Posts Tagged ‘Security’
IT Security Products
I think IT Security is one of most complicated product in the IT domain. First it an antimonopoly style, unlike the software or infra that can create a very big company, security product tend to be locally customized -think like various antivirus company nowadays. Second it also has big internal professional services team, unlike the software that can be act as principals. The third factor, the naming of product is very much not standardized, they can claim that their product has specific capabilities.
For example for Multi-factor authentication, Zero trust security philosophy
Cyberark PAM (Privileged Access Management (PAM) / Privileged Identity Management)
Duo mobile Two-Factor Authentication & Endpoint Security (part of Cisco 2018)
Twofactor, agentbased: Okta, Gemalto, RSA
Agentless: silverfort
Okta: identity and access management, Okta’s services are built on top of the Amazon Web Services cloud.
Information Security
Client concern on price (e.g instead buying package (software + hardware) they prefer to buy separate item.
Client concern on its unique characteristics (e.g 70% is inhouse development software)
Extended detection and response (XDR) delivers visibility into data across networks, clouds, endpoints, and applications while applying analytics and automation to detect, analyze, hunt, and remediate today’s and tomorrow’s threats
EDR: Endpoint Detection and Response
NTA: Network Traffic Analysis
SIEM: Security Information and Event Management
SOAR (security orchestration, automation, and response) technology. SOAR platforms are similar to SIEMs in that they aggregate, correlate, and analyze alerts. However, SOAR technology goes a step further by integrating threat intelligence and automating incident investigation and response workflows based on playbooks developed by the security team.
EPP: Endpoint protection platform
Cloud Access Security Broker (CASB) acts as an intermediary between cloud providers and cloud consumers to enforce an organization’s security policies for cloud application access and usage.
A next-generation firewall (NGFW) is a network security device that provides capabilities beyond a traditional, stateful firewall. While a traditional firewall typically provides stateful inspection of incoming and outgoing network traffic, a next-generation firewall includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence.
ServiceNow is a Platform-as-a-service provider, providing technical management support, such as IT service management, to the IT operations of large corporations, including providing help desk functionality. ServiceNow develop a cloud computing platform to help companies manage digital workflows for enterprise operations
IBM QRadar is an enterprise security information and event management (SIEM) product. It collects log data from an enterprise, its network devices, host assets and operating systems, applications, vulnerabilities, and user activities and behaviors.
High availability (HA) is a characteristic of a system which aims to ensure an agreed level of operational performance, usually uptime, for a higher than normal period.
High-availability clusters (also known as HA clusters , fail-over clusters or Metroclusters Active/Active) are groups of computers that support server applications that can be reliably utilized with a minimum amount of down-time.
High availability of virtual machines (VM) is a critical requirement for enterprises for running their key workloads
Virtual Machine HA (VM HA) implements high availability at the hypervisor level by replicating and restarting full virtual machines, while Application HA implements high availability at the application level by replicating only application data and restarting the application
Nutanix, Inc. is a cloud computing company that sells hyper-converged infrastructure (HCI) software, cloud services (such as Desktops as a service, Disaster Recovery as a service, and cloud monitoring), and software-defined storage
Hyper-converged infrastructure (HCI) is a software-defined IT infrastructure that virtualizes all of the elements of conventional “hardware-defined” systems. HCI includes, at a minimum, virtualized computing (a hypervisor), software-defined storage and virtualized networking (software-defined networking). HCI typically runs on commercial off-the-shelf (COTS) servers. The primary difference between converged infrastructure (CI) and hyper-converged infrastructure is that in HCI, both the storage area network and the underlying storage abstractions are implemented virtually in software (at or via the hypervisor) rather than physically, in hardware. Because all of the software-defined elements are implemented within the context of the hypervisor, management of all resources can be federated (shared) across all instances of a hyper-converged infrastructure.
Hyper-converged infrastructure (HCI) combines common datacenter hardware using locally attached storage resources with intelligent software to create flexible building blocks that replace legacy infrastructure consisting of separate servers, storage networks, and storage arrays.
Access Control: Identity and Access Management
Customer (or consumer) identity and access management (CIAM) is a subset of the larger concept of identity access management (IAM). IAM itself a concept within Role Base Access Control (RBAC). Several most popular CIAM products such as Ping Identity, WSO2 Identity Server, 1Password, LastPass, and Okta, including ForgeRock Access Management, ForgeRock Identity Gateway.
ISO/IEC 24760-1 A framework for identity management—Part 1: Terminology and concepts
ISO/IEC 24760-2 A Framework for Identity Management—Part 2: Reference architecture and requirements
ISO/IEC DIS 24760-3 A Framework for Identity Management—Part 3: Practice
ISO/IEC 29115 Entity Authentication Assurance
ISO/IEC 29146 A framework for access management
ISO/IEC CD 29003 Identity Proofing and Verification
ISO/IEC 29100 Privacy framework
ISO/IEC 29101 Privacy Architecture
ISO/IEC 29134 Privacy Impact Assessment Methodology
Information Security Technologies
Information Security also complex field as it is related also with Information Operation field. Log Monitoring vs Log Management vs (Data) Log Analytics can this technology can be used for diferent purpose e.g (negative security purpose) Identifying Security Breach vs Gaining the pattern of user (positive, understanding user buying behaviour).
For example, Splunk, Mint and Elasticsearch (ELK: Logstash, Kibana) can be considered as different tools with totally different purpose.
– Web Analytics Tools
– Log Management and Analytics
– Information Retrieval Libraries
– Search Engine & Content Analytics
– Big Data
Just imagine like WordPress that can be use as Blog, E-commerce or even Discussion Forum.
Note:
Qualys: Vulnerability Management, Cloud Security
Kibana: Data visualization dashboard for Elasticsearch.
NIST Cybersecurity Framework v1.1 (2014/2018) ref
NIST SP 800-53 Rev. 4
ISA 62443-3-3:2013
Cybersecurity assurance standards
Product assurance:
– ISO/IEC 15408, Common Criteria
– ISO/IEC 19790, Security requirements for cryptographic modules
(similar to NIST FIPS 140-2)
– ISO/IEC TR/19791, Security assessment of operational systems
Process assurance:
– ISO/IEC 21827, SSE capability maturity model (SSE-CMM®)
– ISO/IEC 17799, Code of practice for information security Mgmt
– COBIT – Control objectives for information and related technology
– draft ISA S99 standards: Concepts and process guidance
Quality assurance: ISO 9000
Environment assurance: ISO 14000
IEC 62443: Industrial Network and System Security