The biggest surprises in this update are that Fortinet and KnowBe4 have moved to the top of the list, ahead of broader IT vendors with a large security practice. Specialization can be a good thing in cybersecurity, as KnowBe4 showed with a $300 million funding round last year.
Cybersecurity vendors were assigned scores based on their annual revenue, range of products, appearance in eSecurity Planet‘s Top Security Vendor lists, Gartner Magic Quadrant reports, Gartner Peer Review ratings, among other rankings. The top 15 vendors are listed below, followed by some honorable mentions.
See our picks for top cybersecurity startups
Fortinet has been steadily building a reputation as one of the top security companies around. Its revenues are increasing at a fast clip, it comes up repeatedly in eSecurity Planet top vendor lists, has high customer satisfaction ratings and does well in analyst ratings. Gartner gave it top place in unified threat management (UTM), and it was named a Leader in next-gen firewalls (NGFW). And the good news and announcements just keep on coming. During the month of December 2019, for example: Fortinet Secure SD-WAN can now scale up to 100,000 SD-WAN sites and has been adopted by more than 21,000 organizations; it has extended the integration of its cloud security portfolio with Google Cloud to offer customers migrating to Google Cloud Platform (GCP) advanced security for workloads and applications; it acquired Security Orchestration, Automation and Response (SOAR) platform provider CyberSponse; and it ranked well in the Gartner MQ for WAN Edge Infrastructure. Its continued momentum earns in top spot.
KnowBe4 is on a rocket ride. A startup getting to Unicorn status (valued at a billion or more) on the back of security training is quite a feat. But constant breaches of organizations large and small, and a trail of victims to ransomware and phishing opened a massive opportunity. This company has risen from Niche Player a couple of years back to being number one in security training, according to Gartner. It is the fastest-growing company in security, highly rated by Cybersecurity Ventures and has great customer satisfaction ratings – the best of all vendors on the list. Since moving to the top of the Gartner MQ tree in its category a few months ago, KnowBe4 hasn’t rested on its laurels. In fact, the company is on a mission to protect users from cybercriminals and employee stupidity. It is forging ahead with new partnerships, top hires from across the industry and an event blitz across the planet to educate users on phishing and other online threats.
Cybersecurity product categories: Cybersecurity awareness training
Cisco’s roots are in networking but by necessity it has expanded into security and storage. Over the years, it has built up a wide range of security products, including firewalls, intrusion prevention systems (IPS), UTM, malware protection and cloud protection. It doesn’t particularly shine on Gartner MQs but is rated as a Challenger in secure web gateways and UTM, and just made it into the Leaders quadrant on NGFW. At the end of 2019, Cisco unveiled a bold new vision for a new, more secure Internet and a new silicon architecture. Known as Cisco Silicon One, it is said to be the only networking silicon architecture of its kind. The company followed that with the release of the Cisco 8000 Series, carrier-class routers built on the new silicon. Coupled with tighter integration and partnerships with AWS, Cisco moves up in the standings.
Cybersecurity product categories: Next-generation firewalls, next-generation intrusion prevention, CASB, web gateway, NAC, advanced malware protection, email security, endpoint security, security management, VPN, security services
Splunk is the darling of the IT Service Management (ITSM) market. But it has expanded from ITSM into security and operations management. The Splunk platform is used by many to perform security analytics and for SIEM. The company came up tops in Gartner’s MQ for SIEM and has good customer satisfaction ratings. It’s taken a good chunk of business from long-term market incumbents and it looks like it will continue to do so for the next few years. A recent surge in its rate of expansion, along with the unveiling of a strong data-to-everything strategy, suggests that it will gather further market share from security incumbents.
Microsoft has quietly built up a large security portfolio. This includes Active Directory for identity and access management, Windows Defender, Azure cloud security services such as Security Center, Key Vault, Azure DDoS Protection, Azure Information Protection and Application Gateway for protecting Web applications. Its position in our rankings comes due to its general strong showing in all areas considered, and its overall analyst rating. Gartner placed Microsoft as top dog in its Magic Quadrants (MQs) for endpoint protection and access management. Cybersecurity Ventures also include Microsoft in its top ten. However, recent issues with end of life notifications related to various Windows systems will place users in jeopardy over the coming years. Therefore, the company has moved down the rankings a little in recent months.
IBM offers plenty of cybersecurity solutions, including Security Information and Event Management (SIEM), orchestration and incident response platform, cloud security and lots more. Part of the problem, though, is that IBM has such a huge portfolio that some of its offerings get lost within the catalog. It also isn’t the fastest in adding updates and customer ratings aren’t great. But it is well rated by analysts (Gartner Leader in access management and managed security services), graded high by Cybersecurity Ventures and comes up continually in eSecurity Planet top product lists. In recent months, it has added IBM Cloud Pak to protect data wherever it resides, adding AI features to its cloud identity solution and teamed up with Nozomi Networks to better secure industrial infrastructure.
Cybersecurity product categories: Security analytics, services, patch management, encryption, SIEM, security orchestration, mobile security, fraud protection, network security, data protection, threat intelligence, application security, endpoint protection, identity and access management, mainframe security
Sophos delivers endpoint protection harnessing artificial intelligence (AI) as well as firewalls and network and cloud security products. It made the Leaders quadrant of Gartner’s MQs for endpoint protection and UTM. It consistently appears on our Top Vendors lists and is building its revenue base. Customer satisfaction ratings, though, need improvement. Recently, it overhauled its managed service provider (MSP) program to make it much easier for MSPs to deploy Sophos products across their customer bases. It also unveiled its Xstream Architecture for its XG Firewall and continues to generate press and earn kudos for how its lab detects impending security threats. And the company is about to be acquired by Thoma Bravo, which should increase its brand awareness in North America.
Cybersecurity product categories: Firewalls, unified threat management, secure web gateway, secure email gateway, security management, anti-phishing, endpoint protection, mobile security, encryption, server security, consumer antivirus and Web filtering
8. Palo Alto Networks
Palo Alto may not have the revenue totals of some of the big boys, but like Fortinet, it is very much on the rise. It offers firewalls, endpoint protection, cloud access and more. It boasts 50,000 customers, including more than 85 of the Fortune 100. Gartner named it top in its NGFW MQ and it has good customer satisfaction ratings. It recently acquired micro-segmentation specialist Aporeto and has developed a closer relationship with Google Cloud. But a few earnings issues and an internal security breach have generated negative press of late.
McAfee has been a major player in security for a long time. It doesn’t seem to dominate any particular slice of the market, but it offers a lot of products that do consistently well in diverse areas. This includes antivirus, identity protection, SIEM (where Gartner names it a Leader), endpoint protection (graded a Visionary by Gartner) and secure web gateways (Gartner Challenger). Its customer satisfaction ratings are decent, too, and it keeps coming up in eSecurity Planet top vendor lists. As well as a closer partnership with Google Cloud, there could well be a merger with Norton on the cards.
Cybersecurity product categories: consumer antivirus and privacy protection, identity theft prevention, IDPS, web gateways, mobile security, enterprise cloud security, data protection, encryption, endpoint security, network security, security management, server security, security analytics, SIEM, web security, consulting, database security
Chipmaker Broadcom has been on a roll for the past year with the acquisition of CA Technologies and Symantec’s enterprise security business. The latter company in particular has been a persistent presence in the top echelon of security vendors for a quarter of a century. It offers enterprise, small business and consumer products. On the enterprise side, this includes endpoint protection, data loss prevention (DLP), web gateways, cloud access, threat intelligence and more. Like Microsoft, Symantec does well in Gartner MQs, tops in secure web gateways and a Leader in endpoint protection and managed security services. It also has decent product satisfaction scores. But it remains to be seen what Broadcom does with the riches it has inherited. Hence, it falls down the standings from our last list.
Cybersecurity product categories: Advanced threat protection, managed services, endpoint security, encryption, web gateway, email security, network security, cloud security, antivirus, identity theft protection, website security, mainframe security
11. Trend Micro
Trend Micro is another big name that has sagged in terms of brand appeal and market dominance. But the company still boasts a big revenue base and a broad array of security solutions that protect more than half a million organizations and a huge number of endpoints. The one area where it excels is in endpoint protection, where Gartner has included it as a Leader for 15 years. Customer satisfaction ratings are okay. However, only being named twice in our Top Vendors lists indicates that it is no longer top of mind on candidate lists for security products. Additionally, Forrester just scored it highest in cloud workload security. With its AWS relationship and the release of a security services platform for organizations building applications in the cloud, Trend Micro is gradually making its way up the standings.
Cybersecurity product categories: hybrid cloud security, intrusion prevention, advanced threat protection, encryption, endpoint security, email security, Web security, SaaS security, IoT security, threat intelligence
12. Check Point
Check Point offers firewall, network security, UTM and other products for enterprises and consumers. It is a Leader in Gartner MQs for UTM and NGFW. Customer satisfaction ratings could be better, but it comes up in eSecurity Planet top vendor lists regularly and has established a sound revenue base. The company continues to up its game with the acquisition of cloud security firm Dome9.
Proofpoint offers email protection, network sandboxing, security awareness training, cloud protection and more. Its only appearance on Gartner MQs is as a Leader in security awareness training. It lags KnowBe4 in that category, but its acquisition of Wombat is a statement that it intends to challenge KnowBe4 in that market. If it can sustain revenue jumps like the 38% gain it made compared to 2017, it is likely to head steadily up the rankings. Most recently, the company made the Leaders quadrant in the latest Gartner MQ for Enterprise Information Archiving, and bought threat management platform vendor ObserveIT.
Cybersecurity product categories: Advanced threat protection, email protection, encryption, data loss prevention, CASB, threat intelligence
Imperva has made three eSecurity Planet Top Vendor lists and its profile is growing. Gartner ranks it far above the competition in web application firewalls and its customer satisfaction scores are very good. If it can sustain this while broadening its product portfolio, it can move higher in the standings. However, a recent setback earned a raft of negative press – hackers found a way around its firewall and customer data was exposed.
15. RSA (Dell Technologies)
RSA has been a subsidiary of Dell for many years. As such, it may be suffering from a lack of attention within the sprawling Dell empire. It made it into the Leader category in only one Gartner MQ (SIEM) and comes up consistently in our Top Vendor lists. But its customer ratings are not that high. This indicates it has strong name recognition, but its product portfolio may be in need of a new lease on life. Further, weaknesses in RSA keys have called into question the security of its platform.
Cybersecurity product categories: SIEM, GRC, threat intelligence, network traffic analysis and forensics, endpoint security, security orchestration, UEBA, malware detection, fraud prevention, identity and access management
The following companies scored well but didn’t quite make our top 15.
- Kaseya (network and infrastructure monitoring, patch management)
- Barracuda (WAF, NGFW, UTM, email security, backup)
- Netskope (CASB)
- Exabeam (security intelligence, analytics)
- FireEye (endpoint and threat detection)
- Darktrace (AI for cyber defense)
- SonicWall (WAF, UTM, NGFW)
- Tanium (endpoint protection)
- LogRhythm (SIEM, UEBA, threat intelligence)
- Micro Focus (SIEM, access management, encryption, patch management)