62 Integrations with LogRhythm SIEM
View a list of LogRhythm SIEM integrations and software that integrates with LogRhythm SIEM below. Compare the best LogRhythm SIEM integrations as well as features, ratings, user reviews, and pricing of software that integrates with LogRhythm SIEM. Here are the current LogRhythm SIEM integrations in 2026:
-
1
Keeper Security
Keeper Security
Keeper Security is transforming the way people and organizations around the world secure their passwords and passkeys, secrets and confidential information. Keeper’s easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Keeper’s solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations globally, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging. Protect what matters at KeeperSecurity.com.Starting Price: $2.00 per user, per month -
2
Securden Endpoint Privilege Manager
Securden
Securden Endpoint Privilege Manager (EPM) helps enterprises remove admin rights without impacting productivity on Windows, Mac, and Linux endpoints. Securden EPM helps elevate applications for standard users and grant admin rights on a Just-in-Time basis, eliminating standing privileges while maintaining seamless operations. Enforce application control using allowlisting and blocklisting, enable on-demand and policy-based granular application elevation, and manage privileges even on offline endpoints. Capabilities include JIT local admin rights, application usage tracking, and local administrator group monitoring. Secure remote access supports IT helpdesk operations, while built-in controls help meet compliance requirements such as HIPAA, PCI-DSS, GDPR, and NERC-CIP. A highly scalable architecture and wide array of integrations make Securden EPM ideal for securing enterprise endpoints at scale. -
3
AllSecureX
AllSecureX
AllSecureX is an AI-driven cyber risk quantification platform that translates cyber threats into clear business impact measured in real dollars. It provides organizations with a precise risk score and actionable insights without technical jargon, making cybersecurity understandable for executives. The platform leverages AllSecureXGPT for real-time answers to complex security questions and uses predictive modeling through its Pentagon Framework to aid strategic decision-making. Automated protection features reduce manual workload while strengthening defenses using AI, machine learning, and robotic process automation. AllSecureX covers a comprehensive range of security domains, including quantum-safe security, cloud, network, email, and third-party risk monitoring. It helps organizations transform cyber threats into business intelligence and bottom-line protection.Starting Price: $30/month per digital asset -
4
BackBox
BackBox
BackBox offers a simple way to intelligently automate the backup, restoration, and management of all devices on a network by providing centralized management of devices such as firewalls, routers, switches, and load balancers. Each of these devices plays a critical role in the availability and security of an organization’s network, and BackBox ensures they all continue to function effectively and effortlessly, streamlining operations for optimal performance. BackBox provides a foundation to harmonize the configuration between multiple devices, enabling seamless integration, and assuring compliance to organization or industry security policies, standards, or guidelines. IT administrators can easily employ BackBox to track configuration changes and see the deviation with the baseline for compliance validation and remediation. -
5
Validato
Validato
Validato allows IT and Security teams to test the effectiveness of security controls by simulating adversarial behaviors based on known threat scenarios. Validato provides unbiased data and finding on how effective security controls are at detecting and protecting against exploitation of MITRE ATT&CK Techniques. If you are looking to implement a Threat-Informed Defense approach to cyber defense, then Validato is an excellent choice for you.Starting Price: $10,000/year -
6
Varonis Data Security Platform
Varonis
The most powerful way to find, monitor, and protect sensitive data at scale. Rapidly reduce risk, detect abnormal behavior, and prove compliance with the all-in-one data security platform that won’t slow you down. A platform, a team, and a plan that give you every possible advantage. Classification, access governance and behavioral analytics combine to lock down data, stop threats, and take the pain out of compliance. We bring you a proven methodology to monitor, protect, and manage your data informed by thousands of successful rollouts. Hundreds of elite security pros build advanced threat models, update policies, and assist with incidents, freeing you to focus on other priorities. -
7
Carbon Black EDR
Broadcom
Carbon Black Endpoint Detection and Response (EDR) by Broadcom offers a comprehensive solution for detecting, investigating, and responding to cybersecurity threats on endpoints. It utilizes advanced behavioral analysis and machine learning to identify suspicious activities in real time, providing security teams with actionable insights to prevent data breaches and mitigate risks. With its cloud-based architecture, Carbon Black EDR enables continuous monitoring, visibility into endpoint activity, and automated threat response. It’s designed to support organizations of all sizes by improving threat detection, reducing investigation time, and enhancing overall endpoint security. -
8
SIRP
SIRP
SIRP is a no-code risk-based SOAR platform that connects everything security teams need to ensure consistently strong outcomes into a single, intuitive platform. SIRP empowers Security Operations Centers (SOCs), Incident Response (IR) teams, Threat Intelligence teams, and Vulnerability Management (VM) teams through integration of security tools and powerful automation and orchestration tools. SIRP is a no-code SOAR platform with a built-in security scoring engine. The engine calculates real-world risk scores that are specific to your organization for every incident, alert, and vulnerability. This granular approach enables security teams to map risks to individual assets and prioritize response at scale. SIRP makes all security tools and functions available to security teams at the push of a button, saving thousands of hours each year. Design and enforce best practice security processes using SIRP’s intuitive drag-and-drop playbook building module. -
9
Box Shield
Box
Shield lets you classify content your way, both manually and automatically. We're excited to announce our powerful, native capability that identifies PII and custom terms within files, and automatically classifies them based on your policies — helping you protect your data at scale. Placing controls close to your content helps prevent leaks in real time, while powering a frictionless end-user experience. Configure access policies within minutes to keep your data secure while letting people do their mission-critical work. Using machine learning, Shield brings you timely, accurate alerts on insider threats, account compromise, and malware attacks. Quickly evaluate alerts in Shield, or send them to your existing tools for further analysis. Shield works with the best-of-breed security tools you already have in place. Alerts containing more insights than ever before can be integrated with your SIEM and CASB for a unified view.Starting Price: $130 per month -
10
DNSSense
DNSSense
DNSEye detects malicious traffic on your network and reports whether this traffic can be blocked by your other security devices. DNS is used by all protocols like HTTP, HTTPS, SMTP, and IoT. DNS traffic provides information about your entire network, regardless of its network protocol. With DNS tunnelling, data exfiltration attacks cannot be detected by DLP products. It requires DNS log analysis for an effective solution. 80% of malware domains currently do not have an IP address. Malware requests that do not have an IP address can only be detected in the DNS log. DNSservers generate a large number of difficult-to-understand logs. DNSEye enables the collection, enrichment, and AI-based classification of the DNS logs. With its advanced SIEM integration, it saves time and EPS by transferring to SIEM only the data that SOC teams need to see. DNSEye can collect logs from many different brands and models of DNS servers without the need for making any change in your network structure.Starting Price: $1000 -
11
NorthStar Navigator
NorthStar.io, Inc.
NorthStar is redefining Risk-Based Vulnerability Management with simple, contextual vulnerability prioritization for easier remediation. Common challenges NorthStar addresses are listed below: • Prioritize issues that should be addressed first in order to make the best use of limited resources. • Address lingering exposures that could impact critical business services, applications, and data stores. • Bridge the visibility gap and discrepancies that exist between vulnerability assessment and patch management. • Track reduction in risk over time and validate the most important issues are being addressed first. • Deliver a complete view of their environment – all assets, vulnerabilities and exposures. • Eliminate manual processes and unnecessary spreadsheet work.Starting Price: $8 per device -
12
Axonius
Axonius
Axonius gives customers the confidence to control complexity by providing a system of record for all digital infrastructure. With a comprehensive understanding of all assets including devices, identities, software, SaaS applications, vulnerabilities, security controls, and the context between all assets, customers are able to mitigate threats, navigate risk, decrease incident response time, automate action, and inform business-level strategy — all while eliminating manual, repetitive tasks. Recognized as creators of the Cyber Asset Attack Surface Management (CAASM) category and innovators in SaaS Management Platform (SMP) and SaaS Security Posture Management (SSPM), Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically enforce policies and automate action. -
13
Microsoft Defender for IoT
Microsoft
Accelerate digital transformation with comprehensive security across your IoT/OT infrastructure. Microsoft Defender for IoT offers agentless network detection and response (NDR) that is rapidly deployed, works with diverse IoT, OT, and industrial control system (ICS) devices, and interoperates with Microsoft 365 Defender, Microsoft Sentinel, and external security operations center (SOC) tools. Deploy on-premises or via cloud. For IoT device builders, Defender for IoT offers lightweight agents for stronger device-layer security. Use passive, agentless network monitoring to safely gain a complete inventory of all your IoT/OT assets, with zero impact on IoT/OT performance. Analyze diverse and proprietary industrial protocols to visualize your IoT/OT network topology and see communication paths, and then use that information to accelerate network segmentation and zero trust initiatives.Starting Price: $0.001 per device per month -
14
Cyble
Cyble
Cyble is a leading AI-native cybersecurity platform that delivers intelligence-driven defense to help organizations stay ahead of evolving cyber threats. Powered by its Gen 3 Agentic AI, Cyble offers autonomous threat detection, real-time incident response, and proactive defense mechanisms. The platform provides comprehensive capabilities including attack surface management, vulnerability management, brand protection, and dark web monitoring. Trusted by governments and enterprises worldwide, Cyble combines unmatched visibility with scalable technology to keep security teams ahead of adversaries. With advanced AI that can predict threats months in advance, Cyble helps reduce response times and minimize risks. The company also offers extensive research, threat intelligence reports, and personalized demos to support customer success. -
15
Indent
Indent
Good security is necessary, but it doesn't need to be slow or painful, faster access unlocks more revenue. Give on-demand access that’s faster and easier, without frustrating your team. Users request access to apps, managers approve or deny them from Slack, and it's all auditable. End the process of manually cat herding approvals. Every time access is granted, it's a potential security risk. Indent helps teams scale security and least privilege by shifting users to temporary access without slowing down. Automate spreadsheet-based workflows needed for SOC 2, SOX, ISO, and HITRUST with controls and policies baked directly into access request workflows. Only provide access when it's needed instead of issuing permanent access, reducing your license footprint. Indent delivers cost savings without adding friction for end users. When you’re leading a fast-growing company toward success, your team needs to take big risks to deliver big returns.Starting Price: $8 per month -
16
SurePassID
SurePassID
SurePassID is an advanced, deploy-anywhere multi-factor authentication platform built to secure both IT and OT (operational technology) environments, including critical infrastructure, legacy systems, on-premise, air-gapped, hybrid cloud, or fully cloud-based operations. It supports a wide variety of authentication methods; passwordless, phishing-resistant approaches like FIDO2/WebAuthn (with FIDO2 PIN, biometric, or push), as well as one-time passwords (OTP via OATH HOTP/TOTP), mobile push, SMS, voice, and traditional methods. SurePassID integrates with common operating systems, including domain and local logins, RDP/SSH remote access, and even legacy or embedded Windows systems often found in OT/ICS/SCADA environments, enabling offline 2FA when needed. It also supports securing VPNs, network devices, appliances, legacy applications, web apps (via SAML 2.0 or OIDC identity provider functionality), and network-device access protocols.Starting Price: $48 per year -
17
Activu
Activu
Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations and incidents. Our customers automatically see, share, and respond to events in real-time, with context, to improve incident response, decision-making, and management. Activu software, systems, and services benefit the daily lives of billions of people around the world. Founded in 1983 as the first U.S.-based company to develop video wall technology, more than 1,000 control rooms and command centers depend on Activu. The most Intuitive, Flexible, Feature rich wall control on the market. Organize information easily based on specific user needs. Easily create Layouts and Templates based on user needs. Organize, place and even move information across multiple video walls. Organize information assets in easily accessible, searchable Spaces. Support for virtually any information source type. -
18
Dragos Platform
Dragos
The Dragos Platform is the most trusted industrial control systems (ICS) cybersecurity technology–providing comprehensive visibility of your ICS/OT assets and the threats you face, with best-practice guidance to respond before a significant compromise. Built by practitioners for practitioners, the Dragos Platform ensures your cybersecurity team is armed with the most up-to-date defensive tools to combat industrial adversaries, codified by our experts on the front lines every day hunting, combatting, and responding to the world’s most advanced ICS threats. The Dragos Platform analyzes multiple data sources including protocols, network traffic, data historians, host logs, asset characterizations, and anomalies to provide unmatched visibility of your ICS/OT environment. The Dragos Platform rapidly pinpoints malicious behavior on your ICS/OT network, provides in-depth context of alerts, and reduces false positives for unparalleled threat detection.Starting Price: $10,000 -
19
Imperva CDN
Imperva
Deploying your websites and applications around the globe can lead to more cyber attacks and fraud, unless you have effective security. The Imperva Content Delivery Network (CDN) brings content caching, load balancing, and failover built natively into a comprehensive Web Application and API Protection (WAAP) platform, so your applications are securely delivered across the globe. Let machine learning do the work for you. It efficiently caches your dynamically-generated pages, while ensuring content freshness. This significantly improves cache utilization and further reduces bandwidth usage. Take advantage of multiple content and networking optimization techniques to minimize page rendering time and improve user experience. Imperva’s global CDN uses advanced caching and optimization techniques to improve connection and response speeds while lowering bandwidth costs. -
20
Imperva WAF
Imperva
Web application attacks prevent important transactions and steal sensitive data. Imperva Web Application Firewall (WAF) analyzes traffic to your applications to stop these attacks and ensure uninterrupted business operations. A noisy WAF forces you to choose between blocking legitimate traffic or manually containing attacks your WAF let through. Imperva Research Labs ensure accuracy to WAF customers as the threat landscape changes. Automatic policy creation and fast rule propagation empower your security teams to use third-party code without risk while working at the pace of DevOps. Imperva WAF is a key component of a comprehensive Web Application and API Protection (WAAP) stack that secures from edge to database, so the traffic you receive is only the traffic you want. We provide the best website protection in the industry – PCI-compliant, automated security that integrates analytics to go beyond OWASP Top 10 coverage, and reduces the risks created by third-party code. -
21
Imperva DDoS Protection
Imperva
Imperva DDoS Protection secures all your assets at the edge for uninterrupted operation. Ensure business continuity with guaranteed uptime. When it comes to DDoS mitigation, the rule of thumb is: ‘moments to go down, hours to recover’. This is why, when defending against an attack, every second counts. Imperva gives you the peace of mind that attack traffic will be automatically blocked at the edge – without you having to scale up in bandwidth to pay for it. Imperva DDoS Protection for Websites is an always-on service that immediately mitigates any type or size of DDoS attack targeting web applications. Our DDoS protection for websites complements the Imperva cloud web application firewall (WAF), which blocks hacking attempts and attacks by malicious bots. A change to your DNS records ensures that all HTTP/S traffic to your domain(s) is routed through the Imperva network. Acting as a secure proxy, Imperva DDoS protection for websites masks your origin server IP. -
22
Scuba Database Vulnerability Scanner. Download Scuba, a free tool that uncovers hidden security risks. Scan enterprise databases for vulnerabilities and misconfiguration. Know the risks to your databases. Get recommendations on how to mitigate identified issues. Available for Windows, Mac, Linux (x32), and Linux (x64), Scuba offers over 2,300 assessment tests for Oracle, Microsoft SQL, SAP Sybase, IBM DB2 and MySQL. Scuba is a free tool that scans leading enterprise databases for security vulnerabilities and configuration flaws, including patch levels, that allows you to uncover potential database security risks. It includes more than 2,300 assessment tests for Oracle, Microsoft SQL Server, SAP Sybase, IBM DB2 and MySQL. It’s possible to run a Scuba scan from any Windows, Mac or Linux client. Depending on your database size, users, groups and network connection, an average Scuba scan normally takes 2-3 minutes. No pre-installation or other dependencies are required.
-
23
Trustwave DbProtect
Trustwave
A highly scalable database security platform that enables organizations to secure their relational databases and big data stores, both on premises and in the cloud, with a distributed architecture and enterprise-level analytics. Databases contain sensitive and proprietary information, making them a prized target for cybercriminals who are constantly looking for ways to access valuable data for large financial payoffs. Trustwave DbProtect helps your business overcome resource limitations to uncover database configuration errors, access control issues, missing patches, and other weaknesses that could lead to data leakage and misuse and other serious repercussions. A real-time view of database assets, vulnerabilities, risk levels, user privileges, anomalies and incidents via a single intuitive dashboard. The ability to detect, alert and take corrective action against suspicious activities, intrusions and policy violations. -
24
Netwrix Threat Manager
Netwrix
Threat detection software from Netwrix to detect and respond to abnormal behavior and advanced attacks with high accuracy and speed. IT infrastructures are getting more complex and the volume of sensitive information stored there is skyrocketing. At the same time, the threat landscape is evolving rapidly, with attacks becoming more sophisticated and more costly. Improve your threat management processes and know about anything suspicious happening in your network, whether it’s an external attack or an insider threat, with real-time alerts delivered via email or mobile notifications. Maximize the value of your investments and enhance security across the IT ecosystem by sharing data between Netwrix Threat Manager and your SIEM and other security solutions. Respond immediately upon threat detection by taking advantage of the extensive catalog of preconfigured response actions, or by integrating Netwrix Threat Manager with your own business processes using PowerShell or webhook facilities. -
25
Qualys WAS
Qualys
Robust cloud solution for continuous web app discovery and detection of vulnerabilities and misconfigurations. Fully cloud-based, it’s easy to deploy and manage, and scales to millions of assets. WAS finds and catalogs all web apps in your network, including new and unknown ones, and scales from a handful of apps to thousands. With Qualys WAS, you can tag your applications with your own labels and then use those labels to control reporting and limit access to scan data. WAS’ dynamic deep scanning covers all apps on your perimeter, in your internal environment and under active development, and even APIs that support your mobile devices. It also covers public cloud instances, and gives you instant visibility of vulnerabilities like SQLi and XSS. Authenticated, complex and progressive scans are supported. With programmatic scanning of SOAP and REST API services, WAS tests IoT services and APIs used by mobile apps and modern mobile architectures. -
26
GigaSECURE
Gigamon
The GigaSECURE® Security Delivery Platform is a next-generation network packet broker focused on threat prevention, detection, prediction and containment. The right tools get the right traffic at the right time, every time. Enable network security tools to keep up with increasing network speed. Gain insight into network traffic. Optimize and deliver relevant data for tool consumption. Reduce tool sprawl and lower costs. Efficient prevention coupled with rapid detection and containment improves your overall security posture. Threats don't stand a chance. GigaSECURE enables security teams to obtain broad access to and control of network data, no matter where it resides. It can be customized to extract specific application sessions, metadata and decrypted traffic. In this architecture, security tools can operate inline or out-of-band at peak performance without compromising network resiliency or speed. -
27
Barracuda PST Enterprise
Barracuda
PST files are often used by end-users as personal email archives. As a result, they are typically scattered widely across end-user devices and network storage, which makes them notoriously difficult to discover and manage consistently or effectively. Thanks to improvements to Microsoft Exchange and Office 365, your users no longer need to store data locally within PST files. However, legacy PST files still contain important data that you need to bring back under control. Barracuda PST Enterprise is designed specifically to help you address this challenge. You may have many terabytes of data stored in PST files located on end-user devices and on network servers. And these files are notoriously unreliable, since they are often corrupted and easily misplaced. The costs associated with storing, securing, and managing these large files, in terms of both system resources and IT administrative overhead, are significant. -
28
WatchTower Security Management App
Check Point
Monitor your network with Check Point’s WatchTower Security Management app and quickly mitigate security threats on the go with your mobile phone. The intuitive WatchTower Security Management App provides real-time monitoring of network events, alerts you when your network is at risk, enables you to quickly block security threats, and configure the security policy for multiple gateways. View the devices connected to your network and any potential security threats. Real-time notification of malicious attacks or unauthorized device connections. Quickly block malware-infected devices and view infection details for further investigation. Customize notifications for your top-priority security events. View all security events by category and drill down for further information. Configure the security settings for multiple gateways. Manage advanced security policy settings securely via web user interface. -
29
Multi-Domain Security Management
Check Point
Multi-Domain Security Management delivers more security and control by segmenting security management into multiple virtual domains. Businesses of all sizes can easily create virtual domains based on geography, business unit or security function to strengthen security and simplify management. Enable granular and isolated role-based administration of a multi-tenant security management architecture. Single security management configuration for VPN, Firewall, IPS, and other protections. Create, view and control all network security management domains from a single console. Create and centrally manage multiple administrators in the multi-domain security management environments. Give administrators permission to manage specific domains or different aspects of the multi-domain system. Allow multiple administrators to work on different security management domains simultaneously. -
30
GTB Technologies DLP
GTB Technologies
Data Loss Prevention is defined as a system that performs real-time data classification on data at rest and in motion while automatically enforcing data security policies. Data in motion is data going to the cloud, internet, devices, or the printer. Our solution is the technology leader. Protecting on-premises, off-premises, and the cloud whether it be Mac, Linux, or Windows; our Data Loss Prevention security engine accurately detects structured & unstructured data at the binary level. GTB is the only Data Loss Prevention solution that accurately protects data when off the network. Discover, identify, classify, inventory, index, redact, re-mediate, index, control and protect your data including PII, PCI, PHI, IP, unstructured data, structured data, FERC, NERC, SOX, GLBA & more. Our patented and patent-pending, proprietary technology is able to prevent the syncing of sensitive data to unsanctioned or private clouds, while allowing its users to automatically identify “sync folders”. -
31
Network Critical
Network Critical
Network Critical’s scalable and persistent visibility layer optimizes network infrastructure without compromising operations or security. Our solutions and systems are used globally across sectors. Network Critical's visibility layer feeds tools and systems data that are required to monitor and control your network. Network Critical’s scalable and persistent visibility layer feeds tools and systems the crucial network data needed to optimize, monitor, and control changing network infrastructure without compromising operations or security. Network TAPs are the base layer of smart network access and are able to monitor events on a local network. This means complete network visibility is maintained across all network security and monitoring platforms. Provides excellent performance and flexibility, needed to manage tools that are protecting network infrastructure, securing information, and keep up with the ever-changing attack environment. -
32
Monitor your IBM i for critical security events and receive real-time notifications, so you can respond quickly—before important business information is deleted, corrupted or exposed. Send security-related events directly to your enterprise security monitor. Through integration with your security information and event management (SIEM) console, Powertech SIEM Agent simplifies and centralizes security and integrity monitoring. Monitor security-related events from the network, operating system, and any journal or message queue in real-time, including changes to user profiles and system values, invalid login attempts, intrusion detections, and changed or deleted objects. Maintain awareness of every security event on your system in real-time so you never miss a potential security breach. Powertech SIEM Agent for IBM i will provide alerts to ensure critical issues are escalated.
-
33
Code42 Incydr
Mimecast
Incydr gives you the visibility, context and control needed to stop data leak and IP theft. Detect file exfiltration via web browsers, USB, cloud apps, email, file link sharing, Airdrop, and more. See how files are moved and shared across your entire organization, without the need for policies, proxies, or plugins. Incydr automatically identifies when files move outside your trusted environment, allowing you to easily detect when files are sent to personal accounts and unmanaged devices. Incydr prioritizes file activity based on 120+ contextual Incydr Risk Indicators (IRIs). This prioritization works on day 1 without any configuration. Incydr’s risk-scoring logic is use case-driven and transparent to administrators. Incydr uses Watchlists to programmatically protect data from employees who are most likely to leak or steal files, such as departing employees. Incydr delivers a complete range of technical and administrative response controls to support the full spectrum of insider events. -
34
Kroll Cyber Risk
Kroll
We are the world incident response leader. Merging complete response capabilities with frontline threat intelligence from over 3000 incidents handled per year and end-to-end expertise we protect, detect and respond against cyberattacks. For immediate assistance, contact us today. Tackle every facet of today and tomorrow’s threat landscape with guidance from Kroll’s Cyber Risk experts. Enriched by frontline threat intel from 3000+ incidents cases every year, our end-to-end cyber risk solutions help organizations uncover exposures, validate the effectiveness of their defenses, implement new or updated controls, fine-tune detections and confidently respond to any threat. Get access to a wide portfolio of preparedness, resilience, detection and response services with a Kroll Cyber Risk retainer. Get in touch for more info. -
35
Cydarm
Cydarm
Cydarm is a cybersecurity incident response management platform designed to help security operations teams coordinate and manage cyber incidents more effectively across an organization. It supports the full lifecycle of incident response, enabling teams to detect, analyze, investigate, respond to, and report on cybersecurity events within a unified environment. It functions as a secure case management system where alerts from different security tools can be consolidated, investigated, and tracked as incidents, providing visibility into threats occurring across a network. Cydarm integrates with existing security infrastructure such as SIEM systems, messaging tools, authentication platforms, and IT service management solutions, allowing alerts and cases to be created automatically and enabling teams to collaborate through their existing operational tools. -
36
D3 Smart SOAR
D3 Security
D3 Security leads in Security Orchestration, Automation, and Response (SOAR), aiding major global firms in enhancing security operations through automation. As cyber threats grow, security teams struggle with alert overload and disjointed tools. D3's Smart SOAR offers a solution with streamlined automation, codeless playbooks, and unlimited, vendor-maintained integrations, maximizing security efficiency. Smart SOAR's Event Pipeline normalizes, de-dupes, enriches and correlates events to remove false positives, giving your team more time to spend on real threats. When a real threat is identified, Smart SOAR brings together alerts and rich contextual data to create high-fidelity incidents that provide analysts with the complete picture of an attack. Clients have seen up to a 90% decrease in mean time to detect (MTTD) and mean time to respond (MTTR), focusing on proactive measures to prevent attacks. -
37
Swimlane
Swimlane
At Swimlane, we believe the convergence of agentic AI and automation can solve the most challenging security, compliance and IT/OT operations problems. With Swimlane, enterprises and MSSPs benefit from the world’s first and only hyperautomation platform for every security function. Only Swimlane gives you the scale and flexibility to build your own hyperautomation applications to unify security teams, tools and telemetry ensuring today’s SecOps are always a step ahead of tomorrow’s threats. Swimlane Turbine is the world’s fastest and most scalable security automation platform. Turbine is built with the flexibility and cloud scalability needed for enterprises and MSSP to automate any SecOps process, from SOC workflows to vulnerability management, compliance, and beyond. Only Turbine can execute 25 million daily actions per customer, 17 times faster than any other platform, provider, or technology. -
38
Splunk SOAR
Cisco
Splunk SOAR (Security Orchestration, Automation, and Response) is a powerful platform that enables organizations to streamline and automate their security operations. It integrates with various security tools and systems, allowing teams to automate repetitive tasks, orchestrate workflows, and respond to incidents faster. With Splunk SOAR, security teams can create playbooks that automate incident response processes, reducing the time to detect, investigate, and resolve security threats. The platform also offers advanced analytics, real-time threat intelligence, and collaboration tools to enhance decision-making and improve overall security posture. By automating routine tasks and enabling more efficient use of resources, Splunk SOAR helps organizations respond to threats with greater speed and accuracy, minimizing risks and enhancing cybersecurity resilience. -
39
Ordr Platform
Ordr
Automatically identify, classify, and locate all network-connected devices and systems. Within a few hours of deployment—via network tap or SPAN—we passively discover high-fidelity information about every connected device including make, location, serial number, and application/port usage. This visibility is provided in real time for any new connected device and can be integrated with asset inventory solutions. Understand vulnerabilities, recalls, weak passwords or certificates associated with every device. Ordr also provides deep insight into device utilization so teams can ensure data-driven moves, adds, and changes as teams scale their capacity. These device insights are also critical to determine the longevity of certain devices, and allows teams to schedule maintenance tickets and support procurement decisions. We automatically group fleet devices, and monitor usage for tracking and comparison purposes. We also integrate with identity systems like Active Directory. -
40
ThreatQ
ThreatQuotient
Threat intelligence platform - ThreatQ, to understand and stop threats more effectively and efficiently your existing security infrastructure and people need to work smarter, not harder. ThreatQ can serve as an open and extensible threat intelligence platform that accelerates security operations through streamlined threat operations and management. The integrated, self-tuning threat library, adaptive workbench and open exchange allow you to quickly understand threats, make better decisions and accelerate detection and response. Automatically score and prioritize internal and external threat intelligence based on your parameters. Automate aggregation, operationalization and use of threat intelligence across all systems and teams. Improve effectiveness of existing infrastructure by integrating your tools, teams and workflows. Centralize threat intelligence sharing, analysis and investigation in a threat intelligence platform all teams can access. -
41
PassiveTotal
RiskIQ
RiskIQ PassiveTotal aggregates data from the whole internet, absorbing intelligence to identify threats and attacker infrastructure, and leverages machine learning to scale threat hunting and response. With PassiveTotal, you get context on who is attacking you, their tools and systems, and indicators of compromise outside the firewall—enterprise and third party. Investigation can go fast, really fast. Find answers quickly with over 4,000 OSINT articles and artifacts. Along with 10+ years of mapping the internet, RiskIQ has the deepest and broadest security intelligence on earth. By absorbing web data like Passive DNS, WHOIS, SSL, hosts and host pairs, cookies, exposed services, ports, components, and code. With curated OSINT and proprietary security intelligence, you can see everything—from every angle—on the digital attack surface. Take charge of your digital presence and combat threats to your organization. -
42
TruSTAR
TruSTAR
TruSTAR's cloud-native Intelligence Management platform transforms intelligence from third-party providers and historical events for seamless integration and accelerated automation across core detection, orchestration and response tools. TruSTAR transforms your intelligence for seamless integration and actionable automation across your ecosystem of teams and tools. TruSTAR is platform agnostic. Get investigation context and enrichment inside your mission-critical security tools. Our Open API enables you to connect to any application, anytime. Automate detection, triage, investigation, and dissemination workflows from a single endpoint. Managing intelligence in enterprise security is about managing data to drive automation. TruSTAR normalizes and prepares intelligence for orchestration, significantly reducing playbook complexity. Spend less time wrangling data, and more time catching bad guys. The TruSTAR platform has been designed to provide maximum flexibility. -
43
ARIA SDS Packet Intelligence
ARIA Cybersecurity Solutions
The ARIA Packet Intelligence (PI) application gives OEMs, service providers, and security professionals a better way to use SmartNIC technology to support two important use cases: advanced packet-level network analytics and cyber-threat detection, response, and containment. Network analytics: ARIA PI provides complete visibility into all network traffic and feeds valuable analytics data to packet delivery accounting tools, quality of service systems, and SLA monitoring applications. All of this helps companies provide better service and maximize revenues tied to usage-based billing. Cyber-threat detection, response, and containment: ARIA PI also feeds metadata to threat detection tools for complete visibility into all network traffic, including east-west data flows. This improves the effectiveness of existing security solutions, such as SIEMs and IDS/IPS tools, and gives security teams a better way to detect, respond, contain, and remediate even the most advanced cyber threats. -
44
Recorded Future
Recorded Future
Recorded Future is the world’s largest provider of intelligence for enterprise security. By combining persistent and pervasive automated data collection and analytics with human analysis, Recorded Future delivers intelligence that is timely, accurate, and actionable. In a world of ever-increasing chaos and uncertainty, Recorded Future empowers organizations with the visibility they need to identify and detect threats faster; take proactive action to disrupt adversaries; and protect their people, systems, and assets, so business can be conducted with confidence. Recorded Future is trusted by more than 1,000 businesses and government organizations around the world. The Recorded Future Security Intelligence Platform produces superior security intelligence that disrupts adversaries at scale. It combines analytics with human expertise to unite an unrivaled variety of open source, dark web, technical sources, and original research. -
45
ThreatConnect Risk Quantifier (RQ)
ThreatConnect
ThreatConnect RQ is a financial cyber risk quantification solution that allows users to identify and communicate the cybersecurity risks that matter most to an organization in terms of financial impact. It aims to enable users to make better strategic and tactical-level. RQ automates the generation of financial cyber risk reporting as it relates to the business, cybersecurity initiatives, and controls. -
46
SecLytics Augur
SecLytics
Conventional TIPs alert you about threats when they are already knocking at your network door. SecLytics Augur uses machine learning to model the behavior of threat actors and create adversary profiles. Augur identifies the build-up of attack infrastructure and predicts attacks with high-accuracy and low false positives before they even launch. These predictions are fed to your SIEM or MSSP via our integrations to automate blocking. Augur builds and monitors a pool of more than 10k adversary profiles, with new profiles identified daily. Augur identifies threats before day zero and levels the playing field by removing the element of surprise. Augur discovers and protects against more potential threats than conventional TIPs. Augur detects the buildup of cybercriminal infrastructure online before attack launch. The behavior of infrastructure acquisition and setup is both systematic and characteristic. -
47
Proofpoint Identity Threat Defense
Proofpoint
In an ever-changing hybrid world, your organization depends on its employees, their virtual identities, and the endpoints they operate on to build and protect its assets. Threat actors have found unique ways to move laterally across your cloud environments by exploiting such identities. You need an innovative and agentless identity threat detection and response solution to discover and remediate modern identity vulnerabilities—a key part of today’s attack chain. Proofpoint Identity Threat Defense, previously Illusive, gives you comprehensive prevention and visibility across all your identities so you can remediate identity vulnerabilities before they become real risks. You can also detect any lateral movements in your environments and activate deception to ensure threat actors are stopped in action before they gain access to your corporate assets. It doesn’t get better than knowing you can prevent modern identity risks and stop real-time identity threats in action, all in one place. -
48
Check Point Infinity
Check Point
Organizations frequently implement multiple cyber security solutions in pursuit of better protections. As a result, they are frequently left with a patchwork security architecture that results in a high TCO. By adopting a consolidated security approach with Check Point Infinity architecture, businesses realize preemptive protection against advanced fifth-generation attacks, while achieving a 50% increase in operational efficiency and 20% reduction in security costs. The first consolidated security architecture across networks, cloud, mobile and IoT, providing the highest level of threat prevention against both known and unknown cyber-threats. 64 different threat prevention engines blocking against known and unknown threats, powered by threat intelligence. Infinity-Vision is the unified management platform for Check Point Infinity, the first modern, consolidated cyber security architecture built to prevent today’s most sophisticated attacks across networks, cloud, endpoints, etc. -
49
Check Point IPS
Check Point IPS
Intrusion Prevention Systems detect or prevent attempts to exploit weaknesses in vulnerable systems or applications, protecting you in the race to exploit the latest breaking threat. Check Point IPS protections in our Next Generation Firewall are updated automatically. Whether the vulnerability was released years ago, or a few minutes ago, your organization is protected. Check Point IPS delivers thousands of signature and behavioral preemptive protections. Our acceleration technologies let you safely enable IPS. A low false positive rate saves your staff valuable time. Enable IPS on any Check Point security gateway reducing total cost of ownership. On-demand hyperscale threat prevention performance providing enterprises cloud level expansion and resiliency on premises. Provide users with secure, seamless remote access to corporate networks and resources when traveling or working remotely. -
50
Intellicta
TechDemocracy
Intellicta, TechDemocracy’s brain child, is the first of its kind to deliver a holistic assessment of an entity’s cybersecurity, compliance, risk and governance. It is a singular product capable of predicting potential financial liabilities caused by threats posed by vulnerabilities in cyberspace. Intellicta empowers senior, non-technical business decision-makers to understand, evaluate and measure the effectiveness of their existing cybersecurity, governance, risk, and compliance programs. The platform can be customized to meet every company's unique business requirement. It leverages quantifiable metrics based on established models from ISM3, NIST, and ISO, among others to provide solutions. Intellicta boasts of open-source architecture that aggregates and analyzes every facet of an enterprise’s unique ecosystem, so that it can be integrated and monitored continuously. It can extract critical data from cloud-based, on-premises and third-party systems.
