Generative AI features in enterprise software can be double-edged swords. AI introduces complexities and its own security issues, but it can also expedite processes and enable new capabilities.
The tools we’ve chosen here were highly rated platforms before the advent of generative AI, and we’ve rated them in part on longevity and positive reviews over time. Where AI features are major selling points for the products, we’ve examined them based on integration, ease of use, and their potential to unlock new areas of value within security solutions.
We focused on security solutions incorporating AI rather than AI-first companies or those exclusively addressing AI-related threats — although we were more inclined to select organizations that also emphasize AI-specific protections.
- Best for incident response: SentinelOne
- Best for small businesses without a SOC: Arctic Wolf
- Best for attack detection: Darktrace
- Best for simplifying the learning curve: Vectra AI
- Best for IT and OT: Zscaler
Top AI security tools: Comparison table
Tool | Starting Price | Size | Top-level pitch |
---|---|---|---|
SentinelOne | $69.99 per endpoint, per year. | Small business to enterprise. | Enterprise protection for endpoint, cloud, and data. |
Arctic Wolf | $44,000 per year. | Small business to enterprise. | Security operations “concierge” service. |
Darktrace | Starts at $30,000 per year. | Small business to enterprise. | Proactive cybersecurity with “self-learning” AI. |
Vectra AI | Contact the vendor for more information. | Small business to enterprise. | Focuses on delivering high-quality attack signals with AI. |
Zscaler | Contact the vendor for more information. | Enterprise. | Digital transformation for IT and security teams. |
Best for incident response: SentinelOne
SentinelOne offers endpoint, cloud, and data security. Targeted to enterprises, SentinelOne products place a shield over user endpoints, containers, cloud workloads, and IoT devices. Their managed security services are remarkable because they cover nearly all possible endpoints and device types.
SentinelOne’s primary AI offerings are Purple AI and the Singularity XDR Platform. The Singularity XDR Platform applies AI to prevention, detection, response, and threat hunting. This isn’t generative AI; instead, the “agents” are essentially sensors reacting at faster-than-human speeds. The generative part comes with SentinelOne’s Purple AI, a chatbot that operates similarly to ChatGPT. Security personnel can ask Purple AI in natural language whether indicators of specific threats are present, as well as more specific questions. The chatbot will return both written answers and code or URLs as appropriate.
Consulting firm Gartner rates SentinelOne highly, naming them a leader in the annual “Magic Quadrant” report. SentinelOne’s Vigilance MDR+DFIR detected 14 out of 14 attack steps in MITRE’s ATT&CK Evaluations. MITRE praised it for its comprehensive protection against the test attacks.
Price
The basic (or “Singularity Core”) plan starts at $69.99 per endpoint for five to 10 workstations. The Singularity Core plan provides role-based access control, multi-tenant management, and endpoint protection. For more features, organizations can purchase higher-tier plans up to the $209.99 per endpoint in its “Singularity Commercial” plan. Contact the company to negotiate enterprise-level plans.
Top Features
- Managed detection and response.
- Digital forensics and incident response.
- Endpoint protection.
- Threat detection and response capabilities for identity-based surfaces.
Pros | Cons |
---|---|
Easy-to-use dashboard. | Some users report a significant learning curve. |
One platform covers a wide variety of devices and services. |
SEE: Generative AI can skew North American, causing problems for APAC customers.
Best for small businesses without a SOC: Arctic Wolf
Arctic Wolf promotes itself as a “concierge” program aimed at easing the workload of security operations centers (SOCs). It’s meant to either add to a lean team or serve as a full SOC for small or medium businesses without one. Arctic Wolf is generally well-reviewed, with customers saying the company is thorough and reliable.
Arctic Wolf pitches AI as a solution to the impossibility of filtering through the overwhelming amount of data available to SOCs today and as a way to reduce ticket volume. The company integrates modern (but not necessarily generative) AI into its threat defense, SOC processes like investigations and responses. AI and ML analyze data behind the scenes in Arctic Wolf’s SecOps Cloud.
Price
Arctic Wolf’s “concierge” service starts at $44,000 per year for managed detection and response for up to to 100 users. Different services cost differently depending on whether they are bought individually or bundled.
Top Features
- Managed detection and response.
- Managed risk.
- Incident response.
- Cyber insurance.
- Cloud security posture management.
Pros | Cons |
---|---|
Could potentially serve as a way to outsource security. | Some reviewers report a lack of follow-through after Arctic Wolf submits logs. |
24/7 service. | |
Reviewers say implementation and integration are easy. |
Best for attack detection: Darktrace
Darktrace ActiveAI Security Platform prides itself on proactivity and catching novel threats. Like other services, it’s not necessarily an AI-first company — but AI features bolster longstanding, proven security processes. Darktrace also runs its own AI research center dedicated to using AI for projects such as detecting unwanted crypto-mining or determining whether similar-sounding emails are related to one another. Its AI learns from each individual customer’s business data to determine what patterns are common or unusual for them.
Darktrace DETECT and “Darktrace Cyber AI Loop” are AI/ML features, not generative AI. But Darktrace does offer a generative AI agent: the “Cyber AI Analyst,” which autonomously performs investigations and triage.
Darktrace maintains a forward-thinking approach, which Microsoft recognized by naming it the UK Partner of the Year in 2024.
Price
Pricing for Darktrace is based on the length of the contract, but on AWS Darktrace’s services start at $30,000 per year for up to 300 Mbps of average bandwidth and 200 hosts. Additional seats and bandwidth can raise the price to $100,000.
Top Features
- Email, OT, network, cloud, identity, and endpoint security monitoring.
- Attack surface management.
- Incident readiness and recovery.
Pros | Cons |
---|---|
The AI agent can autonomously run investigations. | Some reviewers report poor customer support or disruptive upselling. |
Sort alerts by criticality to focus on what matters most. | Some customers report pricing and licensing are confusing. |
Reviewers praise Darktrace’s ability to monitor network traffic in particular. |
Best for simplifying the learning curve: Vectra AI
Vectra AI, founded in 2012, offers a security dashboard similar to others on this list. Their UI is exceptionally user-friendly, with a clear severity rating front and center. Security professionals can follow their investigations across easy-to-navigate tabs. The AI in their name refers to “AI-driven detections,” primarily anomaly detection through machine learning. It scans user behavior for known threat actors’ tactics, techniques, and procedures.
Vectra AI also offers Attack Signal Intelligence, the power behind the Vectra AI Platform. It offers much of the same investigative, defense, and response capabilities as those of other companies on this list, but Attack Signal Intelligence’s straightforwardness sets itself apart.
Price
For pricing, contact Vectra AI.
Top Features
- Extended detection and response.
- Discover insight into attacks and attack vectors across public cloud, SaaS, identity, and data center networks.
- SOC modernization.
- Risk management.
- Defense against hybrid attack types.
Pros | Cons |
---|---|
Threats are classified by an easy-to-read “urgency score.” | Vectra AI’s dashboard may not analyze granular data. |
Some customers report good customer service and vendor relations. | Lacks customization. |
Speedy and responsive. | Limited integration options. |
Best for OT and IoT: Zscaler
Zscaler’s cybersecurity offerings focus on zero trust and cloud security, but their portfolio features various products and services. A major provider of security services to large, cloud-dependent organizations, Zcaler can guide clients through digital transformation. The company was named a leader in security service edge in Gartner’s 2024 Magic Quadrant report.
In terms of AI, Zscaler offers traditional AI and ML in its digital experience offerings (ZDX) through flexible monitoring systems for customer experience, including reducing the number of tickets. ZDX uses AI to discover the root causes of problems or guide users on how to resolve issues themselves.
Zscaler services can also be used to protect against generative AI threats. With the Zscaler Zero Trust Exchange, organizations can fence off certain data from employees’ use of public generative AI sites such as ChatGPT. At its most basic, this means blocking URLs. However, the protection can be more granular as well, with predefined ChatGPT Cloud Application controls, logs with detailed information on how employees are using AI, and Zscaler’s overarching data loss prevention suite that includes guardrails to prevent accidental sharing of ideas with AI tools.
Price
Zscaler pricing varies by plan. Contact the company for more specific information.
Top Features
- OT and IoT security.
- Secure Access Service Edge (SASE).
- Zero trust access.
- Posture management.
- Data protection.
- Digital experience solutions.
- Digital transformation services.
Pros | Cons |
---|---|
Defends both with AI and against AI. | Some reviewers report problems with latency or slow connections. |
Wide-ranging OT, cloud, and digital transformation services. |
How does AI improve cybersecurity?
As with any product, the effectiveness of AI security tools will depend on an organization’s specific needs and circumstances. In cybersecurity, it can be tricky to distinguish between traditional AI/ML and generative AI, depending on the use case. However, positive outcomes of switching to an AI-augmented cybersecurity solution may include:
- Faster threat hunting and threat detection.
- More accurate predictions.
- Natural language conversations in which security professionals can talk out difficult problems (in the case of generative AI).
- Generative AI can suggest queries, essentially training employees to use itself.
What challenges do businesses face when adopting AI security tools?
AI security tools can have a significant learning curve. Automated threat detection can miss clues or flag false positives, while generative AI can hallucinate false information. Many organizations have banned AI-generated code on security teams, in part because developers may not be motivated to double-check the code thoroughly. Introducing generative AI models in particular may introduce more security issues itself, such as data leaks.