# Tools & Platforms **1. Endpoint Protection** * **Priority**: Critical * **Function**: Protects endpoints from malware, ransomware, and other malicious activities, ensuring devices are secure and monitored for threats. * **Examples**: Symantec Endpoint Protection, McAfee Endpoint Security, EDR, XDR **2. Identity and Access Management (IAM)** * **Priority**: Critical * **Function**: Manages and controls access to resources, preventing unauthorized access and ensuring appropriate access levels for employees. * **Examples**: Okta, Microsoft Azure Active Directory **3. SIEM (Security Information and Event Management)** * **Priority**: Critical * **Function**: Provides centralized visibility, detects threats, and helps in responding to incidents in real-time by analyzing security event data from across the network. * **Examples**: Splunk Enterprise Security, IBM QRadar **4. Network Security** * **Priority**: Critical * **Function**: Defends the network perimeter against external threats and ensures availability and performance. It includes firewall policy management and anti-DDoS protection. * **Firewall Policy Management**: Configures and manages firewall policies to control traffic and protect the network. * **Examples**: Palo Alto Networks Panorama, Cisco Firepower Management Center * **Anti-DDoS (Distributed Denial of Service)**: Protects against DDoS attacks to maintain network availability. * **Examples**: Cloudflare, Radware **5. EUBA (Enterprise User Behavioral Analytics)** * **Priority**: High * **Function**: Detects and mitigates insider threats and compromised accounts by analyzing deviations from normal user behavior. * **Examples**: Exabeam, Splunk User Behavior Analytics **6. Vulnerability Scanning (Internal and External)** * **Priority**: High * **Function**: Identifies and addresses vulnerabilities to prevent exploitation by attackers. Regular scanning helps in maintaining a secure posture by proactively identifying weaknesses. * **Examples**: Nessus, Qualys **7. CASB (Cloud Access Security Broker)** * **Priority**: High * **Function**: Provides visibility and control over cloud applications, ensuring compliance and security policies are enforced. * **Examples**: McAfee MVISION Cloud, Palo Alto Networks Prisma Access **8. DLP (Data Loss Prevention)** * **Priority**: High * **Function**: Protects sensitive data from being exposed or stolen by monitoring and controlling data transfers across the network, endpoints, and cloud. * **Examples**: Symantec Data Loss Prevention, McAfee DLP **9. Application Security** * **Priority**: High * **Function**: Ensures the security of applications through comprehensive testing and monitoring, preventing vulnerabilities and exploits. This includes various types of testing and protection measures. * **IAST (Interactive Application Security Testing)** * **Examples**: Contrast Security, Synopsys * **DAST (Dynamic Application Security Testing)** * **Examples**: OWASP ZAP, Acunetix * **Component Scan** * **Examples**: Black Duck, Sonatype Nexus * **Pentesting** * **Examples**: Metasploit, Kali Linux * **SAST (Static Application Security Testing)** * **Examples**: Fortify, Checkmarx * **RASP (Runtime Application Self-Protection)** * **Examples**: Imperva, Waratek * **Application Shielding** * **Examples**: Arxan, Jscrambler **10. Secret Management** * **Priority**: High * **Function**: Securely manages secrets, such as API keys, passwords, and certificates, to protect sensitive information and ensure access control. * **Examples**: Thales CipherTrust Manager, AWS Secrets Manager **11. Internal Certificate Management** * **Priority**: High * **Function**: Manages internal certificates to ensure secure communication and authentication within the organization. * **Examples**: Venafi, DigiCert CertCentral **12. SOAR (Security Orchestration, Automation, and Response)** * **Priority**: Medium * **Function**: Automates response to security incidents, reducing response time and improving efficiency in dealing with threats. * **Examples**: Splunk Phantom, Palo Alto Networks Cortex XSOAR **13. Threat Intelligence** * **Priority**: Medium * **Function**: Provides insights into emerging threats and helps in proactive defense by leveraging threat data from various sources. * **Examples**: Recorded Future, ThreatConnect **14. AD Security Monitoring** * **Priority**: Medium * **Function**: Ensures the integrity and security of Active Directory by monitoring changes and activities to detect potential security issues. * **Examples**: Microsoft Defender for Identity, ManageEngine ADAudit Plus **15. Network Traffic Analysis** * **Priority**: Medium * **Function**: Monitors and analyzes network traffic to detect anomalies, intrusions, and other security threats. * **Examples**: Darktrace, Cisco Stealthwatch **16. Offensive Security** * **Priority**: High * **Function**: Simulates real-world attacks to test the effectiveness of security controls and the preparedness of the defensive teams. * **Examples**: Cobalt Strike, Red Canary