with over 4,000 OSINT articles and artifacts. Along with 10 years of mapping the internet, RiskIQ has the deepest and broadest security intelligence on earth. By absorbing web data like Passive DNS, WHOIS, SSL, hosts and host pairs, cookies, exposed services, ports, components, and code. With curated OSINT and proprietary security intelligence, you can see everything—from every angle—on the digital attack surface. Take charge of your digital presence and combat threats to your organization. -
43
TruSTAR
TruSTAR
TruSTAR's cloud-native Intelligence Management platform transforms intelligence from third-party providers and historical events for seamless integration and accelerated automation across core detection, orchestration and response tools. TruSTAR transforms your intelligence for seamless integration and actionable automation across your ecosystem of teams and tools. TruSTAR is platform agnostic. Get investigation context and enrichment inside your mission-critical security tools. Our Open API enables you to connect to any application, anytime. Automate detection, triage, investigation, and dissemination workflows from a single endpoint. Managing intelligence in enterprise security is about managing data to drive automation. TruSTAR normalizes and prepares intelligence for orchestration, significantly reducing playbook complexity. Spend less time wrangling data, and more time catching bad guys. The TruSTAR platform has been designed to provide maximum flexibility. -
44
ARIA SDS Packet Intelligence
ARIA Cybersecurity Solutions
The ARIA Packet Intelligence (PI) application gives OEMs, service providers, and security professionals a better way to use SmartNIC technology to support two important use cases: advanced packet-level network analytics and cyber-threat detection, response, and containment. Network analytics: ARIA PI provides complete visibility into all network traffic and feeds valuable analytics data to packet delivery accounting tools, quality of service systems, and SLA monitoring applications. All of this helps companies provide better service and maximize revenues tied to usage-based billing. Cyber-threat detection, response, and containment: ARIA PI also feeds metadata to threat detection tools for complete visibility into all network traffic, including east-west data flows. This improves the effectiveness of existing security solutions, such as SIEMs and IDS/IPS tools, and gives security teams a better way to detect, respond, contain, and remediate even the most advanced cyber threats. -
45
Recorded Future
Recorded Future
Recorded Future is the world’s largest provider of intelligence for enterprise security. By combining persistent and pervasive automated data collection and analytics with human analysis, Recorded Future delivers intelligence that is timely, accurate, and actionable. In a world of ever-increasing chaos and uncertainty, Recorded Future empowers organizations with the visibility they need to identify and detect threats faster; take proactive action to disrupt adversaries; and protect their people, systems, and assets, so business can be conducted with confidence. Recorded Future is trusted by more than 1,000 businesses and government organizations around the world. The Recorded Future Security Intelligence Platform produces superior security intelligence that disrupts adversaries at scale. It combines analytics with human expertise to unite an unrivaled variety of open source, dark web, technical sources, and original research. -
46
SecLytics Augur
SecLytics
Conventional TIPs alert you about threats when they are already knocking at your network door. SecLytics Augur uses machine learning to model the behavior of threat actors and create adversary profiles. Augur identifies the build-up of attack infrastructure and predicts attacks with high-accuracy and low false positives before they even launch. These predictions are fed to your SIEM or MSSP via our integrations to automate blocking. Augur builds and monitors a pool of more than 10k adversary profiles, with new profiles identified daily. Augur identifies threats before day zero and levels the playing field by removing the element of surprise. Augur discovers and protects against more potential threats than conventional TIPs. Augur detects the buildup of cybercriminal infrastructure online before attack launch. The behavior of infrastructure acquisition and setup is both systematic and characteristic. -
47
Proofpoint Identity Threat Defense
Proofpoint
In an ever-changing hybrid world, your organization depends on its employees, their virtual identities, and the endpoints they operate on to build and protect its assets. Threat actors have found unique ways to move laterally across your cloud environments by exploiting such identities. You need an innovative and agentless identity threat detection and response solution to discover and remediate modern identity vulnerabilities—a key part of today’s attack chain. Proofpoint Identity Threat Defense, previously Illusive, gives you comprehensive prevention and visibility across all your identities so you can remediate identity vulnerabilities before they become real risks. You can also detect any lateral movements in your environments and activate deception to ensure threat actors are stopped in action before they gain access to your corporate assets. It doesn’t get better than knowing you can prevent modern identity risks and stop real-time identity threats in action, all in one place. -
48
DatAnswers
Varonis
Easily respond to data subject access requests by surfacing personal information across cloud and on-prem files with fast and powerful search. Find any file with personal data in seconds with Varonis’ purpose-built search engine. We instantly surface and collect the information you need for DSARs, right to be forgotten, or e-discovery—all with super lean infrastructure. Our DSAR form uses sophisticated logic on the backend to ensure you get high-fidelity results, so you can avoid false positives (and fines). Keep a pulse on how much data you’ve indexed and any failed documents so that you always know the scope of your searches. Sensitive data creation doesn’t stop and privacy regulations are ever-evolving. Privacy automation can help you stay ahead. Easily see where you have overexposed PII with dynamic dashboards that highlight privacy issues. Reduce the risk of breaches and fines by monitoring for unauthorized access to sensitive information and restricting access to least privilege. -
49
Cofense Triage
Cofense
Cofense Triage™ accelerates phishing email identification and mitigation. Improve your response time with integration and automation. We use Cofense Intelligence™ rules and an industry-leading spam engine to automatically identify and analyze threats. And our robust read/write API lets you integrate intelligent phishing defense into your workflow, so your team can focus their efforts and protect your organization. We know stopping phish isn’t always straightforward. That’s why Cofense Triage™ makes it easy to get on-demand help from the experts. They’re just one click away, anytime. Our Threat Intelligence and Research Teams continually update our library of YARA rules, making it easier for you to identify emerging campaigns and improve response time. And the Cofense Triage Community Exchange allows you to crowd-source phishing email analysis and threat intelligence, so you’re never on your own. -
50
Antigena Network
Darktrace
The Darktrace Immune System is the world’s leading autonomous cyber defense platform. Its award-winning Cyber AI protects your workforce and data from sophisticated attackers, by detecting, investigating and responding to cyber-threats in real time — wherever they strike. The Darktrace Immune System is a market-leading cyber security technology platform that uses AI to detect sophisticated cyber-threats, from insider threat and criminal espionage, to ransomware and nation-state attacks. Analogous to the human immune system, Darktrace learns the ‘digital DNA’ of the organization, and constantly adapts to changing environments. Self-learning, self-healing security has arrived. Machine-speed attacks like ransomware are simply too fast for humans to deal with. Autonomous response takes the burden off the security team, responding 24/7 to fast-moving attacks. AI that fights back.