Navigating the Cloud Security Ecosystem and Its Products
In this post we dive into the world of cloud security products that exist and help you to make sense of them. What are they, and what do they all do?
Join the DZone community and get the full member experience.Join For Free
Security is becoming one of the most important areas for an organization. Securing IT in an organization involves securing various layers. Unfortunately, there is no single tool or product which provides security for all layers. There are specialized products solving various aspects of cloud security. As the number of products increases, it becomes increasingly complex to select the right kind of tools based on the needs of an organization. The objective of this blog is to navigate the Cloud security ecosystem and various products under five broad categories.
The Five Broad Categories
- Perimeter, Network, and Host Security
- Application and Endpoint Security
- Data Security
- GRC & Audit
- Security Orchestration
Perimeter, Network, and Host Security
Perimeter security refers to routers, firewalls, and intrusion detection systems implemented to tightly control access to networks from outside sources. This is like a Compound Gate.
Network and Host Security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure and Host respectively. This is like a main gate.
Firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.
Products: Brocade Vyatta Router, Barracuda NextGen Firewall
NGFW is an integrated network platform that is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL-encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection, and third-party identity management integration.
Products: Checkpoint, Cyberoam Virtual Security appliance, Juniper vSRX Virtual Firewall
Intrusion Detection System (IDS)
IDS is a device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is typically reported either to an administrator or collected centrally using a security information and event management. Common classification is NIDS or HIDS.
Products: Snort, OSSSEC, Suricata, Kismet, Alertlogic Threatmonitor
Intrusion Prevention System (IPS)
Some IDSs have the ability to respond to detected intrusions. Systems with response capabilities are typically referred to as Intrusion Prevention Systems.
Products: Radware Defensepro, IBM Security Network, Snort, Wireshark, Suricata, MCCafe Network Security Platform, Mccafe Host Intrusion Prevention,
Vulnerability Assessment (VAS)
A process that defines, identifies and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure.
Products: QualysGuard, Tenable, OpenVAS, Alertlogic Cloud Insight
Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.
Products: McCafe, Symantec
Malware, short for malicious software, is any software used to disrupt computers or mobile devices.
Products: Checkpoint, Opswatt, MCCafe, Symantec, VMray
Application and Endpoint Security
Application security identifies gaps or vulnerabilities in the security policy of an application or the underlying packages used in the application.
End Point Detection and Response (EDR)
Solutions that focus on detecting, investigating, and mitigating suspicious activities and issues on hosts and endpoints. Originally dubbed Endpoint Threat Detection and Response (ETDR), the term is now more commonly referred to as Endpoint Detection and Response (EDR).
Products: Symantec End Point protection, Outlier, McAfee Endpoint Protection
SSL Certificate Manager
It lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates.
Web Application Firewall (WAF)
A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.
Products: Brocade vWAF, Barracuda WAF, Trustwave, Imperva SecureSphere
Penetration Testing (PenTest)
Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit.
Web Gateway or Application Vulnerability Scan (AVS)
Web Application Vulnerability Scanners are automated tools that scan web applications, normally from the outside, to look for security vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal, and insecure server configuration.
Products: IBM App Scan, NetSparker, HP Fortify WebInspect, zScaler
Data security means protecting data, such as a database, from destructive forces and from the unwanted actions of unauthorized users. Data security also protects data from corruption.
Identity as a Service (IDaaS)
SaaS-based IAM offerings that allow organizations to use single sign-on (SSO using SAML or OIDC), authentication and access controls to provide secure access to their growing number of software and SaaS applications.
Products: Centrify, Onelogin, Okta
File Integrity Management (FIM)
File integrity monitoring (FIM) is an internal control or process that performs the act of validating the integrity of operating systems and application software files using a verification method between the current file state and a known, good baseline.
Products: OSSEC, TripWire
DB Vulnerability or Activity Monitoring
DB Vulnerability Scanners are automated tools that scan Vulnerabilities in Databases such as SQL Server, Oracle, MySQL, etc.
Products: GreenSQL, IBM Guardiam, Imperva, Trustwave Db Protect
GRC and Audit
GRC (governance, risk management, and compliance) software allows publicly-held companies to integrate and manage IT operations that are subject to regulation. Such software typically combines applications that manage the core functions of GRC into a single integrated package.
Products: RSA Archer, Threadfix, Metricstream, TripleHelix
Security audit is a systematic measurable technical assessment of a system or application.
Products: Open-AudIT, Optiv
Security orchestration is a method of connecting security tools and integrating disparate security systems. It is the connected layer that streamlines security processes and powers security automation.
Products: Cloudlock Cybersecurity Orchestrator, Tufin, McAfee ePolicy Orchestrator – ePO, Intellitactics, Netflexity, Avanan, Cloudpassage, Algosec, Fireeye, Cloudenablers – Corestack
Published at DZone with permission of Rathinasabapathy Arumugam, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.