A reference architecture speeds up creating your solution. Various good reference architectures exist. The problems arise often when translating an architecture into solutions. Too often no good translation from architecture concepts to a tangible solution is possible.
The number of security applications available to solve your security problems is overwhelming. But for a good security architecture you should first determine WHAT must be solved before jumping into solutions. Only if you have a good understanding of your problem, an effective selection of security solutions that reduce risks is possible.
The following conceptual security topology helps with arranging functional to product mapping needs:
This image is created by © nocomplexity.com and is cc-by-sa 4.0 licensed
For every security function or service needed you should look serious at using open transparent reusable solutions. So Open Source. Of course many vendors provide good solid security products for specific use cases. But when you feel you need a trivial security service note that there is always a working and maintained FOSS application available. When using a security FOSS solution you have a large choice of companies that deliver maintenance and support on this application on commercial bases.