Lecture 5. Information security

Suppliers
and cybersecurity tools
According to its legal regime, information is divided into: 
• Confidential information is information that is in the possession, use or control of certain individuals or legal entities and is disseminated at their request in accordance with the conditions stipulated by them.
• Secret information is information that contains information that constitutes state and other secrets provided for by law (banking, commercial, official, professional, lawyer), the disclosure of which may cause harm to a person, society and the state.


Cybersecurity vendors typically offer a variety of security products and services. Common security tools and systems include:
Identity and access management (IAM)
IAM – is a set of technologies for digital identity, including account, synchronisation, management, etc. Each user should have the right access to the right resources at the right time


Firewalls
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block certain traffic based on a defined set of security rules.


Endpoint protection
Endpoint security is a network security management system that focuses on the endpoints of a network or individual devices, such as workstations and mobile devices, that access the network. The term also describes specific software packages that provide endpoint security


Antimalware/antivirus
An antivirus is any resource that protects computers and systems from malicious software, including viruses, spyware, and other malicious programs.


Intrusion prevention/detection systems (IPS/IDS)
An intrusion detection system (IDS) is a solution that monitors network events and analyses them to detect security incidents and impending threats.
An Intrusion Prevention System (IPS) is a solution that performs intrusion detection and then goes one step further and prevents any threats that are detected.


Data loss prevention (DLP)
DLP - is an approach or set of strategies consisting of tools or processes that, when used by a network administrator, can ensure that sensitive data is not accessed, misused or lost by unauthorised users.


Endpoint detection and response
Endpoint Detection and Response (EDR) is an integrated, multi-layered approach to endpoint protection that combines continuous real-time monitoring and analysis of endpoint data with automated, rule-based response.


Security information and event management (SIEM)
Security Information and Event Management (SIEM) is a security solution that helps organisations identify and remediate potential threats and vulnerabilities before they have a chance to disrupt business operations.


Encryption tools
Data encryption tools are types of software that convert pre-read data into a sequence that looks like a completely unintelligible string of text. These tools use a unique encryption algorithm known as ciphertext to mask information.


Vulnerability scanners
Vulnerability scanners are software or hardware tools for diagnosing and monitoring networked computers that allow you to scan networks, computers, and applications to identify possible security issues and assess and remediate vulnerabilities.


Virtual private networks (VPNs)
A virtual private network, or VPN, is an encrypted connection over the Internet from your device to a network. An encrypted connection helps ensure the secure transmission of sensitive data. It prevents unauthorised parties from eavesdropping on traffic and allows users to work remotely. VPN technology is widely used in the corporate environment.


Cloud workload protection platform (CWPP)
A Cloud Workload Protection Platform (CWPP) is a security tool that detects and remediates threats inside cloud software. CWPP is like a car mechanic who detects defects and breakdowns in a car engine before they cause further damage - only it checks the inside of cloud services, not the car. CWPP automatically monitors a wide range of workloads, including physical on-premises servers, virtual machines, and serverless functions.


Cloud access security broker (CASB)
A Cloud Access Security Broker (CASB) is an on-premises or cloud-based security policy enforcement point that sits between cloud consumers and cloud service providers to merge and interoperate corporate security policies when accessing cloud resources. Think of CASB as a sheriff that enforces the laws set by cloud service administrators.