Finding software can be overwhelming. Software Advice has helped hundreds of companies choose the right security software to maintain IT security and prevent costly cyberattacks.
Showing 1-20 of 79 products
Sort by:
With security becoming a pressing concern for companies of all types, it’s especially important for small businesses to know they have a dependable software security solution. Founded by experts with over 17 years of experience in... Read more
Platforms: MacWinLinux
Deployments: Cloud, On premise
Business Size:
ARALOC is a cloud-based security platform for desktop and mobile devices. It offers mobile security and data loss prevention. The solution is hosted in the Microsoft Azure cloud but can also support the storage of content on private... Read more
Platforms: MacWinLinux
Deployments: Cloud, On premise
Business Size:
Endpoint Protector from CoSoSys is a Data Loss Prevention solution (DLP) for Windows, macOS, Linux and thin clients that protects against unintentional data leaks as well as data theft. It offers control of portable storage devices... Read more
Platforms: MacWinLinux
Deployments: Cloud, On premise
Business Size:
Vault America Cloud Backup & Recovery
Vault America Cloud Backup and Recovery is a cloud-based data loss prevention solution. Primary modules include server backup and recovery, local backup and recovery, active archiving, eDiscovery, email recovery and continuity. It... Read more
Platforms: MacWinLinux
Deployments: Cloud, On premise
Business Size:
Flexivity is a cloud-based security and monitoring solution suitable for small to midsize businesses. It caters to industries including real estate, hospitality, retail, non-profits and banking. Primary features include web filtering,... Read more
Platforms: Mac
Deployments: Cloud, On premise
Business Size:
Malwarebytes Anti-Malware for Business
MalwareBytes Anti-Malware for Business is a cloud-based and on-premise solution that provides malware detection and remediation tools. It provides malicious website blocking, ransomware blocking, exploitation protection and incident... Read more
Platforms: Win
Deployments: On premise
Business Size:
Malwarebytes Endpoint Security
Malwarebytes Endpoint Security is a security solution which provides on-premises threat detection and remediation of endpoints. Key features include asset management, centralized reporting, web protection, exploit mitigation, payload... Read more
Platforms: MacWin
Deployments: On premise
Business Size:
AVG CloudCare is a cloud-based security suite designed for small and midsize businesses (SMBs) and the third party managed security service providers (MSSPs), who can use this tool to manage security on behalf of their clients. AVG... Read more
Platforms: MacWinLinux
Deployments: Cloud, On premise
Business Size:
AVG Internet Security Business Edition
AVG Internet Security Business Edition is a corporate endpoint security solution aimed towards small and midsize business units. Along with full-time antivirus protection, AVG Internet Security Business Edition also offers its users... Read more
Platforms: Win
Deployments: On premise
Business Size:
McAfee Complete Endpoint Protection
McAfee Complete Endpoint Protection—Business by Intel is an on-premise endpoint security solution for businesses of all sizes. It offers anti-malware protection, mobile security, data loss prevention, intrusion detection and prevention... Read more
Platforms: MacWinLinux
Deployments: Cloud, On premise
Business Size:
McAfee Endpoint Protection Advanced for SMB
McAfee Endpoint Protection Advanced is a hybrid security suite for small and midsize businesses (SMBs) that offers them security functionalities such as a firewall to prevent hackers from accessing company networks, anti-malware protection... Read more
Platforms: MacWinLinux
Deployments: Cloud, On premise
Business Size:
McAfee Endpoint Protection Essential for SMB
McAfee Endpoint Protection Essential is a multi-featured security suite, designed for small and midsize businesses (SMBs). The solution offers businesses with a wide array of functionality. A firewall helps keep hackers out of company... Read more
Platforms: MacWinLinux
Deployments: Cloud, On premise
Business Size:
ESET Endpoint Antivirus is an on-premise antivirus solution that provides businesses protection against malware and a remote management tool. Antivirus and antispyware protections utilize ESET’s ThreatSense technology to defend... Read more
Platforms: Win
Deployments: On premise
Business Size:
ESET Endpoint Security is an on-premise anti-malware and security suite for small, midsize and large businesses. Primary functionality includes anti-malware, remote management, endpoint security, file security, firewall, web control... Read more
Platforms: Win
Deployments: On premise
Business Size:
ESET Secure Business is an on-premise anti-malware and security suite for small, midsize and large businesses. Primary functionality includes anti-malware, remote management, endpoint security, file security, firewall, virtualization... Read more
Platforms: MacWinLinux
Deployments: On premise
Business Size:
Avast Endpoint Protection Suite
Avast Endpoint Protection Suite is an antivirus solution for businesses looking to protect both endpoint workstations and file servers. It offers a central management component, which comes in two variants: Small Office Administration,... Read more
Platforms: Win
Deployments: On premise
Business Size:
Avast for Business is a cloud-based endpoint security solution aimed squarely at the busienss user. It provides critical protection to Window PCs and Mac devices along with Mic servers. With Avast for Business, users get a cloud-based... Read more
Platforms: MacWinLinux
Deployments: Cloud, On premise
Business Size:
Avast! Endpoint Protection provides basic and reliable security to small and medium-sized businesses that are targeted by cybercriminals. The softwares’ threat detection network ensures a thorough virus signature database that is... Read more
Platforms: Win
Deployments: On premise
Business Size:
Endpoint Security for Business Core
Kaspersky Endpoint Security for Business Core is an on-premise and cloud-based security solution for small and medium-sized businesses that includes anti-malware, a firewall and a central administration control. It combines signature-based... Read more
Platforms: MacWin
Deployments: On premise
Business Size:
Endpoint Security for Business Select
Kaspersky Endpoint Security for Business Select is on-premise security suite that includes protection and management applications which enable organizations to enforce IT policy, defend against malware attacks and manage overall IT... Read more
Platforms: MacWinLinux
Deployments: On premise
Business Size:
The IT security market is vast, and business owners have a bewildering array of tools to choose from when deciding how to protect themselves against threats. Indeed there are so many different products and such an overlap of functions it can be difficult to make the right choice.
Before investing in the latest amazing security product then, business owners should think carefully about the nature of their business and what it requires. IT security expert Rick Doten stresses that “security is a risk-based approach.” In other words, security decisions should be decided by first understanding the business and identifying the specific threats to that business before selecting the technology to match.
You might assume, for example, that you need an endpoint protection platform because you want visibility into and control over the security of devices on your network. However, the systems you purchase in this type of suite—be it mobile device management, intrusion protection or something else—will depend on the specific needs of your business.
Endpoint protection platforms allow a central administrator to schedule regular security actions such as virus search to be performed across all the devices on a network (Source: Kaspersky Labs)
Not everybody does a proper risk analysis, and many make the mistake of putting the technology first. This can be an expensive—and dangerous—mistake for businesses of any size. Josh Ablett, a senior risk executive and former bank vice president, says: “I’ve been involved in plenty of projects at top tier banks where they’ll end up spending tens of millions of dollars on security software that turns out to not be what they thought they needed.”
So first, prioritize the risks to your business, develop the process to protect against those risks and then select the technology you need carefully. To help you with the latter, we put together this guide to the basics of the IT security market. We’ll begin with an overview of essential security applications, discuss how they’re bundled together and then dive deeper into the various applications creat ed for specific scenarios. Here’s what we’ll cover:
What Is Business Security Software?
Integrated Suites
Protection Against Traffic Risks
Access Management
Threat Intelligence
Pricing Considerations
Best Software Evaluation Tactics
Recent Events You Should Know About
What Is Business Security Software?
IT security terminology is confusing and prone to change. Applications can be sold separately but they are commonly bundled together. Some tools are software based, others are hardware based, and many can be provided as a hosted service. There is also a strong overlap in functionality across different types of product.
However there are a few basic applications which everybody needs, no matter the size or type of business. These are the applications you can expect to hear in answer to the question, "What is business security software?" So now, let’s take a look at the fundamentals of IT Security:
| Firewalls | Firewalls are your basic, first line of defense, and can be either hardware, software or a combination of both. The firewall filters the traffic entering your network and enforces policy on what traffic is allowed in and out. However the conventional firewall is neither perfect, nor very specific. More sophisticated Next Generation Firewalls can analyze which applications your employees are using, and implement much more nuanced and targeted threat prevention based on application-specific data. However, they tend to come loaded with features and not all businesses will need everything a Next Generation Firewall does. |
| Anti-virus/anti-malware | Anti-virus software protects your computer by scanning it for infectious viruses and worms, and quarantining and removing them. However, today’s threats are constantly evolving and are much more sophisticated than they used to be, so although the term anti-virus is still used, it has evolved into the more comprehensive anti-malware, which protects against such dangers as spyware, adware, keylogging, bots and more. |
| Encryption | Encryption is the process by which you make your data incomprehensible to outsiders by, essentially, translating it into a secret code that can only be deciphered with a key. You can encrypt network traffic and the data you store. Encryption is a key part of data security, as even if you suffer a breach, or for instance a laptop or USB is stolen, hackers and thieves will have a much harder time using your data if they cannot read it. |
| Email safety | Spam filtering prevents you from drowning in unsolicited emails. This software or hosted service scrutinizes the emails you receive and analyzes attachments. Spam messages are then deleted, diverted to a special folder or quarantined so you can decide whether to keep or discard them. Secure Email Gateways, which also come as hardware, can scan traffic moving in both directions, and include additional security options such as malware scanning. They prevent attacks at the gateway to your network, rather than waiting for the end user to trigger anti-virus protection. |
Integrated Security Suites
It’s possible to buy your security applications as standalone products and configure and maintain them all yourself. It may also be cheaper, but it does require more advanced IT skills, more time spent monitoring and updating your defenses and it may be a lot to ask of an already busy IT department.
Vendors therefore often bundle tools and sell them as “comprehensive” platforms, frequently with a single controlling console, so one administrator can monitor the system. There is also an option for many vendors to select technology as a hosted service, where the vendor (or third party) hosts and manages the product on your behalf. These platforms might combine all or some of the applications listed above (or even add a few more advanced ones). “Bundled” security offerings include:
Endpoint protection. “Endpoint” is tech talk for any device connected to a network, whether it be a laptop, desktop, tablet or mobile phone. Endpoint Protection Platforms (EPP) are bundled software security suites that are installed on the individual “endpoints” in a network. The precise features differ according to the manufacturer, but usually include anti-virus, anti-malware, a firewall, encryption and intrusion prevention. Some also include mobile device management. EPPs can also include a console for central administration, and are typically priced per license per device.
Unified threat management (UTM). Sometimes referred to as the “Swiss Army Knife of IT security,” a UTM is a piece of hardware or hosted service which contains a Next Generation Firewall and security tools such as anti-virus, anti-spam, a network intrusion prevention system and content filtering, among other possible defenses. UTMs are usually recommended for small/medium businesses, since as organizations grow larger it can be more efficient to split the defensive functions. It’s also important to know that since it is a hardware device that sits on the perimeter of the network, if a threat slips by and attacks an endpoint within the system, the UTM will be unable to prevent it at that point.
Mobile device management. A Mobile Device Management (MDM) solution helps you manage all the mobile devices (such as smartphones and tablets) on a network, exclude unauthorized devices and provide necessary security on those devices which you do approve. This can include managing which network resources specific mobile devices are permitted to access, updates, monitoring and even remotely wiping company data from the device. MDM is included in some Endpoint Protection Platforms.
Protection Against Traffic Risks
If we use an airport as a metaphor, then the firewall is where traffic entering and leaving your network shows its passport. The following set of tools represent the point where it takes off its shoes, walks through a scanner and allows its luggage to be searched. After all, in today’s hyper-connected business environment, traffic is constantly traveling in and out of a network and threats can come from outside—in the form of hackers—but also from inside, simply as a result of employee carelessness.
Secure Web Gateway. Traditionally, a firewall blocks traffic at the network level on the basis of where it comes from, where it is going or what type of traffic it is (for instance web or email). A Secure Web Gateway, while also working at the network level, is more sophisticated. It can delve into the content of that traffic, filtering out application-level traffic, web and URL-specific content and more based on predefined policies and rulesets. For instance, a Secure Web Gateway can determine whether to allow an employee to read a Wikipedia entry on gambling, while simultaneously denying the employee access to gambling sites. They scan inbound and/or outbound Web traffic for suspicious activity, require users to authenticate to access the eb, and can provide detailed logging of how long employees spend on specific websites, such as Facebook. A Secure Web Gateway also protects users against potential malware infections, and controls access to unsupported Web-based applications and potentially dangerous sites (or just company policy violations). Sometimes they are included in Next Generation Firewalls or UTMs, but organizations which have a lot of traffic may find a separate Secure Web Gateway more efficient. They can be used by any size of organization and are available as either hardware or software or hosted service.
Data Loss Prevention (DLP). DLP defends against the loss or theft of confidential data by scrutinizing your outbound traffic, and checking to see whether the sender is allowed to transmit specific data outside of the corporate network, or to a specific recipient. DLP cannot prevent an intrusion, but by determining whether to send, encrypt or prevent the transmission of data, it serves as a crucial defense against hackers who may have gained access to your system, or from authorized users inside your network sending out data that should remain inside.
Intrusion Prevention System (IPS)/Intrusion Detection System (IDS). These systems give enhanced network protection above and beyond the filtering a firewall performs, and help identify and possibly block network-level attacks that pass through the firewall. To extend our airport analogy, a person might have a passport from a trusted country, but that doesn’t mean that he won’t wreak havoc after he gains entry. IDS and IPS differ in that while IDS detects something malicious on the network, an IPS can automatically block that threat, based on rules or policy.
Access Management
Another important aspect of IT security is ensuring that individuals in organizations have appropriate credentials to access the data within the network that they need to see. Access management tools help regulate who has access to what within a network.
Identity Access Management (IAM). IAM software helps businesses manage electronic identities inside a network, authenticating, authorizing and auditing those identities and managing the degree of access each user on the network has to resources. This type of software is more applicable to large enterprises. As IT security expert Tim Singleton points out: “If someone walks into a small business and starts typing on a computer, everyone knows if they are an intruder or not. If that happens at an enterprise, everyone assumes they have a right to be there. So small businesses and large businesses do face different security challenges from that point of view.”
Network Access Controls (NAC). If IAM systems administer access at the employee level, then Network Access Control software helps decide which “endpoints” or devices are allowed onto a network before deciding what degree of access to give each user. These are important in large organizations and/or organizations which permit employees to use their own devices at work. They are also appropriate to networks which are open to guests, and in that context make sure that visitors can only access what they are supposed to.
Threat Intelligence
Finally, although it’s essential to have good defenses, businesses also need to monitor what’s happening inside the computers within their networks. No system of protective defenses is 100 percent foolproof, and these tools can help you detect when and where a breach has occurred so you can effectively respond before it causes harm.
SIEM combines two concepts, Security Information Management (SIM) and Security Event Management (SEM), in order to collate logs and other data from multiple computers, servers and network devices, analyzing it all with the goal of identifying and responding to suspicious activity and potential security events. It's the first system many companies turn to after a security event to understand what happened. It is often implemented to comply with government regulations. It is available as a software solution applicable to all sizes of business, or as a piece of hardware.
Vulnerability scanning software searches for weaknesses inside your system. There are two approaches to vulnerability scanning—you can scan from the outside as if simulating a hacker breaking in; or from the inside to check the inventory and health of your internal computers, serve