Cybersecurity spending is expected to reach $1 trillion over the next five years, according to the most recent Cybersecurity Ventures Cybersecurity Market Report. This has raised the demand for security vendors, opening the door for new startup companies and growth for well-known firms.
However, just as there is no one-size-fits-all when it comes to security needs, cybersecurity vendors have different types of expertise, ranging from email security to anti-virus software to cloud security. Choosing the right vendor involves recognizing where your greatest cybersecurity requirements are and finding the best fit.
Beyond selecting a company, get a better understanding of how to prevent cybercrime by reading our guide to cyberthreat prevention. We explain how to reduce your risk of information loss, deal with employees leaving to join a competitor, and manage your data on the Internet or in the cloud.
We also have qualified user-generated reviews for these areas of security:
- Vulnerability management
- Endpoint protection
- SIEM (Security Information and Event Management)
- Cloud security
- Mobile security
Here we've highlighted the top 50 companies from the Cybersecurity 500 for the first quarter of 2017. See methodology.
1. root9B (HUNT & Cyber Operations)
root9B is a dynamic provider of cyber security and advanced technology training capabilities, operational support and consulting services. root9B’s personnel are internationally recognized and trusted providers of advanced cyber solutions, satisfying requirements for missions and enterprises globally, dedicated to the delivery of solutions and services based on technical innovation and professional excellence.
2. Herjavec Group (Information Security Services)
Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 and it quickly became one of North America’s fastest-growing technology companies, delivering managed security services globally supported by state-of-the-art, PCI compliant Security Operations Centres (SOC), operated 24/7/365 by certified security professionals. This expertise is coupled with a leadership position across a wide range of functions including compliance, risk management, networking and incident response.
3. Forcepoint (Cloud, Mobility & IoT Security)
Forcepoint (previously Raytheon | Websense) was created to empower organizations to drive their business forward by safely embracing transformative technologies – cloud, mobility, Internet of Things (IoT), and others – through a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies involved in managing a collection of point security products.
4. EY (Cybersecurity Consulting & Advisory)
EY has an integrated perspective on all aspects of organizational risk, and cybersecurity is a key area of focus, where EY is an acknowledged leader in the current landscape of mobile technology, social media and cloud computing. EY provides services in six core pillars with over 160 unique cyber offerings - including Cyber Digital & Analytics, Cyber Defense & Response, Cyber Strategy & Architecture, Cyber Operations (Cyber-as-a-Service), Cyber Governance & Compliance and Cyber Technology & Innovation.
5. Mimecast (Email Security)
Mimecast delivers cloud-based email management for Microsoft Exchange, including archiving, continuity and security. By unifying disparate and fragmented email environments into one holistic solution that is always available from the cloud, Mimecast minimizes risk and reduces cost and complexity, while providing total end-to-end control of email.
6. FireEye (Advanced Threat Protection)
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyberattacks. These highly sophisticated cyberattacks easily circumvent traditional signature- based defenses, such as next-generation firewalls, IPS, anti-virus and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyberattacks in real time.
7. Lockheed Martin (Cybersecurity Solutions & Services)
At Lockheed Martin, cyber security begins with the customer’s mission and requirements and ends with a security solution that is integrated, proactive and resilient.
8. Sophos (Anti-Virus & Malware Protection)
Sophos helps organizations keep their data safe and stop the growing number of complex threats. It provides a full range of endpoint, encryption, email, web and NAC products, helping customers protect their businesses and meet compliance needs.
9. Symantec (Endpoint, Cloud & Mobile Security)
Founded in 1982, Symantec has evolved to become the global leader in cyber security, with more than 11,000 employees in more than 35 countries. Operating one of the world’s largest cyber intelligence networks, it sees more threats, and protects more customers from the next generation of attacks. Symantec helps companies, governments and individuals secure their most important data wherever it lives.
10. Sera- Brynn (Cyber Risk Management)
Sera-Brynn is a globally recognized cybersecurity audit and advisory firm dedicated to helping its clients secure their computing environments and meet applicable mandatory industry and government compliance requirements in the most economic and efficient manner possible. In addition to PCI, FFIEC, HIPAA, NERC, GDPR and other standards, security professionals are global leaders in developing, documenting and implementing FISMA, NIST, and DoD compliance requirements across a broad range of civilian and Department of Defense federal agencies and DoD support organizations.
11. Clearwater Compliance (Risk Management and Compliance)
Clearwater Compliance, LLC, focuses on helping health care organizations and their service providers improve patient safety and the quality of care by assisting them to establish, operationalize and mature their information risk management programs. Led by veteran, C-suite health care executives, Clearwater provides comprehensive, by-the-regs software and tools, educational events, and expert professional/advisory services for health care organizations ranging from major health care systems, hospitals, health plans and Fortune 100 companies, to medical practices and health care startups.
12. IBM Security (Enterprise IT Security Solutions)
IBM integrated security intelligence protects businesses around the world. New technological capabilities come with new vulnerabilities. How do you keep up with attacks when there is a shortage of IT security skills and rising costs to secure your data? How fast can you address an attack when your solutions aren’t integrated? IBM offers a deep enterprise security portfolio customized to a company’s needs.
13. Cisco (Threat Protection & Network Security)
Cisco security innovations provide highly secure firewall, web, and email services while helping to enable mobility and teleworking.
14. Gigamon (Data Center & Cloud Security)
Gigamon provides an intelligent Visibility Fabric architecture for enterprises, data centers and service providers around the globe. Its technology empowers infrastructure architects, managers and operators with pervasive and dynamic intelligent visibility of traffic across both physical and virtual environments without affecting the performance or stability of the production network. Through patented technologies and centralized management, the Gigamon GigaVUE portfolio of high availability and high density products intelligently delivers the appropriate network traffic to management, analysis, compliance and security tools.
15. BAE Systems (Cybersecurity Risk Management)
Consulting services help clients to prepare for cyberattacks by understanding and managing cyber exposure, enabling them to make informed investment decisions and to put pragmatic, cost-effective protection in place.
16. Digital Defense (Managed Security Risk Assessment)
Founded in 1999, Digital Defense, Inc., is a premier provider of managed security risk assessment solutions protecting billions in assets for small businesses to Fortune companies in over 65 countries. A dedicated team of experts helps organizations establish an effective culture of security and embrace the best practices of information security. Through regular assessments, awareness education and rapid reaction to potential threats, clients become better prepared to reduce risk and keep their information, intellectual property and reputations secure.
17. Rapid7 (Security Data & Analytics Solution)
Rapid7's IT security solutions deliver visibility and insight that help to make informed decisions, create credible action plans, monitor progress, and simplify compliance and risk management. Over 2,500 enterprises use Rapid7's simple, innovative solutions and its free products are downloaded over one million times per year and enhanced by more than 200,000 open source security community members.
18. Thycotic (Privileged Account Management)
Thycotic deploys smart, reliable IT security solutions that empower companies to control and monitor privileged account credentials and identity access for administrators and end users. An Inc. 5000 company, Thycotic is recognized as the fastest growing privileged management vendor in IT security and one of the top 30 fastest growing companies headquartered in Washington, DC.
19. DFLabs (Automated Incident & Breach Response)
DFLabs is a Technology and Services company, specializing in Cyber Security Incident and Data Breach Response. Its mission is eliminating the complexity of Cyber Security Incident and Data Breach, reducing reaction time and risk exposure. In other words Cyber Incidents under Control. IncMan NG is the cutting edge technology platform for managing and responding to cyber incidents and sharing intelligence. IncMan has been created for SOC and CSIRT orchestration, and it is currently being used by many Fortune 100/1000, and Financial Services Institutions worldwide.
20. CyberArk (Cyber Threat Protection)
CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the world’s leading companies — including more than 35 percent of the Fortune 100 companies — to protect their highest-value information assets, infrastructure and applications.
21. Palo Alto Networks (Threat Detection & Prevention)
Palo Alto Networks, Inc. has pioneered the next generation of network security with an innovative platform that allows you to secure your network and safely enable an increasingly complex and rapidly growing number of applications. At the core of this platform is a next-generation firewall, which delivers visibility and control over applications, users and content within the firewall using a highly optimized hardware and software architecture.
22. Proofpoint (Security-as-a-Service)
Proofpoint, Inc. helps the most successful companies in the world protect and govern their most sensitive business data. Proofpoint is an innovative security-as-a-service vendor that delivers data protection solutions that help organizations protect their data from attack and enable them to effectively meet the complex and evolving regulatory compliance and data governance mandates that have been spawned from highly publicized data breaches.
23. Code Dx (Software Vulnerability Management)
Find, prioritize and manage software vulnerabilities – fast and affordably. Code Dx is a software vulnerability management system that brings together static and dynamic code analysis to quickly find and manage vulnerabilities in the code you write, in the languages you use, at a price you can afford. By correlating and consolidating the results of hybrid application testing techniques – static, dynamic and manual – Code Dx helps find the most severe and exploitable vulnerabilities first. Code Dx accelerates the vulnerability discovery and remediation process.
24. Nexusguard (Cloud Enabled DDoS Mitigation)
As a longtime leader in DDoS defense, Nexusguard is at the forefront of the fight against malicious internet attacks, protecting organizations worldwide from threats to their websites, services and reputations. Continually evolving to face new threats as they emerge, it has the tools, insight and know-how to protect clients’ vital business systems no matter what comes their way. The overriding objective is to prevent attacks that disrupt online businesses and enable the use of the internet as intended.
25. Booz Allen (Cybersecurity Solutions & Services)
In a world where everyone is connected, our future is tied to the access, availability and synthesis of information. That’s why Booz Allen has pioneered a multidisciplinary approach to cybersecurity – one that leverages game-changing technologies and standards to maximize security in the digital environment.
26. BT (Security & Risk Management Solutions)
BT provides the full range of cyber security consultancy and services. It can conduct ethical hacking exercises to identify weaknesses, and then undertake continuous vulnerability scanning and threat monitoring. Managed security services enable you to transmit sensitive information around the world using secure document delivery and email. It can implement message scanning and virus protection services, and provide file encryption or public key infrastructure services.
27. RSA (Intelligence Driven Security)
RSA provides more than 30,000 customers around the world with the essential security capabilities to protect their most valuable assets from cyber threats. With RSA’s award-winning products, organizations effectively detect, investigate, and respond to advanced attacks; confirm and manage identities; and ultimately, reduce IP theft, fraud and cybercrime.
28. Kaspersky Lab (Malware & Anti-Virus Solutions)
Kaspersky Lab is one of the fastest growing IT security vendors in the world. The company was founded in 1997 and today it is an international group operating in almost 200 countries and territories worldwide. It has 33 representative territory offices in 30 countries across five continents. Kaspersky Lab has a corporate client base of more than 250,000 companies located around the globe, ranging from small and medium-sized businesses all the way up to large governmental and commercial organizations.
29. Trend Micro (Server, Cloud, and Content Security)
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. With over 25 years of security expertise, it’s recognized as the market leader in server security, cloud security and small business content security.
30. Deloitte (Global Risk Management Services)
With the proliferation of internet-enabled devices, cyber culture is growing more rapidly than cyber security. Everything that depends on cyberspace is potentially at risk. Private data, intellectual property, cyber infrastructure, and even military and national security can be compromised by deliberate attacks, inadvertent security lapses, and the vulnerabilities of a relatively immature, unregulated global Internet. Working hand-in-hand with member firm clients, Deloitte helps organizations plan and execute an integrated cyber approach to harness the power of information networks to enhance business operations, increase mission performance, and improve customer support, without compromising security or privacy.
31. Carbon Black (Endpoint & Server Security Platform)
Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals to shift the balance of power back to security teams. Only Carbon Black continuously records and centrally retains all endpoint activity, making it easy to track an attacker’s every action, instantly scope every incident, unravel entire attacks and determine root causes.
32. PwC (Cybersecurity Consulting & Advisory)
Cybersecurity is more than an IT challenge — it’s a business imperative. New technologies, well-funded and determined adversaries, and interconnected business ecosystems have combined to increase your exposure to cyberattacks. Your critical digital assets are being targeted at an unprecedented rate and the potential impact to your business has never been greater. What’s at risk? The theft of research and development information, monetization of credit card data or financial records, rapid replication of product or process, access to strategic or customer information, and the disruption of operational stability. To sufficiently protect your competitive advantage and shareholder value, your approach to cybersecurity must adapt to keep pace.
33. Ziften (Endpoint Threat Detection)
Ziften's groundbreaking solution provides continuous real-time visibility and intelligence, enabling incident prevention, detection and response. Ziften continuously assesses user and device behaviors and highlights anomalies in real time, allowing security analysts to hone in on advanced threats faster and minimize Time To Resolution (TTR). Ziften's Endpoint Detection and Response solution allows organizations to more rapidly determine the root cause of a breach and decide on the necessary corrective actions.
34. BlackBerry (Mobile & Data Security)
Mobility is fundamentally changing the way business gets done. Just enabling devices is not enough. To stay ahead of the curve, you must mobilize your people, processes, apps and information. BlackBerry delivers the world’s most secure, comprehensive mobile solution to address this new imperative, with support for devices running iOS, Android, Windows10, Mac OS X and BlackBerry 10. The BlackBerry platform is trusted by thousands of companies and governments around the world to securely manage apps and files, mobilize business processes, provide secure voice and messaging, and enable mass crisis communications.
35. Check Point Software (Unified Threat Management)
Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. It is committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.
36. Tenable Network Security (Vulnerability Scanning)
Tenable Network Security is relied upon by more than 20,000 organizations, including the entire U.S. Department of Defense and many of the world’s largest companies and governments, to stay ahead of emerging vulnerabilities, threats and compliance-related risks. Its Nessus and SecurityCenter solutions continue to set the standard for identifying vulnerabilities, preventing attacks and complying with a multitude of regulatory requirements.
37. Checkmarx (Software Development Security)
Checkmarx provides the best way for organizations to introduce security into their Software Development Lifecycle (SDLC), which systematically eliminates software risk. The product enables developers and auditors to easily scan un-compiled / un-built code in all major coding languages and identify its security vulnerabilities. Static Code Analysis (SCA) delivers security and the requirement of incorporating security into the software development lifecycle (SDLC). It is the only proven method to cover the entire code base and identify all the vulnerable areas in the software.
38. KnowBe4 (Security Awareness Training)
KnowBe4 has become the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. Thousands of enterprise accounts are using it, 25 percent of which are banks and credit unions. Based on Kevin Mitnick’s 30+ year unique first-hand hacking experience, you now have a tool to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks. With this world-class, user-friendly and effective Internet Security Awareness Training, KnowBe4 provides self-service enrollment, and both pre-and post- training phishing security tests that show the percentage of end users that are Phish-prone.
39. SecureWorks (Managed Security Services)
Dell SecureWorks uses cyber threat intelligence to provide predictive, continuous and responsive protection for thousands of organizations worldwide. Enriched by intelligence from the Counter Threat Unit research team, Dell SecureWorks’ Information Security Services help organizations predict threats, proactively fortify defenses, continuously detect and stop cyberattacks, and recover faster from security breaches.
40. Threat Stack (Cloud Infrastructure Security)
Threat Stack helps you protect your cloud from intrusions and data loss by continuously monitoring and providing insights into your system activity. Securing your cloud shouldn't prevent your business from running fast. The lightweight, cloud-native design takes the hassle out of staying protected. Threat Stack's team of security and operations experts set out to create a product that's simple to deploy, keeps you protected, and gets security out of your way so you can focus on growing your business.
41. Intel Security Group (Anti-Virus, Malware & Threat Protection)
Combining the security expertise of McAfee with the innovation, performance, and trust of Intel. Simplify security with a single platform and unified framework, backed by real-time threat intelligence.
42. Avast (Anti-Virus Protection for MACs)
Going from strength to strength, Avast adds 30 million new users to reach a total of more than 230 million active users worldwide. Avast Mobile Security reaches 100 million downloads faster than any mobile security app in Google Play history, and AV-Comparatives ranks Avast as the most popular mobile security provider in North America, South America, and Europe, and third in Asia. New product launches: Avast 2015, with four new features (Home Network Security, Secure DNS, HTTPS Scanning, and Smart Scan), Avast SecureLine VPN for Android and iOS, Avast GrimeFighter, and Avast Ransomware Removal.
43. Fortinet (Enterprise Security Solutions)
Fortinet protects networks, users and data from continually evolving threats. As a global leader in high-performance network security, it enables businesses to consolidate and integrate stand-alone technologies without suffering performance penalties. Fortinet solutions empower customers to embrace new technologies and opportunities while protecting essential systems and content.
44. Imperva (Data & Applications Security)
Imperva fills the gaps in endpoint and network security by directly protecting high-value applications and data assets in physical and virtual data centers. With an integrated security platform built specifically for modern threats, Imperva data center security provides the visibility and control needed to neutralize attacks from the inside and outside, to mitigate risk and streamline compliance.
45. AT&a mp;T Network Security (Managed Security & Consulting)
AT&T Security Solutions help provide the first line of defense for your network from external and internal attacks. The portfolio of managed and consulting solutions help you take a proactive, comprehensive approach to security, compliance and business continuity.
46. Northrop Grumman (Cyber & Homeland Security Services)
Northrop Grumman is a leading global security company providing innovative systems, products and solutions in unmanned systems, cyber, C4ISR, and logistics and modernization to government and commercial customers worldwide.
47. AlienVault (Threat Detection & Response)
AlienVault is the champion of mid-size organizations that lack sufficient staff, security expertise, technology or budget to defend against modern threats. The Unified Security Management (USM) platform provides all of the essential security controls required for complete security visibility, and is designed to enable any IT or security practitioner to benefit from results on day one.
48. SAS Institute (Fraud & Security Analytics)
SAS Cybersecurity security analytics software uncovers abnormal network behavior to keep you ahead of potential threats. The software’s accurate and continuous security insights help you better manage security risk and improve profitability. Real-time processing of network traffic and business data generates intelligent data. When combined with top-ranked advanced and predictive capabilities and automatic prioritization of suspicious activity, SAS Cybersecurity’s actionable results reduce your mean time to detect an incident.
49. Guidance Software (Endpoint Data Security)
Makers of EnCase, the gold standard in digital investigations and endpoint data security, Guidance provides a mission-critical foundation of applications that have been deployed on an estimated 25 million endpoints and work in concert with other leading enterprise technologies from companies such as Cisco, Intel, Box, Dropbox, Blue Coat Systems and LogRhythm.
50. i- Sprint (Identity & Access Management)
i-Sprint Innovations (i-Sprint) is a premier Identity, Credential and Access Management Solutions provider for global financial institutions and high security sensitive environments. i-Sprint maintains the highest value and reliability rankings among its clients, and is one of the most recognized names in the financial world.
According to Steve Morgan, the research company's founder and CEO, thousands of potential companies were considered by soliciting feedback from CISOs and end-user security practitioners and researching hundreds of security events and news sources.
The companies on this list were evaluated on their security market category, problems solved, customer base, feedback, VC funding, company growth, published reviews, among other factors. The Cybersecurity 500 does not rank companies by revenues, employees, or annual growth. "We didn't think a list of the largest cybersecurity companies would be very useful to our target audience of cyber and IT security decision makers, evaluators, and recommenders," said Morgan. "They already know who the biggest vendors are."
Beyond choosing the best company for your needs, you should know the basics of managing your information assets in this age of cyberespionage.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba