The best and worst cybersecurity companies in 2025?
Posted by RoboFalcon3x@reddit | sysadmin | View on Reddit | 77 comments
Just want to hear from others besides colleagues like who do you think are the best and worst cybersecurity companies in 2025?
I’m talking about overall experience: product quality, security efficacy, support, licensing practices, transparency and real world results. This could be endpoint, cloud, network, identity or anything else in the security stack. Who’s actually delivering value and who’s more hype than substance?
Would love to hear both the wins and the war stories. No need to name and shame unfairly but honest feedback is very welcome.
HanSolo71@reddit
We are a big Rapid7 shop. We use Rapid7's Vulnerability Management platform, as well as their SIEM, MDR, and automation platform, and I find them to be acceptable.
I think, for how much we pay (Over six figures), the number of tickets I need to open is a bit. In particular the automation platform "Insight Connect" frequently has issues with smaller less used modules. I am told the issues I have are because we use the platform more extensively than most clients but still I have 4-5 ICON tickets open right now.
Furthermore, their SIEM platform still can't ignore a set of IPv6 addresses, as they only have code for IPv4 addressing enabled.
I keep using them because they provide great coverage for a huge amount of cloud products for the SIEM and the automation I can produce from those logs is still extremely useful.
On the other hand, Crowdstrike seems to just work. Has great documentation and is constantly adding useful features. I may look at moving my vulnerability management to CS in the future.
DoctorOctagonapus@reddit
Notwithstanding the time they yolo'd a patch without testing and broke the world so badly it became headline news
HanSolo71@reddit
Shit happens. Im coming up on 15 years in the field. If I was angry forever for every mistake a vendor made I would be angry at every vendor.
GeneMoody-Action1@reddit
I have to back this one as well, yes their oops was a global incident, but anyone that has been in this for very long, who cannot admit they have had the occasional "oops" themselves is likely not telling the truth about it.
The scale of the crowdstrike incident is really a measure of its size and popularity, not a product being any more unstable than any other, in fact, they have had less "oops" than many of their peers.
So while it may not be of much tactical advantage to come to the defense of another vendor, expecting 100% perfect performance from any product facing millions of different environments, and hundreds of thousands of people working to make it fail, daily, "perfect" is an unrealistic expectation.
These suites like all software and the computers they run on do trillions of things an hour, sometimes they get one wrong, it sucks, but you take it for what it is and move along.
Their stock price though all that dipped but recovered well, and they are doing just fine.
bageloid@reddit
ICON needs a bunch of work, especially in terms of documentation.
HanSolo71@reddit
Bro perhaps i gave to much credit to ICON. I spend so much time fighting with bad documentation and stupid shit. Like for example did you know the JQ plugin can't handle outputs that are "Too Big" because the previous step makes a JSON with an array starting it and their implementation of JQ can't handle it.
Its fucking death by a million cuts. Honestly, fuck ICON.
bageloid@reddit
Yeah, it's sort of a weird bolt on product, they really need to overhaul it. Plus they should be pumping out connectors.
stevehammrr@reddit
I had a rapid7 sales guy call me on Christmas Day to tell me about some new feature they were rolling out and to see if I was interested. And I’ve heard similar stories from all over the place about their sales people and customer service.
Fuck rapid7 lol.
HanSolo71@reddit
I didn't get to choose as this was partially implemented when I arrived. Im just making it as functional as can be.
chpc14@reddit
Roboshadow hands down. Their team listens to feedback and offers a great product at a very affordable price.
https://roboshadow.com/
utvols22champs@reddit
Do you know where they store their data?
chpc14@reddit
Not sure either, but I'd be glad to ask for you.
utvols22champs@reddit
That would be great. Our regulators require data to be stored in the US.
RoboShadow_Liz@reddit
Hey, thanks for tagging me in u/chpc14 ! We currently store our AWS data in Ireland, but this is becoming a more common theme from US users, so we are looking at options to offer regional versions of this in the future. u/utvols22champs please feel free to message me if there is anything else I can help with!
daze24@reddit
I Don't know where they store their data but I believe they are a UK company
daze24@reddit
been trialing this, I'm impressed so far.
Lukage@reddit
I stand by my statement after they made front page news, but Crowdstrike is effective and I don't want to switch. When they acquire a product or company, they properly vet it, integrate it for their existing customers, and it works.
My only gripe is the occasional false positive for things like VSS Snapshot removal, but I'm otherwise generally pretty happy with it. It costs, but you're getting an excellent product.
shadowmtl2000@reddit
Yea I’m also a fan of crowdstrike. Even if they took me offline for a few hours that one time.
Researcher_bellach@reddit
From what I’ve seen so far, smaller and more focused cybersecurity companies seem to be delivering better value than some of the big names in 2025. Transparency and faster response times really make a difference. Curious to see what others are experiencing.
Stryker1-1@reddit
I would say that's because the big guys are all busy trying to do everything and the only feature "improvement" getting added to their products is shitty AI
Researcher_bellach@reddit
Interestingly, according to recent reports, smaller cybersecurity vendors are growing 35% faster than larger ones in 2025 because of their focus on solving specific problems instead of trying to cover everything 🦊
sinclairzxx@reddit
Darktrace and Artic Wolf are trash.
ReputationNo8889@reddit
Can you share more insights on arctiv wolf? we are currently in the onboarding phase and had many headaches ....
Acheronian_Rose@reddit
What are your headaches? Our rollout was quick and painless, we have had them for about 3 years now
ReputationNo8889@reddit
We were told in the beginning that rollout is quick and painless, only need to install the sensors onsite and deploy the agent. Then after the sensors were installed, we were told "well acutally you also need to send the logs from the DC's to the sensor" so we had to plan those changes. Then we were told "you also need to install the Agent on the DC". Its basically a trickle down of informations on what to do next and what is required. Its a PITA.
That we purchased more then we can actually roll out makes the whole situation much worse ... but yeah, so far, not impressed.
Acheronian_Rose@reddit
This is all very standard... if your DC is not configured to spit out the correct logs, there monitoring tools cannot help you. Other monitoring solutions are going to require there own configuration changes.
We had to do all of this as well, installing the DC agent and making the needed local policy changes for logging took 5 whole minutes, zero disruption while done live, I consider that pretty quick and painless as far as changes go.
What is there to plan for there? if you have multiple DC's, you have redundancy. If anything did go wrong for any reason
ReputationNo8889@reddit
Well the main issue is, that we have Defender for Identity configured so there are settings alredy in place that need to be combined as you can not have 2 policies that are enforced at the top level with different settings. Then there are many unknowns as the DC infra is very old and not in a good shape at all. The onsite IT of the plant is so horrbible they themselves dont know what is configured where. So you first need to do a deep dive and check everything. Of course not AW fault at all. But knowing this beforehand would have allowed us to do everything in one go insted of having multiple meetings weeks apart, because the guys are stapped for time.
thortgot@reddit
Deploying and agent on your DC is 100% normal across all EDR.
Sure they messed up the deployment but you really should be pushing it to all servers and endpoints.
ReputationNo8889@reddit
Yes totally agree. Thats why defender is on everything and we have a defender connector to AW. We have those "sensors" as well. We were told they handle all on premises stuff. Sure we might had to ask more questions, but on the other hand, they just didnt tell us this stuff was needed. This is our first deployment of a SOC provider so no real previous knowledge of how stuff typically handeld.
Szeraax@reddit
Not if your EDR is backed by sense service and MS Defender telem. Now, whether you trust that approach or not.... But its at least possible these days.
thortgot@reddit
You still need to enroll it into Defender for Endpoint, it's just a matter of only running a single client.
Szeraax@reddit
You're right, haha.
ThemB0ners@reddit
Did you guys not ask questions? Did you think your DC's were excluded in the "deploy the agent" part that they mentioned?
ReputationNo8889@reddit
We were initally told were to be installed on the client devices. They just omitted the part where servers needed to be onboarded. Yes we did not ask further because we assumed they would not omit stuff in the onboarding.
We were told that the "Sensors" take care of everything on premises. After i pushed for answers on how exactly they would monitor the whole local network by just plugging in, they started to become really avoidant and were like "we tell you once the sensors are at the plant"
So we did not really ask questions because they seemingly answered everything beforehand. Come to find out, most of the stuff was more a lie by omission or straight up bending the truth.
Acheronian_Rose@reddit
I agree, sounds like they didnt really get a full scope of what needed to be done, and made assumptions
sinclairzxx@reddit
Have a look on Reddit for AW reviews.
In a nutshell: It’s great, until you have a problem.
jake04-20@reddit
Damn, I know someone that swears by arctic wolf.
Acheronian_Rose@reddit
How so with Arctic Wolf?
They have saved us from security events in the past by detecting, isolating the endpoint, and alerting us to it via after hours calls so we can fully mitigate.
We would have experienced a network wide ransomware attack last year, had we not implemented there monitoring
sinclairzxx@reddit
So the EDR worked as expected, smashing work.
Just do a basic search on Reddit.
Acheronian_Rose@reddit
all of it has worked as expected, we carry all of there offerings.
Nekosannn@reddit
Trellix is pretty bad, at least from my MSP perspective. Its mostly the customer support, which is really slow. If you are restricted to on-prem security systems instead of something like Crowdstrike, the Trellix ePO is alright i guess.
Optimal-Scheme-8015@reddit
Former McAfee employee here. Trellix is the merger of McAfee (Traditional, .dat signature file AV) and FireEye. That company has been in disarray since Intel discontinued a number of its products in 2018. I would avoid them at all costs.
AncientWilliamTell@reddit
that's because it used to be McAffee
Havi_40@reddit
Worldwide or American as usual?
AncientWilliamTell@reddit
if you dislike the "American as usual" tone of this sub, go to the "international sysadmin" sub or start one yourself.
Havi_40@reddit
Damn, bro! It was a simple question requesting clarification. Nowhere did I criticize or imply that Americans are less than any other people. Especially technology wise.
Objectively speaking, there are smaller companies that are as good as, of not better than big ones. Take Trellix for example. One of the absolute worst companies to deal with, with an extremely convoluted process to remove from devices and systems. It crashed every single Dell in my company with the error CLASSPNP.SYS, which is not at all explanatory or indicative of an issue with the antivirus.
marklein@reddit
Maybe if more people worldwide participated... you can't blame us Yanks for showing up.
TheJesusGuy@reddit
...What?
thortgot@reddit
All security companies worth using are global.
Kumorigoe@reddit
Sorry, it seems this comment or thread has violated a sub-reddit rule and has been removed by a moderator.
Inappropriate use of, or expectation of the Community.
If you wish to appeal this action please don't hesitate to message the moderation team.
PsyOmega@reddit
I can confidently name Sophos as one of the worst.
WashedPinkBourbon@reddit
SentinelOne is a fantastic product.
shadowmtl2000@reddit
Stay away from darktrace.
Pretzel911@reddit
We have that, only the email section. We trialed the rest, but the email section is the only thing we found useful.
Leg0z@reddit
We use Darktrace. Management's thought has always been that it's the equivalent of paying for a Jr. security analyst. We are about to put that to the test with a pen test next week. Thankfully, this falls right in line with our renewal, which is up. I have a lot of criticisms of it (the interface looks like a stupid hacker movie), but it will be interesting to put it to a real-world test and see if it flops or not.
lordmycal@reddit
Let us know how that goes.
SomeWhereInSC@reddit
grabbing popcorn, hoping you reply to this with your results...
daze24@reddit
We have this, my CTO has bought fully into it, it doesn't really do anything.
shadowmtl2000@reddit
Your CTO got ripped off by a snake oil salesman. So did my former boss. The wasted money cost him his job lol.
czj420@reddit
We paid 54k for 4 years. On renewal they wanted 200k for 3 years. We switched to black point cyber for 10k for 1 year.
daze24@reddit
💯 agree with this but stuck with success meetings and numerous false positive alerts. Should probably move on really but we have really good Flexi.
sinclairzxx@reddit
This!
PrepperBoi@reddit
lol I’m trying to talk my team out of it as someone who has used it for 5+ years.
They seem hell bent on spending the money.
VA_Network_Nerd@reddit
You need content for your blog or something?
MrKrazybones@reddit
In that case, I'd say stay away from Allsafe Cybersecurity. They have an employee who hacks into the accounts of everyone he meets.
beagle_bathouse@reddit
Palo is a nono
PurpleFlerpy@reddit
Ninjio - only because they had an Evangelion reference in one of their recent user training videos.
OrangeTinyAlien@reddit
We switched from Wiz to WithSecure and couldn't be happier. We run a lot of hybrid solutions and Wiz sold us on a promise they couldn't deliver. WithSecure is also a local Swedish/Finnish business where I'm from so doing business with them has been "culturally" easier.
TheBradley22@reddit
I miss when they were called Data Fellows
Mitchell_90@reddit
Lol Darktrace, when we were looking at EDR vendors they contacted us to try and get us to buy into their platform. We didn’t really get what it did/was supposed to do after seeing demos and the usual sales crap.
Went with SentinelOne which is working well.
In terms of managed SOC I’ve heard good things about Huntress.
Burgergold@reddit
I would stay away from Broadcom and Trellix (formerly McAfee)
DenSide@reddit
Hi! Could I dm you? I have a question regarding one of these companies
Burgergold@reddit
Yes but I may not have the answer / been of great help
DenSide@reddit
No problem
I saw you mentioned Trellix, why is that?
I got contacted by a recruiting company to work as a contractor for trellix and was a bit skeptical
Burgergold@reddit
I really hated how the product is managed on server, linux even more.
You have to install the agent, the edr, the ens. Then they don't work well by default and needs a lot of tuning per system and even some module need to be disabled, making it pretty much useless
Didn't had this problem with the 2 other product we used
Luscypher@reddit
F*ching Carbon Black, our former CISO made deal with them and then left. We R stuck till 2027. No money for anything else. So, Windows Defender, I love U.
TkachukMitts@reddit
Field Effect Covalence is very good.