Good question security has alot of domains and a lot of jargon. In an effort to help with the security stack concept:
Identity & Access Management Security - Controls identities and provisioning of users to systems and applications (Okta, Ping, Microsoft AD, many others)
EndPoint/Device Security - Protects devices and threats against them (Crowdstrike, VMWare/CarbonBlack, Microsoft, Mcafee, Symantc, and everyone else and their brother. Top 3 are listed in no particular order).
Data Security or Data Loss Prevention - Protect sensitive data sets through various mechanisms (ForcePoint, Microsoft, Mcafee, Symantec etc…)
Network Security - Protect networks from threats. (Palo Alto, CheckPoint, Cisco)
Cloud Security - Protect cloud systems (salesforce.com, microsoft 365, etc) and access to data there. (Microsoft, ForcePOint PaloAlto, Cisco)
Email Security - Protect inbound/outbound email from threats (ProofPOint, Microsoft, Mimecast)
Security Monitoring Centralized (SIEM) and operational tracking - SOlutions that monitor overhealth health and stability and correlate a lot of data from a lot of places (Splunk, Elastic, Datadog, SumoLogic, Microsoft is trying, and others). This is the hardest group to compare across as they are all the most different vs. other categories.
Disaster Recovery and Backup - Backup and recover systems that have operational or security issues (Commvault, Zerto, Resq, nutanix)
Vulnerability Security & Management Tools - Find problems and fix before bad guys cause problems (Qualys, Rapid 7, many other small niche players).
Security is the ever changing decision between do I go best in breed in all these areas (and have it so complex I cant manage it likely or its super $$$) or try and integrate across the stack. Microsoft is the biggest threat as a powerful integrated play across these entities and is CrowdStrike and many other companies biggest mid term/long term competitors. They can use security as a loss leader for their OS and Microsoft 365 productivity platforms.