Browse Group-IB Reviews

Digital forensics and incident response (DFIR) retainer services help organizations assess and manage the impact of a security incident. Digital forensics (DF) services assist with forensic response, aid in forensic information gathering and advise on proactive best practices for avoiding a breach. Incident response (IR) services assist with breach investigation, triage and impact classification. These capabilities are delivered as professional services, supported by technology services from the same provider.

• Group-IB Digital Forensics and Incident Response Retainer Services
  4.4

  16 Reviews

Gartner defines an email security solution as a product that secures email infrastructure. Its primary purpose is to protect against malicious messages (phishing, social engineering, malware) or unsolicited messages (spam, marketing). Other functions include email data protection; domain-based message authentication, reporting and conformance (DMARC); investigation; and remediation through a dedicated console. Email security solutions may also support nonemail collaboration tools, such as those for document management and instant messaging. Email security tools protect an organization’s email from spam, phishing, malware attacks, account takeover and data loss. They may provide capabilities for data loss prevention, encryption, domain authentication and security education, as well as advanced protections against business email compromise. Email security platforms give cybersecurity teams visibility into email-related security incidents, support investigation and automated remediation, and enable management of both inbound and outbound email delivery. Email security solutions often integrate with other network, identity and endpoint security controls, and may also support collaboration tools and email relay capabilities.

• Group-IB Business Email Protection
  5.0

  3 Reviews

Gartner defines an endpoint protection platform (EPP) as security software designed to protect managed endpoints — including desktop PCs, laptop PCs, virtual desktops, mobile devices and, in some cases, servers — against known and unknown malicious attacks. EPPs provide capabilities for security teams to investigate and remediate incidents that evade prevention controls. EPP products are delivered as software agents, deployed to endpoints, and connected to centralized security analytics and management consoles. EPPs provide a defensive security control to protect end-user endpoints against known and unknown malware infections and file-less attacks using a combination of security techniques (such as static and behavioral analysis) and attack surface reduction capabilities (such as device control, host firewall management and application control). EPP prevention and protection capabilities are deployed as a part of a defense-in-depth strategy to help reduce the endpoint attack surface and minimize the risk of compromise. EPP detection and response capabilities are used to uncover, investigate and respond to endpoint threats that evade security protection, often as a part of broader threat detection, investigation and response (TDIR) capable products.

• Group-IB Managed Extended Detection and Response (MXDR)
  4.9

  8 Reviews

External Attack Surface Management (EASM) market refers to solutions that continuously discover, inventory, and monitor an organization’s internet‑facing digital assets from an attacker’s perspective. These platforms identify unknown or unmanaged assets, exposed services, misconfigurations, and vulnerabilities across cloud, SaaS, on‑premises, and third‑party environments. EASM solutions contextualize external exposures with risk scoring, threat intelligence, and business relevance to help organizations prioritize remediation efforts. The market exists to help cybersecurity teams proactively reduce exposure by maintaining visibility of their internet-facing assets. Who are the target users of External Attack Surface Management (EASM) Software? Typical users include cybersecurity teams, vulnerability management professionals, risk managers, and IT security leaders in organizations of all sizes. EASM solutions are especially valuable for enterprises with complex, distributed environments, frequent cloud adoption, or multiple subsidiaries and third-party relationships. Executives responsible for organizational risk and compliance also benefit from the enhanced visibility and reporting capabilities these platforms provide. What are the core capabilities of External Attack Surface Management (EASM) Software? Asset Discovery and Inventory: Identification of internet‑facing infrastructure (e.g., domains, subdomains, IPs, cloud assets, SaaS, APIs, certificates, shadow IT) Asset Attribution & Ownership Mapping Technology Fingerprinting (e.g., frameworks, CMS, web servers, open‑source components) Third‑Party and Subsidiary Mapping Continuous Monitoring & Change Detection: Change Detection (new services, DNS changes, IP reassignments, open ports) Asset Lifecycle Tracking (new, modified, decommissioned assets) Certificate Monitoring (expiration, weak cryptography, unauthorized issuance) Exposure & Vulnerability Identification: Open Port and Service Enumeration Configuration and Security Misconfiguration Detection Known Vulnerability Mapping (CVE/CWE) Insecure Protocol and Cipher Detection Unprotected Cloud Storage & APIs Expired or Weak Certificates Exposed Secrets (tokens, API keys) Risk Prioritization & Contextual Analysis Risk Scoring (asset‑level and organization‑level) Business Context Mapping (e.g., production vs dev, internet‑facing criticality) Exploitability Context Attack Path Visualization Integration with Threat Intelligence Feeds Attacker‑View Asset Mapping Known Attacker Techniques mapping (MITRE ATT&CK alignment) Remediation & Workflow Enablement Remediation Guidance (e.g., automated attack surface reduction suggestions) Integration with Ticketing Systems (e.g., ServiceNow, Jira) Security Tool Integrations (e.g., SIEM, SOAR, vulnerability scanners) Ownership Assignment & SLA Tracking Evidence and Verification of Fixes Reporting & Visualization Executive Dashboards Technical Analyst Views Asset and Risk Heatmaps Exposure Trends Over Time Custom Report Builder What are the benefits of External Attack Surface Management (EASM) Software? EASM software helps organizations proactively reduce their cyber risk by maintaining comprehensive visibility of all internet-facing assets and exposures. Security teams benefit from automated discovery, prioritized remediation, and streamlined workflows, enabling faster and more effective risk reduction. Executives and risk leaders gain confidence through real-time dashboards, trend analysis, and clear evidence of remediation, supporting stronger governance, compliance, and organizational resilience against external threats.

• Group-IB Attack Surface Management
  4.6

  16 Reviews

Gartner defines network detection and response (NDR) as products that detect abnormal network behaviors by applying behavioral analytics to network traffic data. NDR products continuously analyze raw network packets or traffic metadata within internal networks (east-west) and between internal and external networks (north-south). They include automated responses, such as host containment or traffic blocking, implemented directly or through integration with other cybersecurity products. Vendors deliver NDR as hardware or software appliances for sensors, with some supporting IaaS environments. Management and orchestration consoles are available as software or SaaS. Organizations rely on NDR to detect and contain postbreach activities such as ransomware, insider threats and lateral movements. NDR complements other technologies that primarily trigger alerts based on rules and signatures by building heuristic models of normal network behavior and detecting anomalies. Security teams commonly use NDR as a complementary detection and response technology within a broader set of security operations center (SOC) tools. These include security orchestration, automation and response (SOAR), security information and event management (SIEM), endpoint detection and response (EDR), and other detection technologies. These include security orchestration, automation and response (SOAR), security information and event management (SIEM), endpoint detection and response (EDR), and other detection technologies.

• Group-IB Managed Extended Detection and Response (MXDR)
  5.0

  1 Review

Network-based sandboxing is a proven technique for detecting malware and targeted attacks. Network sandboxes monitor network traffic for suspicious objects and automatically submit them to the sandbox environment, where they are analyzed and assigned malware probability scores and severity ratings. Sandboxing technology has been used for years by malware researchers at security companies and even in some large enterprises that are highly security conscious. Traditionally, using a sandbox has been an intensive effort requiring advanced skills. The malware researcher manually submits a suspicious object into the sandbox and analyzes it before flagging it as malware or not. By adding automated features to sandboxing technology (automatically submitting suspicious objects and automatically generating alerts). (Retired as of Mar-12-2026).

• Group-IB Managed Extended Detection and Response (MXDR)
  4.5

  2 Reviews

Gartner defines the OFD market as the market for solutions that detect and prevent fraudulent actions within digital channels (browsers and mobile apps). OFD solutions provide a spectrum of capabilities within digital channels to prevent direct and indirect financial losses and to mitigate risks. Their core capabilities: Mitigate the activity of malicious automated bots; Detect account takeover (ATO) attacks and trigger remedial actions; Detect fraudulent activity in high-risk events along the digital customer journey, such as when customers make payments, transfer funds, perform account management actions or access personally identifiable information (PII). (Retired as of May-06-2026).

• Group-IB Fraud Protection
  4.7

  5 Reviews

Security consulting firms are advisory and consulting services (see 'Definition: Cybersecurity' ) related to information and IT security design, evaluation and recommendations. These services are procured by various stakeholders in an organization, including boards of directors, CEOs, chief risk officers (CROs), chief information security officers (CISOs), chief information officers (CIOs), and other business and IT leaders for the purpose of obtaining and ensuring acceptable risk levels for a specific client organization.

• Group-IB Security Consulting Services, Worldwide
  5.0

  9 Reviews

The security threat intelligence products and services market refers to the combination of products and services that deliver knowledge (context, mechanisms, indicators, implications and action-oriented advice), information and data about cybersecurity threats, threat actors and other cybersecurity-related issues. The output of these products and services aims to provide or assist in the curation of information about the identities, motivations, characteristics and methods of threats, commonly referred to as tactics, techniques and procedures (TTPs). The intent is to enable better decision making and improve security technology capabilities to reduce the likelihood and impact of a potential compromise. Threat intelligence (TI) products and services support the different stages of a TI process life cycle. In particular, this involves defining the aims and objectives, collecting and processing intelligence originating from various sources, analyzing and disseminating it to different stakeholders within the organization, and regularly providing feedback on the entire process. These products and services support ongoing security investigations and assist in preventing future breaches by prioritizing infrastructure hardening. TI tools and services are most commonly cloud-based products and services, but can also be delivered “as a service.”

• Group-IB Threat Intelligence
  4.6

  54 Reviews
• Group-IB Digital Risk Protection
  4.8

  21 Reviews