Tools & Platforms

1. Endpoint Protection

Priority: Critical
Function: Protects endpoints from malware, ransomware, and other malicious activities, ensuring devices are secure and monitored for threats.
Examples: Symantec Endpoint Protection, McAfee Endpoint Security, EDR, XDR

2. Identity and Access Management (IAM)

Priority: Critical
Function: Manages and controls access to resources, preventing unauthorized access and ensuring appropriate access levels for employees.
Examples: Okta, Microsoft Azure Active Directory

3. SIEM (Security Information and Event Management)

Priority: Critical
Function: Provides centralized visibility, detects threats, and helps in responding to incidents in real-time by analyzing security event data from across the network.
Examples: Splunk Enterprise Security, IBM QRadar

4. Network Security

Priority: Critical
Function: Defends the network perimeter against external threats and ensures availability and performance. It includes firewall policy management and anti-DDoS protection.
- Firewall Policy Management: Configures and manages firewall policies to control traffic and protect the network.
  - Examples: Palo Alto Networks Panorama, Cisco Firepower Management Center
- Anti-DDoS (Distributed Denial of Service): Protects against DDoS attacks to maintain network availability.
  - Examples: Cloudflare, Radware

5. EUBA (Enterprise User Behavioral Analytics)

Priority: High
Function: Detects and mitigates insider threats and compromised accounts by analyzing deviations from normal user behavior.
Examples: Exabeam, Splunk User Behavior Analytics

6. Vulnerability Scanning (Internal and External)

Priority: High
Function: Identifies and addresses vulnerabilities to prevent exploitation by attackers. Regular scanning helps in maintaining a secure posture by proactively identifying weaknesses.
Examples: Nessus, Qualys

7. CASB (Cloud Access Security Broker)

Priority: High
Function: Provides visibility and control over cloud applications, ensuring compliance and security policies are enforced.
Examples: McAfee MVISION Cloud, Palo Alto Networks Prisma Access

8. DLP (Data Loss Prevention)

Priority: High
Function: Protects sensitive data from being exposed or stolen by monitoring and controlling data transfers across the network, endpoints, and cloud.
Examples: Symantec Data Loss Prevention, McAfee DLP

9. Application Security

Priority: High
Function: Ensures the security of applications through comprehensive testing and monitoring, preventing vulnerabilities and exploits. This includes various types of testing and protection measures.
- IAST (Interactive Application Security Testing)
  - Examples: Contrast Security, Synopsys
- DAST (Dynamic Application Security Testing)
  - Examples: OWASP ZAP, Acunetix
- Component Scan
  - Examples: Black Duck, Sonatype Nexus
- Pentesting
  - Examples: Metasploit, Kali Linux
- SAST (Static Application Security Testing)
  - Examples: Fortify, Checkmarx
- RASP (Runtime Application Self-Protection)
  - Examples: Imperva, Waratek
- Application Shielding
  - Examples: Arxan, Jscrambler

10. Secret Management

Priority: High
Function: Securely manages secrets, such as API keys, passwords, and certificates, to protect sensitive information and ensure access control.
Examples: Thales CipherTrust Manager, AWS Secrets Manager

11. Internal Certificate Management

Priority: High
Function: Manages internal certificates to ensure secure communication and authentication within the organization.
Examples: Venafi, DigiCert CertCentral

12. SOAR (Security Orchestration, Automation, and Response)

Priority: Medium
Function: Automates response to security incidents, reducing response time and improving efficiency in dealing with threats.
Examples: Splunk Phantom, Palo Alto Networks Cortex XSOAR

13. Threat Intelligence

Priority: Medium
Function: Provides insights into emerging threats and helps in proactive defense by leveraging threat data from various sources.
Examples: Recorded Future, ThreatConnect

14. AD Security Monitoring

Priority: Medium
Function: Ensures the integrity and security of Active Directory by monitoring changes and activities to detect potential security issues.
Examples: Microsoft Defender for Identity, ManageEngine ADAudit Plus

15. Network Traffic Analysis

Priority: Medium
Function: Monitors and analyzes network traffic to detect anomalies, intrusions, and other security threats.
Examples: Darktrace, Cisco Stealthwatch

16. Offensive Security

Priority: High
Function: Simulates real-world attacks to test the effectiveness of security controls and the preparedness of the defensive teams.
Examples: Cobalt Strike, Red Canary

PreviousKey Function & Role NextPeople

Last updated 3 days ago

Was this helpful?

Tools & Platforms

1. Endpoint Protection

Priority: Critical
Function: Protects endpoints from malware, ransomware, and other malicious activities, ensuring devices are secure and monitored for threats.
Examples: Symantec Endpoint Protection, McAfee Endpoint Security, EDR, XDR

2. Identity and Access Management (IAM)

Priority: Critical
Function: Manages and controls access to resources, preventing unauthorized access and ensuring appropriate access levels for employees.
Examples: Okta, Microsoft Azure Active Directory

3. SIEM (Security Information and Event Management)

Priority: Critical
Function: Provides centralized visibility, detects threats, and helps in responding to incidents in real-time by analyzing security event data from across the network.
Examples: Splunk Enterprise Security, IBM QRadar

4. Network Security

Priority: Critical
Function: Defends the network perimeter against external threats and ensures availability and performance. It includes firewall policy management and anti-DDoS protection.
- Firewall Policy Management: Configures and manages firewall policies to control traffic and protect the network.
  - Examples: Palo Alto Networks Panorama, Cisco Firepower Management Center
- Anti-DDoS (Distributed Denial of Service): Protects against DDoS attacks to maintain network availability.
  - Examples: Cloudflare, Radware

5. EUBA (Enterprise User Behavioral Analytics)

Priority: High
Function: Detects and mitigates insider threats and compromised accounts by analyzing deviations from normal user behavior.
Examples: Exabeam, Splunk User Behavior Analytics

6. Vulnerability Scanning (Internal and External)

Priority: High
Function: Identifies and addresses vulnerabilities to prevent exploitation by attackers. Regular scanning helps in maintaining a secure posture by proactively identifying weaknesses.
Examples: Nessus, Qualys

7. CASB (Cloud Access Security Broker)

Priority: High
Function: Provides visibility and control over cloud applications, ensuring compliance and security policies are enforced.
Examples: McAfee MVISION Cloud, Palo Alto Networks Prisma Access

8. DLP (Data Loss Prevention)

Priority: High
Function: Protects sensitive data from being exposed or stolen by monitoring and controlling data transfers across the network, endpoints, and cloud.
Examples: Symantec Data Loss Prevention, McAfee DLP

9. Application Security

Priority: High
Function: Ensures the security of applications through comprehensive testing and monitoring, preventing vulnerabilities and exploits. This includes various types of testing and protection measures.
- IAST (Interactive Application Security Testing)
  - Examples: Contrast Security, Synopsys
- DAST (Dynamic Application Security Testing)
  - Examples: OWASP ZAP, Acunetix
- Component Scan
  - Examples: Black Duck, Sonatype Nexus
- Pentesting
  - Examples: Metasploit, Kali Linux
- SAST (Static Application Security Testing)
  - Examples: Fortify, Checkmarx
- RASP (Runtime Application Self-Protection)
  - Examples: Imperva, Waratek
- Application Shielding
  - Examples: Arxan, Jscrambler

10. Secret Management

Priority: High
Function: Securely manages secrets, such as API keys, passwords, and certificates, to protect sensitive information and ensure access control.
Examples: Thales CipherTrust Manager, AWS Secrets Manager

11. Internal Certificate Management

Priority: High
Function: Manages internal certificates to ensure secure communication and authentication within the organization.
Examples: Venafi, DigiCert CertCentral

12. SOAR (Security Orchestration, Automation, and Response)

Priority: Medium
Function: Automates response to security incidents, reducing response time and improving efficiency in dealing with threats.
Examples: Splunk Phantom, Palo Alto Networks Cortex XSOAR

13. Threat Intelligence

Priority: Medium
Function: Provides insights into emerging threats and helps in proactive defense by leveraging threat data from various sources.
Examples: Recorded Future, ThreatConnect

14. AD Security Monitoring

Priority: Medium
Function: Ensures the integrity and security of Active Directory by monitoring changes and activities to detect potential security issues.
Examples: Microsoft Defender for Identity, ManageEngine ADAudit Plus

15. Network Traffic Analysis

Priority: Medium
Function: Monitors and analyzes network traffic to detect anomalies, intrusions, and other security threats.
Examples: Darktrace, Cisco Stealthwatch

16. Offensive Security

Priority: High
Function: Simulates real-world attacks to test the effectiveness of security controls and the preparedness of the defensive teams.
Examples: Cobalt Strike, Red Canary

PreviousKey Function & Role NextPeople

Last updated 3 days ago

Was this helpful?