Alternatives to OSSEC
Compare OSSEC alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to OSSEC in 2026. Compare features, ratings, user reviews, pricing, and more from OSSEC competitors and alternatives in order to make an informed decision for your business.
-
1
Blumira
Blumira
Empower Your Current Team to Achieve Enterprise-Level Security An all-in-one solution with SIEM, endpoint visibility, 24/7 monitoring, and automated response to reduce complexity, increase visibility and speed up time to respond. We handle the security heavy lifting, so you get time back in your day. With out-of-the-box detections, pre-filtered alerts, and response playbooks, IT teams can achieve real security value with Blumira. Quick Deployment, Immediate Results: Integrates with your tech stack and fully deploy, with no warm-up period, in hours All-You-Can-Eat Data Ingest: Predictable pricing and with unlimited data logging for full-lifecycle detection Compliance Made Easy: 1 year data retention included, pre-built reports, and 24/7 automated monitoring 99.7% CSAT Support: Solution Architects for product support, the Incident Detection and Response Team creating new detections, and 24/7 SecOps support -
2
AdRem NetCrunch
AdRem Software
NetCrunch is a powerful, scalable, all-in-one network monitoring system built for modern IT environments. It supports agentless monitoring of thousands of devices, covering SNMP, servers, virtualization (VMware, Hyper-V), cloud (AWS, Azure, GCP), traffic flows (NetFlow, sFlow), logs, and custom data via REST or scripts. With 670+ monitoring packs and dynamic views, it automates discovery, configuration, alerting, and automates self-healing actions for efficient remote remediation in response to alerts. Its node-based licensing eliminates sensor sprawl and complexity, providing a clear, cost-effective path to scale. Real-time dashboards, policy-driven setup, advanced alert tuning and 40+ alert actions including remote script execution, service restart, process kill or device reboot-make NetCrunch ideal for organizations replacing legacy tools like PRTG, SolarWinds, or WhatsUp Gold. Fast to deploy and future-proof. Can be installed on-prem, self-hosted in the cloud, or mixed. -
3
ManageEngine EventLog Analyzer
ManageEngine
ManageEngine EventLog Analyzer is an on-premise log management solution designed for businesses of all sizes across various industries such as information technology, health, retail, finance, education and more. The solution provides users with both agent based and agentless log collection, log parsing capabilities, a powerful log search engine and log archiving options. With network device auditing functionality, it enables users to monitor their end-user devices, firewalls, routers, switches and more in real time. The solution displays analyzed data in the form of graphs and intuitive reports. EventLog Analyzer's incident detection mechanisms such as event log correlation, threat intelligence, MITRE ATT&CK framework implementation, advanced threat analytics, and more, helps spot security threats as soon as they occur. The real-time alert system alerts users about suspicious activities, so they can prioritize high-risk security threats. -
4
CimTrak Integrity Suite
Cimcor
Securing your enterprise against internal and external threats is key to meeting compliance standards and regulations. CimTrak’s change management, auditing, and reporting capabilities allow private and public companies to meet or exceed even the most rigorous compliance mandates. From PCI, SOX, HIPAA, CIS, NIST, and many more, CimTrak has you covered. File and System Integrity monitoring helps protect your critical files from changes, whether malicious or accidental, that can take down your critical IT infrastructure, threaten critical data, or cause non-compliance with regulations such as PCI. Change is inevitable in the IT environment. CimTrak delivers integrity monitoring, proactive incident response, change control, and auditing capabilities in one easy to use and cost-effective file integrity monitoring tool. -
5
CrowdStrike Falcon
CrowdStrike
CrowdStrike Falcon is a cloud-native cybersecurity platform that provides advanced protection against a wide range of cyber threats, including malware, ransomware, and sophisticated attacks. It leverages artificial intelligence (AI) and machine learning to detect and respond to threats in real time, offering endpoint protection, threat intelligence, and incident response capabilities. The platform uses a lightweight agent that continuously monitors endpoints for signs of malicious activity, providing visibility and protection without significant impact on system performance. Falcon’s cloud-based architecture ensures fast updates, scalability, and rapid threat response across large, distributed environments. Its comprehensive security features help organizations prevent, detect, and mitigate potential cyber risks, making it a powerful tool for modern enterprise cybersecurity. -
6
osquery
osquery
osquery is an operating system instrumentation framework for Windows, OS X (macOS), and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive. Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process. Our build infrastructure ensures that newly introduced code is benchmarked and tested. We perform continuous testing for memory leaks, thread safety, and binary reproducibility on all supported platforms.Starting Price: Free -
7
Atomicorp Enterprise OSSEC
Atomicorp
Atomic Enterprise OSSEC is the commercially enhanced version of the OSSEC Intrusion Detection System brought to you by the sponsors of the OSSEC project. OSSEC is the world’s most popular open source host-based intrusion detection system (HIDS) used by tens of thousands of organizations. Atomicorp extends OSSEC with a management console (OSSEC GUI), advanced file integrity management (FIM), PCI compliance auditing and reporting, expert support and more. - Intrusion Detection - File Integrity Monitoring - Log Management - Active Response - OSSEC GUI and Management - OSSEC Compliance Reporting - PCI, GDPR, HIPAA, and NIST compliance - Expert OSSEC Support Get expert support for OSSEC servers and agents as well as help developing OSSEC rules. More info on Atomic Enterprise OSSEC is available at: https://www.atomicorp.com/atomic-enterprise-ossec/ -
8
Rapid7 Incident Command
Rapid7
Rapid7 Incident Command is an AI-powered next-generation SIEM designed to deliver unified visibility and faster threat response across modern attack surfaces. It brings together logs, telemetry, asset context, and threat intelligence into a single, actionable view across cloud, SaaS, endpoints, and hybrid environments. Incident Command uses AI-driven behavioral detections and alert triage to cut through noise and surface the threats that matter most. Every alert is enriched with exposure, vulnerability, asset risk, and third-party intelligence to guide decisive action. Built-in SOAR automation and guided AI response workflows help reduce dwell time and accelerate containment. The platform supports advanced investigations with natural language search, attack path reconstruction, and MITRE ATT&CK alignment. Rapid7 Incident Command enables security teams to scale their SOC with speed, clarity, and confidence. -
9
LevelBlue USM Anywhere
LevelBlue
Elevate your security with LevelBlue USM Anywhere, an advanced open XDR platform designed to scale with your evolving IT landscape and growing business needs. Combining sophisticated analytics, robust security orchestration, and automation, USM Anywhere offers built-in threat intelligence for quicker and more precise threat detection, as well as streamlined response coordination. Its flexibility is unmatched, with extensive integrations—referred to as BlueApps—that enhance its detection and orchestration across hundreds of third-party security and productivity tools. These integrations also enable you to trigger automated and orchestrated responses effortlessly. Begin your 14-day free trial now and discover how our platform simplifies cybersecurity. -
10
WZSysGuard
WZIS Software Pty Ltd
It's for Linux/AIX/Solaris/MacOS/FreeBSD, has the more reliable FIM function, and more effective Intrusion Detection, plus commands execution protection against software-based key-stealing attacks. WZSysGuard is a robust UNIX/Linux intrusion detection and file integrity verification software that offers advanced protection for your system. Unlike other tools, it reduces false alarms and ensures complete coverage of security-sensitive files. WZSysGuard uses a SHA 384-bit checksum algorithm to detect file changes, even those made through non-filesystem interfaces, such as during maintenance when the system is booted from a DVD or network. It not only detects critical file changes but also identifies new filesystem mounts, network services, and kernel module loads. With a web-based security trap detection interface, WZSysGuard provides a comprehensive security solution that works with minimal overhead and maximum accuracy. -
11
FileVantage
CrowdStrike
Gain central visibility into all critical file changes with relevant, intuitive dashboards displaying valuable information on what changes, who changed it, and how the files and folders were changed. FileVantage provides IT staff additional context with added threat intelligence and detection data. Staff can quickly target file change data with any relevant adversary activity. Oversee all file changes with summary and detailed view dashboards - reduce alert fatigue by quickly targeting changes to critical files and systems. See unauthorized modifications to all relevant critical system, configuration and content files. Use pre-defined and custom policies to gain added efficiency and reduce alert volume. Create new policies based on all critical files, folders and registries, as well as users and processes. -
12
Gain real-time, file-level control of risks for accurate monitoring and compliance with a single agent and central dashboard. Continuously monitor critical assets for changes across diverse cloud and on-premises environments of all sizes, including large global enterprises. Prioritize alerts and reduce noise with threat intelligence from Trusted Sources and File Reputation context. Includes File Access Management (FAM) to trigger alerts when critical host files, not intended for regular use, are accessed. Also, agentless network device support to alert on network configuration deviations. Pre-configured monitoring profiles to comply with PCI DSS 4.0, NERC CIP, FISMA, SOX, NIST, HIPAA 2023, CIS18, GDPR, and more.
-
13
CA Compliance Event Manager
Broadcom
Non-compliance can result in out-of-control costs and a serious impact to the bottom line. CA Compliance Event Manager helps you establish continuous data security and compliance. Gain deeper insight into your enterprise’s risk posture, protect your business, and comply with the regulations using advanced compliance management tooling. Monitor users, security settings, and system files and alert to changes and suspicious activity for complete oversight of your security systems and data. Get real-time notifications to proactively address potential threats. Filter critical security events and forward to SIEM platforms for a holistic view of your security infrastructure. Reduce costs by minimizing the number of security alerts undergoing real-time analysis. Inspect the source of incident with detailed audit and compliance information for deeper insights into your risk posture. -
14
Chainkit
Chainkit
Go beyond static File Integrity Monitoring (FIM). Automate integrity in motion and at rest—in real-time. With eXtended Integrity Monitoring (XIM) from Chainkit. Chainkit detects threats faster and in real-time, which in turn reduces the amount of time that undetected attacks linger in your data. Chainkit dramatically increases the visibility of attacks within your data. It detects anti-forensic tampering techniques that attackers use to evade detection. Chainkit seeks out malware hidden within your data and provides full transparency on tampered logs. Chainkit preserves the integrity of artifacts required by forensic investigators. Chainkit enhances attestation for ISO, NIST and related log or audit trail compliance requirements. Chainkit can help you reach and maintain compliance for all security compliance regulations. We provide customers with a more comprehensive audit-readiness posture.Starting Price: $50 per month -
15
Snort
Cisco
Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious network activity and uses those rules to find packets that match against them and generates alerts for users. Snort can be deployed inline to stop these packets, as well. Snort has three primary uses: As a packet sniffer like tcpdump, as a packet logger — which is useful for network traffic debugging, or it can be used as a full-blown network intrusion prevention system. Snort can be downloaded and configured for personal and business use alike. Once downloaded and configured, Snort rules are distributed in two sets: The “Community Ruleset” and the “Snort Subscriber Ruleset.” The Snort Subscriber Ruleset is developed, tested, and approved by Cisco Talos. Subscribers to the Snort Subscriber Ruleset will receive the ruleset in real-time as they are released to Cisco customers. -
16
Unitrends Security Manager
Unitrends
Over 70% of all cyber security incidents are caused by internal security threats – misconfigurations, unauthorized logins, gaps in backup – that no firewall or anti-virus app can prevent. Attackers can capitalize on internal gaps to steal data and wreak havoc undetected. Stop them in their tracks with Unitrends Security Manager, which alerts you to threats before hackers gain a foothold. Unitrends Security Manager scans your servers, data, and network every 24 hours and automatically alerts you to internal threats. Alerts are aggregated in an easy-to-use report that can be sorted by priority/severity, or by the type of issue. Alert reports can be sent to your choice of emails, including your ticketing system. Unitrends Security Manager uses “smart tags,” a feature that allows it to adapt to each unique client. Smart tags enrich the detection system by adding information about specific users, assets, and settings. -
17
Senseon
Senseon
Senseon’s AI Triangulation thinks like a human analyst to automate the process of threat detection, investigation and response, increasing your team’s efficiency. Displace the need for multiple security tools with one cohesive platform, providing complete visibility across the entire digital estate. Accurate detection and alerting enable IT and security teams to cut through the noise and focus on genuine threats, helping you achieve ‘inbox zero’. Senseon’s unique ‘AI Triangulation’ technology emulates how a human security analyst thinks and acts to automate the process of threat detection, investigation and response. By looking at the behaviours of users and devices from multiple perspectives, pausing for thought and learning from experience, Senseon provides accurate and context-rich alerts. These automated capabilities free security teams from the burden of exhaustive analysis, alert fatigue and false positives. -
18
Assuria ALM-FIM
Assuria
Monitor selected critical files, folders, and registry keys (especially those that should rarely change in normal operations) for any changes that could represent risk. Discover all of your installed packages and automatically monitor, report and alert on changes. Package monitoring is driven by policy templates allowing selective reporting and alerting of key changes. ALM FIM can store the old and new contents of changed text files and registry keys to identify and assess the exact changes that have occurred and reverse them if required. ALM-FIM collects and stores metadata about files, folders, and registry keys to provide monitoring services. Metadata collected includes details such as check-sum of the contents, size, permissions, change time, links, and other details. -
19
Suricata
Suricata
The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats. With standard input and output formats like YAML and JSON integrations with tools like existing SIEMs, Splunk, Logstash/Elasticsearch, Kibana, and other database become effortless. Suricata’s fast paced community driven development focuses on security, usability and efficiency. The Suricata project and code is owned and supported by the Open Information Security Foundation (OISF), a non-profit foundation committed to ensuring Suricata’s development and sustained success as an open source project. -
20
Deep Discovery Inspector
Trend Micro
Deep Discovery Inspector is available as a physical or virtual network appliance. It’s designed to quickly detect advanced malware that typically bypasses traditional security defenses and exfiltrates sensitive data. Specialized detection engines and custom sandbox analysis detect and prevent breaches. Organizations are increasingly becoming victims of targeted ransomware when advanced malware bypasses traditional security, encrypts data, and demands payment to release the data. Deep Discovery Inspector uses known and unknown patterns and reputation analysis to detect the latest ransomware attacks, including WannaCry. The customized sandbox detects mass file modifications, encryption behavior, and modifications to backup and restore processes. Security professionals are flooded with threat data coming from numerous sources. Trend Micro™ XDR for Networks helps prioritize threats and provide visibility into an attack. -
21
SecurityHQ
SecurityHQ
SecurityHQ is a world leading independent Managed Security Service Provider (MSSP), that detects, and responds to threats, instantly. As your security partner, we alert and act on threats for you. Gain access to an army of analysts that work with you, as an extension of your team, 24/7, 365 days a year. Receive tailored advice and full visibility to ensure peace of mind, with our Global Security Operation Centres. Utilize our award-winning security solutions, knowledge, people, and process capabilities, to accelerate business and reduce risk and overall security costs. Most Popular Services: Managed Detection and Response (MDR) Endpoint Detection and Response (EDR) Managed Extended Detection and Response (XDR) Vulnerability Management Services Managed Firewall Digital Forensics & Incident Response Managed Network Detection and Response (NDR) Penetration Testing CISO as a Service -
22
Varonis Data Security Platform
Varonis
The most powerful way to find, monitor, and protect sensitive data at scale. Rapidly reduce risk, detect abnormal behavior, and prove compliance with the all-in-one data security platform that won’t slow you down. A platform, a team, and a plan that give you every possible advantage. Classification, access governance and behavioral analytics combine to lock down data, stop threats, and take the pain out of compliance. We bring you a proven methodology to monitor, protect, and manage your data informed by thousands of successful rollouts. Hundreds of elite security pros build advanced threat models, update policies, and assist with incidents, freeing you to focus on other priorities. -
23
Dragos Platform
Dragos
The Dragos Platform is the most trusted industrial control systems (ICS) cybersecurity technology–providing comprehensive visibility of your ICS/OT assets and the threats you face, with best-practice guidance to respond before a significant compromise. Built by practitioners for practitioners, the Dragos Platform ensures your cybersecurity team is armed with the most up-to-date defensive tools to combat industrial adversaries, codified by our experts on the front lines every day hunting, combatting, and responding to the world’s most advanced ICS threats. The Dragos Platform analyzes multiple data sources including protocols, network traffic, data historians, host logs, asset characterizations, and anomalies to provide unmatched visibility of your ICS/OT environment. The Dragos Platform rapidly pinpoints malicious behavior on your ICS/OT network, provides in-depth context of alerts, and reduces false positives for unparalleled threat detection.Starting Price: $10,000 -
24
Netwrix Threat Prevention
Netwrix
Audit and block any ad changes, authentications, or requests. Monitor and prevent unwanted and unauthorized activities in real-time for Active Directory security and compliance. For years, organizations have struggled to obtain contextual, actionable intelligence from their critical Microsoft infrastructure to address security, compliance, and operational requirements. Even after filling SIEM and other log aggregation technologies with every event possible, critical details get lost in the noise or are missing altogether. As attackers continue to leverage more sophisticated methods to elude detection, the need for a better way to detect and control changes and activities that violate policy is vital to security and compliance. Without any reliance on native logging, Netwrix Threat Prevention is able to detect and optionally prevent any change, authentication, or request against Active Directory in real-time and with surgical accuracy. -
25
UTMStack
UTMStack
Complete visibility over the entire organization from a centralized management dashboard. All solutions in the stack are fully integrated with each others and report to a central database. This facilitates daily tasks such as monitoring, investigations and incident response. Active and passive vulnerability scanners for early detection, with of the box reports for compliance audits. Track and manage accounts access and permission changes. Get alerted when suspicious activity happens. Remotely manage your environment and respond to attacks right from your dashboard. Keep track of changes and access to classified information. Protect endpoints and servers with advanced threat protection.Starting Price: $25 per device per month -
26
Detect the undetectable and stop evasive attacks. Trellix Network Detection and Response (NDR) helps your team focus on real attacks, contain intrusions with speed and intelligence, and eliminate your cybersecurity weak points. Keep your cloud, IoT, collaboration tools, endpoints, and infrastructure safe. Automate your responses to adapt to the changing security landscape. Integrate with any vendor—and improve efficiency by surfacing only the alerts that matter to you. Minimize the risk of costly breaches by detecting and preventing advanced, targeted, and other evasive attacks in real time. Discover how you can take advantage of actionable insights, comprehensive protection, and extensible architecture.
-
27
ExtraHop RevealX
ExtraHop Networks
Fight advanced threats with a covert defense. ExtraHop eliminates blindspots and detects threats that other tools miss. ExtraHop gives you the perspective you need to understand your hybrid attack surface from the inside out. Our industry-leading network detection and response platform is purpose-built to help you rise above the noise of alerts, silos, and runaway technology so you can secure your future in the cloud. -
28
FortiGuard IPS Service
Fortinet
The AI/ML-powered FortiGuard IPS Service provides near-real-time intelligence with thousands of intrusion prevention rules to detect and block known and suspicious threats before they ever reach your devices. Natively integrated across the Fortinet Security Fabric, the FortiGuard IPS Service delivers industry-leading IPS performance and efficiency while creating a coordinated network response across your broader Fortinet infrastructure. The FortiGuard IPS Service provides rich IPS capabilities like deep packet inspection (DPI) and virtual patching to detect and block malicious traffic entering your network. In both standalone IPS and converged next-generation firewall deployments, the innovative FortiGuard IPS Service is based on a modern, efficient architecture, making performance in even the largest data centers reliably consistent. With FortiGuard IPS Service deployed as part of your broader security infrastructure, Fortinet is able to deploy new intrusion prevention signatures. -
29
Samhain
Samhain Design Labs
Samhain is an open-source, host-based intrusion detection system (HIDS) that provides file integrity checking and log file monitoring/analysis, as well as port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as a standalone application on a single host. Beltane is a web-based central management console for the Samhain file integrity/intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. -
30
TrueFort
TrueFort
Attackers will always find a way in. Insulate your environment against spreading compromise by enforcing a positive security model that curbs lateral movement. TrueFort gives security teams the scalable workload protection platform they need to secure hybrid environments. Next-gen firewalls and IP address-based controls are completely ineffective in modern infrastructure. Whether your workloads execute in the cloud, in virtual infrastructure, or on physical servers, TrueFort protects against advanced attacks with workload hardening, integrity monitoring, detection and response, and identity-based segmentation. Only TrueFort combines environment-wide security observability with real-time response, service account behavior analytics, file integrity monitoring, and CIS-certified hardening and file integrity monitoring that highlights differences between file and binary versions. -
31
Armor Anywhere
Armor Cloud Security
Whether your data is stored in a cloud environment (private, public, or hybrid) or you’re hosting it onsite, Armor will keep it safe. We’ll help you zero in on real threats and filter out the rest with powerful analytics, workflow automation, and a team of experts working day and night. When (not if) there is an attack, we don’t just send an alert. Our Security Operations Center experts are on it immediately, guiding your security team on how to respond and resolve the problem. Our solutions prefer open source software and open frameworks, and cloud-native implementations freeing you from conventional provider lock-in. Our IaC-based continuous deployment model easily integrates into your existing DevOps pipeline, or we can manage the stack for you. We aim to empower your business by making security and compliance accessible, understandable, and easy to implement and maintain. -
32
Carbon Black App Control
Broadcom
Carbon Black App Control is a robust application control solution designed to prevent malware, ransomware, and other unauthorized applications from running on endpoints. It enables organizations to enforce security policies by only allowing trusted applications to execute, reducing the risk of cyber threats and improving endpoint security. With its centralized management console, Carbon Black App Control provides visibility and control over the applications running in an organization, ensuring that all software complies with security policies. This solution offers real-time protection and detailed reporting capabilities, allowing IT teams to easily detect and respond to security incidents. -
33
Orbit Intrusion Detection System
Professional Computer Solutions
Orbit™ Intrusion Detection is a hardened Intrusion Detection System that will assist you in seeing what traffic is going on inside or outside your network. It was developed in response to the lack of visibility into what is happening on our client’s networks. Without this visibility, security threats can persist on the network for months or longer and potentially leading to costly downtime and recovery. Traditional IDS systems are extremely expensive, requiring dedicated personnel to monitor, maintain and respond to the system. By utilizing commodity hardware and open source software, we provide a system that is able to work as a “smoke detector” on the network at a cost that does not require the “all-in” commitment of a full-fledged IDS system. Our offering fills the gap and makes this technology accessible by small to midsize businesses. -
34
Telesoft CERNE
Telesoft
With the rise in the global datasphere only set to accelerate with the advances in IoT and 5G technology, the cyber threat landscape will also continue to grow. Our intrusion detection system, the CERNE, helps protect, secure and guard our customers from attack. The CERNE provides real-time monitoring and historical intrusion detection capabilities helping security analysts detect intrusions, identify suspicious activity and monitor network security by storing IDS alert traffic while reducing unnecessary storage. The Telesoft CERNE combines a high rate 100Gbps IDS engine with an automated record of relevant network traffic for real-time and historical threat investigation and digital forensics. CERNE continuously scans and captures network packets and only stores traffic associated with an IDS alert, discarding all other traffic, giving an analyst rapid access to critical packets up to 2.4 seconds before an event. -
35
Netwrix Change Tracker
Netwrix
Netwrix Change Tracker provides critical and fundamental cyber security prevention and detection. It does this by leveraging the required security best practice disciplines of system configuration and integrity assurance combined with the most comprehensive and intelligent change control solution available. Netwrix Change Tracker will ensure that your IT systems remain in a known, secure and compliant state at all times. Netwrix Change Tracker includes context-based File Integrity Monitoring and File Whitelisting to assure all change activity is automatically analyzed and validated. Complete and certified CIS and DISA STIG configuration hardening ensures all systems remain securely configured at all times and, coupled with the most intelligent change control technology, provides unparalleled change noise reduction along with the ultimate reassurance that the changes occurring within your production environment are consistent, safe and as required. -
36
Fidelis Halo
Fidelis Security
Fidelis Halo is a unified, SaaS-based cloud security platform that automates cloud computing security controls and compliance across servers, containers, and IaaS in any public, private, hybrid, and multi-cloud environment. With over 20,000 pre-configured rules and more than 150 policy templates that cover standards such as PCI, CIS, HIPAA, SOC, and DISA STIGs for IaaS services, Halo’s extensive automation capabilities streamline and accelerate workflows between InfoSec and DevOps. The comprehensive, bi-directional Halo API, developer SDK, and toolkit automate your security and compliance controls into your DevOps toolchain to identify critical vulnerabilities so they can be remediated prior to production. The free edition of Halo Cloud Secure includes full access to the Halo Cloud Secure CSPM service for up to 10 cloud service accounts across any mix of AWS, Azure, and GCP, at no cost to you, ever. Sign up now and start your journey to fully automated cloud security!Starting Price: Free -
37
Tripwire
Fortra
Cybersecurity for Enterprise and Industrial Organizations. Protect against cyberattacks with the industry’s best foundational security controls. Detect threats, identify vulnerabilities and harden configurations in real time with Tripwire. Thousands of organizations trust Tripwire Enterprise to serve as the core of their cybersecurity programs. Join them and regain complete control over your IT environment with sophisticated FIM and SCM. Shortens the time it takes to catch and limit damage from threats, anomalies, and suspicious changes. Gives you deep, unparalleled visibility into your security system state and know your security posture at all times. Closes the gap between IT and security by integrating with both teams' existing toolsets. Out-of-the-box platforms and policies enforce regulatory compliance standards. -
38
Anuta ATOM
Anuta Networks
Accelerate your automation journey with Anuta ATOM. Monitoring & Closed-Loop Automation for Multi-Vendor Networks. Automate and Monitor your multi-vendor network with one single integrated solution. Anuta ATOM supports all major vendors, including Cisco, Juniper, Arista, F5 and many more. Didn’t find the network vendor you are looking for? Anuta ATOM’s super extensible framework enables a quick turnaround time of 2-6 weeks for vendor addition. IPAM, ITSM tools, or public cloud integrations – ATOM supports it all. ATOM supports tight integration to ecosystem vendors to enhance your network automation. Ensure network compliance with ATOM’s remediation capabilities. ATOM offers accurate configurations for non-compliant policies pushed on-demand or scheduled to keep your network 100% compliant. Run on-demand & scheduled multi-vendor compliance checks to understand your configuration consistency. Use ATOM to run compliance checks against a group of devices or a region. -
39
NSFOCUS NGIPS
NSFOCUS
NSFOCUS goes beyond signature and behavior-based detection, using cutting edge Intelligent Detection advanced intelligence heuristics learning technology for network and application threat detection. NGIPS also combines AI with state-of-the-art threat intelligence to detect malicious sites and botnets. An optional virtual sandboxing capability can be added to the NGIPS system using the NSFOCUS Threat Analysis System. The TAS uses multiple innovative detection engines to identify known and zero-day APTs, including IP reputation engines, anti-virus engines, static and dynamic analysis engines and virtual sandbox execution mimicking live hardware environments. The NSFOCUS NGIPS combines intrusion prevention, threat intelligence and an optional virtual sandboxing capability to effectively address known, unknown, zero-day and advance persistent threats. -
40
SolarWinds Security Event Manager
SolarWinds
Improve your security posture and quickly demonstrate compliance with a lightweight, ready-to-use, and affordable security information and event management solution. Security Event Manager (SEM) will be another pair of eyes watching 24/7 for suspicious activity and responding in real time to reduce its impact. Virtual appliance deployment, intuitive UI, and out-of-the-box content means you can start getting valuable data from your logs with minimal expertise and time. Minimize the time it takes to prepare and demonstrate compliance with audit proven reports and tools for HIPAA, PCI DSS, SOX, and more. Our licensing is based on the number of log-emitting sources, not log volume, so you won’t need to be selective about the logs you gather to keep costs down.Starting Price: $3800 one-time fee -
41
iSecurity Firewall
Raz-Lee Security
iSecurity Firewall is a comprehensive, all-inclusive intrusion prevention system that secures every type of internal and external access to the IBM i server. It enables you to easily detect remote network accesses and, most importantly, implement real-time alerts. Firewall manages user profile status, secures entry via pre-defined entry points and IBM i file server exit points, and profiles activity by time. Its “top-down” functional design and intuitive logic creates a work environment that even iSeries novices can master in minutes. Protects all communication protocols (including SQL, ODBC, FTP, Telnet, SSH, and Pass-through). Intrusion Prevention System (IPS) with real-time detection of access attempts. Precisely controls what actions users may perform after access is granted – unlike standard firewall products. Protects both native and IFS objects – all of your databases are secured. -
42
Stop new and unknown attacks with signature-based and signature-less intrusion prevention systems. Signature-less intrusion detection finds malicious network traffic and stops attacks where no signatures exist. Support network virtualization across private and public cloud platforms to scale security and evolve with changing IT dynamics. Scale hardware performance to speeds up to 100 Gbps and leverage data from multiple products. Find stealthy botnets, worms, and reconnaissance attacks hiding across the network landscape. Collect flow data from switches and routers and integrate with Network Threat Behavior Analysis to correlate unusual network behavior. Discover and block advanced threats on-premises, in virtual environments, software-defined data centers, and private and public clouds. Gain east-west network visibility and threat protection across virtualized infrastructure and data centers.
-
43
Venusense IPS
Venusense
It contains Venustech’s accumulation and research results in intrusion attack identification, making it reach the international leading level in precise blocking. It can actively block a variety of in-depth attack behaviors such as network worms, spyware, Trojan horse software, overflow attacks, database attacks, advanced threat attacks, and brute force, which makes up for the lack of in-depth defense effects of other security products. Venusense IPS constantly updates detection capability through features, behaviors, sandboxes, and algorithms, while maintaining the advantages of traditional IPS, it defends against advanced persistent attacks (such as unknown malicious files, unknown Trojan horse channels), 0 day attacks, sensitive information leakage behaviors, precision attacks, enhanced anti-WEB scanning, etc. -
44
CrowdSec
CrowdSec
CrowdSec is a free, open-source and collaborative IPS to analyze behaviors, respond to attacks & share signals across the community, outnumbering cybercriminals all together. Set up your own intrusion detection system. Apply behavior scenarios to identify cyber threats. Share and benefit from a crowdsourced and curated cyber threat intelligence system. Define the type of remediation you want to apply and where. Leverage the community’s IP blocklist and automate your security. CrowdSec is designed to run seamlessly on virtual machines, bare-metal servers, containers or to be called directly from your code with our API. Our strength comes from our cybersecurity community that is burning cybercriminals’ anonymity. By sharing IP addresses that aggressed you, you help us curate and redistribute a qualified IP blocklist to protect everyone. CrowdSec is 60x faster than tools like Fail2ban and can parse massive amounts of logs in no time. -
45
Corelight
Corelight
Corelight brings you the power of Zeek without Linux issues, NIC problems, or packet loss. Deployment takes minutes, not months. After all, your top people should be threat hunting, not troubleshooting. The most capable platform for understanding and protecting your network is built on open source. You'll have open access to your metadata and the ability to customize and extend your capabilities — together with a vibrant community. We’ve built the leading team of Zeek experts and contributors, and have assembled a world-class support team that continually delights customers with their unparalleled knowledge and fast response times. Proactive, secure, and automatic—when you enable Corelight Dynamic Health Check your Corelight Sensor sends performance telemetry back to Corelight to proactively monitor for things like disk failures or abnormal performance metrics that could indicate a problem. -
46
BluVector Advanced Threat Detection
BluVector
Accurately and efficiently detect, triage and respond to threats including ransomware, fileless malware and zero-day malware in real-time. Born to leverage machine learning for advanced threat detection, BluVector has invested over nine years developing our next-generation NDR, BluVector Advanced Threat Detection. Backed by Comcast, our advanced threat detection solution empowers security teams to get real answers about real threats, allowing businesses and governments to operate with confidence that their data and systems are protected. Meets every enterprises' needs to protect mission-critical assets with flexible deployment options and broad network coverage. Reduce overhead costs while increasing operational efficiency by prioritizing actionable events with context. Adds the network visibility and context that analysts need on malicious events to successfully provide comprehensive threat coverage. -
47
CloudJacketXi
SECNAP
CloudJacketXi, a Flexible Managed Security-as-a-Service Platform. Our service offerings can be personalized to your organization’s needs whether you are an established enterprise or a start-up SMB. We specialized in a flexible cybersecurity and compliance offering. Our services; serve clients in many verticals such as education, legal, medical, hospitality, government, and manufacturing. Here is a quick overview of the different layers of protection that can be customized to suit your organizations needs. Flexible Layers: Our flexible security-as-a-service platform allows for a layered approach where you can choose exactly what your organization needs. Intrusion Prevention System; Intrusion Detection System; Security Information and Event Management; Internal Threat Detection; Lateral Threat Detection; Vulnerability Management; Data Loss Prevention. All Monitored and Managed by SOC. -
48
Intrusion
Intrusion
In cybersecurity, speed is critical, and Intrusion helps you understand your environment’s biggest threats, fast. See the real-time list of all blocked connections, drill down on an individual connection to see more details like why it was blocked, risk level, etc. An interactive map shows you what countries your business is communicating with the most. Quickly see which devices have the most malicious connection attempts to prioritize remediation efforts. If an IP is trying to connect, you’ll see it. Intrusion monitors traffic bidirectionally in real time, giving you full visibility of every connection being made on your network. Stop guessing which connections are actual threats. Informed by decades of historical IP records and reputation in the global threat engine, it instantly identifies malicious or unknown connections in your network. Reduce cyber security team burnout and alert fatigue with autonomous real-time network monitoring and 24/7 protection. -
49
Atomic ModSecurity Rules
Atomicorp
Atomic ModSecurity Rules is a comprehensive WAF rule set with hundreds of ModSecurity WAF rules to protect applications against web attacks and is fully backed by expert support. WAF Rules to Strengthen ModSecurity Against: - SQL injection - Cross-site scripting - Cross-site request forgery - Encoding abuse - Protocol abuse - Unicode and UTF-8 attacks - HTTP smuggling - Path recursion - Web spam - Shells - And much more * Atomicorp developed the first ModSecurity rule set and maintains the largest number of active WAF rules that support server types from Tomcat and Nginx to IIS, LightSpeed and Apache. * Atomic ModSecurity Rules are the most comprehensive WAF rule set in the industry, have the highest level of quality and are fully backed by expert support. ****** More info: https://www.atomicorp.com/atomic-modsecurity-rules/ ******* -
50
Security Auditor
Core Security (Fortra)
Simplified security policy management and file integrity monitoring software. Security Auditor centralizes security administration across your cloud, on premise, or hybrid environment. Our agentless technology allows you to quickly enforce security policy adherence and mitigate the risks of security misconfiguration, a leading cause of data breaches. Security Auditor automatically protects new systems as they come online and continuously monitors those systems, identifying any configuration settings that don’t match your requirements. You'll be notified of any policy exceptions and can make changes yourself from an easy-to-use, web-based console, which simplifies tasks and compliance reporting requirements. Or if you prefer more automation, you can run the FixIt function and let Security Auditor do the work for you. Security Auditor simplifies the identification and security configuration for your elastic cloud infrastructure.
