InfoSec 101

Cloud Security Posture Management (CSPM): This will provide organizations with the ability to monitor and manage the security posture of their cloud infrastructure, ensuring compliance with industry standards and regulations, detecting and addressing security threats, and preventing data breaches.

  • Palo Alto Prisma Cloud
  • CheckPoint (CloudGuard)
  • CSP Native
  • AWS Config
  • Azure Security Center
  • Cloud Security Command Center

Secure Access Service Edge (SASE) platform: A cloud-based platform that combines several security functions, such as secure web gateways, firewall as a service, cloud access security brokers (CASBs), and zero-trust network access (ZTNA), into a single, integrated solution. SASE platforms provide a scalable, flexible, and cost-effective way to achieve a secure service edge.

  • Palo Alto Prisma Access
  • zScaler
  • Cisco
  • Fortinet Secure SDWAN
  • Cato Networks
  • Netskope
  • Perimeter 81
  • Forcepoint

Software-Defined Perimeter (SDP): An approach to network security that uses a “zero-trust” model to secure access to applications and data. SDP solutions create a secure, isolated network connection between users and applications, effectively hiding them from the public internet and reducing the risk of cyber attacks.

  • Palo Alto Prisma Access
  • zScaler
  • Okta
  • Cisco
  • Perimeter 81
  • Appgate
  • Symantec

Web Application Firewall (WAF): A security solution that provides an additional layer of protection for web applications by monitoring and filtering incoming web traffic based on predefined rules. WAFs can help prevent a range of cyber attacks, such as SQL injection, cross-site scripting (XSS), and file inclusion attacks.

  • F5
  • Fortinet
  • Imperva
  • Cloudflare
  • Citrix
  • Sophos

Cloud Access Security Broker (CASB): A security solution that provides visibility and control over cloud applications and services. CASBs allow organizations to monitor user activity, detect and respond to security threats, and enforce policies for data protection and compliance.

  • Palo Alto Networks (Prisma)
  • Netskope
  • Cisco CloudLock
  • BitGlass
  • Forcepoint
  • Proofpoint
  • Microsoft Cloud App Security
  • AWS CloudTrail (limited)

Identity and Access Management (IAM): A set of technologies and policies that manage user identities and access to applications and data. IAM solutions can help organizations enforce strong authentication and authorization policies, manage user privileges, and monitor user activity.

  • Okta
  • OneLogin
  • Ping
  • SailPoint
  • Azure AD

Endpoint Detection and Response (EDR): A security solution that monitors endpoint devices, such as desktops, laptops, and servers, for signs of security threats. EDR solutions can detect and respond to malware infections, advanced persistent threats (APTs), and other security incidents.

  • TrendMicro
  • CrowdStrike
  • Palo Alto Networks
  • FireEye
  • CarbonBlack
  • Sophos
  • Symantec

User Entity And Behavioral Analytics (UEBA): A solution that analyzes patterns of user and entity behavior across various data sources, such as logs, network traffic, and user activity data, to establish a baseline of normal behavior. Once the baseline is established, the UEBA solution can identify deviations from normal behavior that may indicate a security threat, such as insider threats, compromised user credentials, or advanced persistent threats (APTs).

  • Splunk
  • Rapid7
  • Securonix
  • Teramind
  • Exabeam
  • Azure Sentinel

Data Loss Prevention (DLP): A security technology that focuses on protecting sensitive data from unauthorized disclosure or theft. DLP solutions can identify and monitor sensitive data as it moves through an organization’s network, such as personally identifiable information (PII), financial data, or intellectual property. DLP solutions can also enforce data protection policies, such as blocking or encrypting sensitive data, or alerting security teams when a policy violation occurs.

  • TrendMicro
  • Symantec
  • ForcePoint

Antivirus and Antimalware: Install antivirus and antimalware software on all devices to prevent malware from infecting your network.

  • ArcticWolf
  • TrendMicro
  • Sophos
  • CarbonBlack

Password Policy: Establish a password policy that requires employees to use strong, unique passwords and change them periodically.

  • Active Directory
  • Okta
  • OneLogin
  • Azure AD

Access Control (SSO/AMFA): Implement access controls to restrict access to sensitive data and systems to only those who need it.

  • Okta
  • Active Directory
  • One Login
  • CSP IAM

Immutable Data Backup: Regularly back up your data to prevent data loss in case of a disaster or a security breach.

  • Rubrik
  • Cohesity
  • Veeam
  • CSP S3

Security Awareness Training: Educate your employees on security best practices, including how to identify and avoid phishing attacks and other scams.

  • KnowBe4
  • ProofPoint
  • MimeCast
  • ArcticWolf

Incident Response Plan: Develop an incident response plan that outlines the steps to be taken in the event of a security incident.

  • ArcticWolf
  • CrowdStrike
  • FireEye
  • Kroll
  • SecureWorks

Physical Security: Implement physical security measures such as security cameras, alarm systems, and access controls to protect your premises.

  • Verkada
  • Meraki
  • HID Global
  • Tyco

Vendor Management: Ensure that all third-party vendors have appropriate security controls in place when accessing your network.

  • InterVision vCISO
  • BitSight
  • OneTrust

Regular Security Audits: Regularly audit your security controls to identify and address vulnerabilities and ensure compliance with regulations.

  • PwC
  • Deloitte
  • KPMG

DevOps Security:

Code Analysis (SAST) – practice of using automated tools to analyze code and identify potential issues, such as security vulnerabilities, performance problems, and compliance violations.

  • VeraCode
  • GitLab
  • Snyk
  • CheckMarx
  • Coverity
  • Fortify

Code Analysis (DAST) – practice of using automated scanning techniques to identify common web application vulnerabilities such as SQL injection, cross-site scripting (XSS), and insecure authentication and authorization mechanisms.

  • Rapid7
  • Qualys
  • Veracode
  • Tenable
  • Acunetix

Runtime Protection (RASP) – detect and respond to security threats in real-time

  • Aqua
  • SysDig
  • TwistLock
  • VeraCode
  • Contrast
  • Policy Enforcement
  • Twistlock
  • Snyk
  • CheckMarx
  • SonarQube
  • GitHub Actions
  • Threat Detection
  • CheckMarx
  • Veracode
  • SonarQube
  • Fortify

Vulnerability Scanning – process of identifying security vulnerabilities in software, networks, systems, or applications

  • Qualys
  • Rapid7
  • Tenable
  • Aqua
  • GitLab
  • Snyk
  • CheckMarx
  • TrendMicro

Container Scanning – process of analyzing the contents of a container image for known vulnerabilities, misconfigurations, and other security issues

  • GitLab
  • Snyk
  • CheckMarx
  • TrendMicro