Introduction to Security
IT security has become more complex than ever, with new threats and challenges emerging every day. Navigating this landscape can feel overwhelming, especially when confronted with a barrage of technical terms and acronyms. The purpose of this page is to provide an outline of the most common and critical security terms, helping you better understand and engage in cybersecurity conversations.
Reactive Security:
Reactive security focuses on identifying and responding to security incidents after they have occurred. It involves detecting, containing, and mitigating the damage caused by an attack or breach.
Example: Traditional antivirus software often takes a reactive approach, detecting malware signatures after an infection has already occurred and quarantining the malware.
Characteristics:
- Focuses on incident response and recovery.
- Employs tools like Intrusion Detection Systems (IDS), Security Information and Event Management (SIEM), and EDR (Endpoint Detection and Response) to monitor and detect threats in real-time.
- Often involves forensic analysis to understand how the breach occurred and how to prevent future incidents.
Preventative Security:
Preventative security is designed to stop attacks before they happen by implementing measures that reduce vulnerabilities and strengthen the organization’s defense. The goal is to prevent attacks from succeeding, making it difficult or impossible for attackers to gain access.
Example: Deploying IGEL OS on endpoints is a prime example of preventative security. By creating a hardened, secure operating system with minimal attack surface and centralized management, IGEL OS prevents many types of threats from taking hold at the endpoint.
Characteristics:
- Uses network segmentation, data encryption, and endpoint hardening to prevent unauthorized access and data breaches.
- Solutions like Zero Trust Architecture (ZTA) and IGEL OS proactively defend against attacks by ensuring that each access request is verified, and that endpoints themselves are resistant to compromise.
The Seven Layers of Cybersecurity
Threat Terms You Should Know.
Zero Trust Architecture (ZTA)
A security model that assumes no user or system—whether inside or outside the network—should be trusted by default. It operates on the principle of "never trust, always verify" and enforces strict identity verification, access controls, and continuous monitoring for every request made to access resources.
Key Concepts:
- Least Privilege Access: Users and devices are granted the minimal level of access they need to perform their jobs, reducing the attack surface.
- Micro-Segmentation: Networks are divided into smaller zones to contain threats and limit lateral movement within the network.
- Continuous Authentication and Authorization: Users and devices must prove their identity at each step, not just at the initial login, using strong identity verification techniques like Multi-Factor Authentication (MFA).
- Device Posture: Verification of the security status of devices before granting access, ensuring they are patched, secured, and compliant.
Acronyms Related to Zero Trust:
- ZTA (Zero Trust Architecture): The overall framework for implementing the "never trust, always verify" philosophy.
- IAM (Identity and Access Management): Systems that manage and authenticate user identities are critical in Zero Trust, ensuring that users are continuously verified.
- PDP (Policy Decision Point): Part of Zero Trust, it makes the decision about whether to allow or deny access to resources.
- PEP (Policy Enforcement Point): This enforces the access decision made by the PDP, blocking or allowing requests based on security policies.
Technologies Involved:
- MFA (Multi-Factor Authentication): Ensures strong identity verification, an essential component of Zero Trust.
- EDR (Endpoint Detection and Response): EDR tools monitor devices for suspicious activity and are essential for securing endpoints in a Zero Trust environment.
- NAC (Network Access Control): Helps control which devices can connect to the network, evaluating whether a device complies with security policies before granting access.
- SIEM (Security Information and Event Management): Helps monitor and analyze activities across the network, providing the data needed for real-time monitoring and threat detection in Zero Trust.
How it Works:
- Verification of Every Request: Users and devices must prove their identity and security posture at every access attempt, regardless of location.
- Adaptive Access Controls: Policies can change dynamically based on context, such as the user's location, device, and behavior. For example, if a user suddenly logs in from a different country, they may be required to undergo additional verification.
- No Implicit Trust: Being inside the network does not mean users or devices are trusted. Every interaction is considered hostile unless verified.
Benefits of Zero Trust:
- Mitigation of Insider Threats: Since no one is trusted by default, Zero Trust helps reduce the risk of insider threats by ensuring that even users within the network are continuously authenticated.
- Improved Security in Remote Work: With many employees working remotely, Zero Trust ensures that devices and users accessing company resources are properly authenticated and monitored, even if they’re outside the traditional network perimeter.
- Containment of Breaches: By implementing micro-segmentation, Zero Trust can limit the spread of malware or attackers within a network, keeping breaches isolated.
Endpoint Security
Endpoint Security is critical because endpoints (like laptops, smartphones, and desktops) are often the first line of defense, and they are frequent targets of attacks. The focus of endpoint security is to detect, block, and respond to malicious activity that could compromise an organization's data, systems, or network.
Key Concepts:
Endpoint Security Features:
Endpoint Security in the Context of Zero Trust:
- Integration with Zero Trust Architecture (ZTA): In a Zero Trust model, each endpoint is treated as a potential threat, whether it's inside or outside the network.
- Continuous Monitoring: Endpoints are constantly monitored, and access to sensitive data is based on the endpoint’s security status (e.g., is it up-to-date? Is it compliant with security policies?).
- Strict Access Controls: Endpoints need to be authenticated every time they try to access resources, which aligns with Zero Trust principles.
- Least Privilege: Even if an endpoint is compromised, limiting user access rights minimizes the damage malware or a zero-day exploit can cause.
Acronyms for Endpoint Security:
- EPP (Endpoint Protection Platform): A suite of tools to prevent and detect security threats on devices.
- EDR (Endpoint Detection and Response): Solutions that provide real-time visibility into endpoint activities, detecting and responding to suspicious behavior.
- MDR (Managed Detection and Response): A service that provides round-the-clock monitoring and response to threats, combining EDR with human expertise.
- IoC (Indicator of Compromise): Evidence that a security breach may have occurred, such as unusual network traffic or file changes.
- IoA (Indicator of Attack): Signs that an attack is currently underway or about to happen.
Network Security
Network security aims to safeguard the infrastructure and data that flow through an organization’s network, ensuring that authorized users have access while unauthorized users and malicious activities are blocked. This includes defending against attacks like unauthorized access, malware propagation, data breaches, and denial-of-service (DoS) attacks.
Key Components of Network Security:
Acronyms and Technologies in Network Security:
- IDS/IPS (Intrusion Detection System/Intrusion Prevention System): Detects and prevents intrusions by monitoring network traffic for suspicious patterns.
- NAC (Network Access Control): Ensures that only compliant, authorized devices are allowed to access the network.
- WAF (Web Application Firewall): Monitors and filters incoming traffic to web applications to protect against common web-based attacks.
- DLP (Data Loss Prevention): Monitors data moving through the network and ensures it is not exposed to unauthorized parties.
- SIEM (Security Information and Event Management): Aggregates and analyzes logs from various network devices to detect suspicious activity.
- NDR (Network Detection and Response): Identifies and responds to abnormal network traffic indicative of cyber threats.
- TLS (Transport Layer Security): Ensures secure communications over a network by encrypting data in transit.
Data Security
Data security refers to protecting digital information from unauthorized access, breaches, or corruption. The goal is to ensure that data remains accurate, available to authorized users, and inaccessible to anyone else.
Key Concepts of Data Security:
Data Security Threats:
How IGEL can help reduce the TCO
Here are a list of third party tools you no longer need with IGEL.