Independent, AI-curated directory of cybersecurity tools. Compare free and paid products by category to find the right defense for your network.
Cloud-native endpoint protection with AI-driven threat detection, automated response, and threat hunting. Market leader in MITRE ATT&CK evaluations.
Autonomous AI-powered endpoint protection with automated threat response and forensic analysis. Minimal manual intervention required.
Integrated endpoint security within Microsoft 365. Free basic antivirus on Windows; advanced EDR features require E5 licensing.
Free, open-source security monitoring platform combining EDR, SIEM, and compliance capabilities. Active community with enterprise support available.
Open-source antivirus engine for detecting trojans, viruses, malware, and threats. Widely used in email gateways and file scanning pipelines.
Layered endpoint protection with risk analytics, ransomware mitigation, and centralized management. Strong value for SMBs.
Market-leading next-gen firewall with advanced threat prevention, URL filtering, and Cortex XDR integration.
High-performance NGFW with integrated IPS, SSL inspection, and SD-WAN. Best price-to-performance ratio in the category.
Powerful open-source firewall and router based on FreeBSD. VPN, IDS/IPS, traffic shaping, and highly configurable. No licensing fees.
The world’s most widely deployed intrusion detection and prevention system. Real-time traffic analysis with extensive rule library.
High-performance network analysis and threat detection engine. Multi-threaded, supports Lua scripting, compatible with Snort rules.
Industry-leading SIEM with powerful search (SPL), extensive integrations, and enterprise-scale log analysis for mature SOC teams.
Open-source SIEM built on Elasticsearch. Built-in detection rules, ML anomaly detection, and case management. Free self-hosted tier.
Cloud-native SIEM with deep Azure integration, automated response via Logic Apps, and pay-as-you-go pricing by data volume.
Free, open-source SIEM with log analysis, intrusion detection, vulnerability detection, and regulatory compliance. Scales to thousands of endpoints.
Open-source log management platform with powerful search, dashboards, and alerting. Simpler alternative to Elastic for centralized logging.
Cloud identity platform with SSO, MFA, lifecycle management, and API access management. Market leader in workforce identity.
Open-source identity and access management with SSO, social login, LDAP/AD integration, and fine-grained authorization.
User-friendly multi-factor authentication. Free tier for up to 10 users, enterprise features for large deployments.
Privileged access management for securing high-risk credentials, secrets, and service accounts across hybrid environments.
Leading cloud email security with advanced threat protection, DLP, and security awareness training integration.
AI-native email security that detects socially-engineered attacks traditional gateways miss. Behavioral analysis of email patterns.
Open-source email security scanning for spam, viruses, phishing, and malware. Integrates with Postfix, Sendmail, and Exim.
Cloud email security with threat protection, continuity, archiving, and awareness training. Strong M365 integration.
Industry-standard vulnerability scanner. Nessus Essentials is free for up to 16 IPs. Professional and Expert tiers for production use.
Full-featured open-source vulnerability scanner with 50,000+ network vulnerability tests. Community edition is free.
Cloud-based vulnerability management, detection, and response. Asset discovery, prioritization, and automated remediation workflows.
Fast, template-based vulnerability scanner. Community-driven template library with thousands of checks. CLI-based, highly automatable.
Vulnerability management with real risk scoring, live dashboards, and IT-integrated remediation projects.
Agentless cloud security platform for AWS, Azure, GCP. Unified view of risks across VMs, containers, and serverless.
Open-source security tool for AWS, Azure, GCP, and Kubernetes. 300+ checks across CIS, NIST, PCI-DSS, HIPAA, and more.
All-in-one open-source scanner for vulnerabilities, misconfigurations, secrets, and SBOM in containers, Kubernetes, IaC, and repos.
Agentless cloud security with unified data model covering vulnerabilities, misconfigs, malware, lateral movement, and sensitive data.
Open-source threat intelligence platform for sharing, storing, and correlating indicators of compromise and threat data.
Open-source cyber threat intelligence platform. STIX2 native, knowledge graph visualization, and automated enrichment.
AI-powered threat intelligence with the world’s largest intelligence graph. Real-time alerts, dark web monitoring, and vulnerability intelligence.
Open threat exchange with community-contributed IOCs, pulses, and threat data. Free API access for integration into security tools.
Industry-leading backup and disaster recovery. Free Community Edition for up to 10 workloads. Immutable backups for ransomware resilience.
Fast, secure, efficient backup program. Supports multiple cloud storage backends, encryption by default, and deduplication.
Unified backup and cybersecurity with anti-malware, vulnerability assessments, and automated patch management.
Open-source password manager with free personal tier, self-hosting option, and affordable business plans. Audited and transparent.
Premium password manager with Watchtower breach monitoring, travel mode, and seamless team sharing. Best-in-class UX.
Free, open-source, lightweight password manager. Local database, strong encryption, plugin ecosystem. No cloud dependency.
Business password manager with built-in VPN, dark web monitoring, and admin console for policy enforcement.
Modern, fast, lean VPN protocol. Built into Linux kernel. Simpler and faster than IPsec/OpenVPN. Minimal attack surface.
Zero Trust network access with DNS filtering, secure web gateway, and browser isolation. Free for up to 50 users.
Cloud-native zero trust access to private applications without VPN. Micro-segmentation and continuous verification.
WireGuard-based mesh VPN. Zero-config networking between devices. Free for personal use with up to 100 devices.
Market-leading security awareness training with phishing simulation, interactive modules, and compliance training library.
Open-source phishing simulation framework. Create and track phishing campaigns to test employee awareness. Self-hosted.
AI-driven security awareness training with automated, personalized phishing simulations based on individual risk profiles.
The world’s most used penetration testing framework. Free Community edition for manual exploit testing. Pro for automated assessments.
Industry-standard web application security testing toolkit. Community Edition is free; Pro adds automated scanning and advanced tools.
The gold standard for network discovery and security auditing. Port scanning, service detection, OS fingerprinting, and NSE scripting.
Debian-based Linux distribution with 600+ pre-installed penetration testing and security auditing tools. The industry standard for ethical hacking.
Automated SQL injection detection and exploitation tool. Database fingerprinting, data extraction, and OS access via injection.
Automated compliance platform for SOC 2, ISO 27001, HIPAA, PCI-DSS, and GDPR. Continuous monitoring with 80+ integrations.
Trust management platform automating SOC 2, ISO 27001, and HIPAA compliance. Evidence collection and continuous monitoring.
Open-source GRC platform for managing risk, compliance, and policy. Community edition is free and self-hosted.