Security Awareness Training
Tools to identify and increase employee security awareness and knowledge.
Gateways and Firewalls
This category includes:
– Next-Generation Firewall (NGFW)
– Unified Threat Management (UTM) Firewall
– Web Application Firewall (WAF)
Features typically include:
– Web Content Management
– Anti-Virus
– Intrusion Prevention/Detection
– Data Loss Prevention
– VPN
– Web Application Control
– Cloud Sandboxing
– E-mail Anti-Spam
Gateway Advanced Persistent Threat Protection
Protection against an unauthorized person gaining access to a network undetected for a long period of time.
Gateway Application Control
Monitor, control, and report on web and cloud applications.
Sandboxing or Advanced Threat Protection (ATP)
A Sandbox is used to detect new and unknown malware threats. A sandbox is a security mechanism used to execute untested or untrusted programs or code without risking harm to the host machine or operating system. Advanced Threat Protection (ATP) is a feature that incorporates multiple security technologies to provide protection against targeted attacks.
Network Intrusion Prevention System
Including Network Intrusion Prevention System (NIPS) & Intrusion Detection System (IDS) signature/behavioral/protocol-based security.
Endpoint Protection
This category includes:
– Desktop
– Laptop
– Server
Features typically include:
– Anti-Malware
– Application Control
– Web filtering
– Host-based IPS
– APT
– Firewall
– Data loss prevention
Mobile devices and security are covered by the Mobility Management category.
Endpoint Application Control
Monitor, control, and report on device-based applications and/or web applications.
Email Protection and/or Anti-Spam
Protection from viruses, phishing attempts, and malicious links that come within an e-mail message
Features typically include:
– Anti-Virus
– Anti-SPAM
– Phishing
– URL Rewrites
Email Encryption
Email Encryption involves encrypting the content of email messages to protect potentially sensitive information from being read by anyone other than intended recipients.
Data Loss Prevention (DLP)
Data Loss Prevention (DLP) prevention to restrict end users sending sensitive or critical information outside the corporate network.
Data Security and Protection
Monitor, scan, mask and discover vulnerabilities in databases and storage.
IT Asset Disposition (ITAD)
IT asset disposition (ITAD) is built around disposing of obsolete or unwanted equipment in a safe and ecologically-responsible manner.
Fraud and Risk Management/Protection
Manage fraud and digital risk across multi-channel environments without impacting customers or transactions.
Identity & Access Management (IAM), Multi-Factor Authentication (MFA), Single Sign-On (SSO)
MFA is access control in which a user is granted access only after successfully utilizing more than one authentication method.
SSO is an authentication process that allows a user to access multiple applications with one set of login credentials.
Network Access Control (NAC)
Network management and security that enforce security policy, compliance, and management of access control to a network.
Change Control
Monitor, report, and restrict access to file changes.
Disk Encryption
Full Disk Encryption protects information by converting it into unreadable jibberish that cannot be deciphered easily by unauthorized people.
File/Folder Encryption
File/Folder Encryption or Filesystem-level encryption is a form of disk encryption where individual files or directories are encrypted by the file system itself.
Virtual Private Network (VPN)
Virtual Private Network (VPN) Includes:
– IPSEC (client-based)
– SSL (clientless)
– OpenVPN (SSL-based)
– ZeroTier (point-to-point)
Cloud Access Security Broker (CASB)
CASB is a solution that provides security for cloud applications and infrastructure.
DNS and DDOS Protection and/or DHCP & IP Management (DDI)
DNS protection filters device queries to the internet, or from the internet, and blocks known bad websites or DDOS attempts from reaching the device.
A denial-of-service attack (DDOS) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
A DDI solution provides a centralized platform to manage DNS and DHCP services and has an IP Address Management (IPAM) component.
Software-Defined LAN or WAN (SD-LAN or SD-WAN)
SD-WAN is a virtual WAN architecture that allows enterprises to leverage any combination of transport services – including MPLS, LTE and broadband internet service.
Secure Wireless
Certain Access Points have the ability to perform security checks on the access point independent of a firewall or other security device.
Features typically include:
– Wireless Intrusion Prevention
– Web Content Filtering
– AV Scanning
– Guest/Device Tracking