Article

Types of cybersecurity

What is cybersecurity?

Cybersecurity is the practice of using technology, controls, and processes to protect digital networks, devices, and data from unauthorized access by malicious attackers or unintentional activity. It protects the confidentiality, integrity, and availability of information.

Ten types of cybersecurity

Many types of cybersecurity are employed to protect digital systems from malicious and accidental threats. It is helpful to understand the ten most commonly referenced types of cybersecurity.

  1. Application security
    Application security prevents unauthorized access and use of applications and connected data. Because most vulnerabilities are introduced during the development and publishing stages, application security includes many types of cybersecurity solutions to help identify flaws during the design and development phases that could be exploited and alert teams so they can be fixed.

    Despite best efforts, flaws do slip through the cracks. Application security also helps protect against these vulnerabilities.

    A subset of application security is web application security. It focuses on protecting web applications, which are frequently targeted by cyber attacks.
  2. Cloud security
    Cloud security focuses on protecting cloud-based assets and services, including applications, data, and infrastructure. Most cloud security is managed as a shared responsibility between organizations and cloud service providers.

    In this shared responsibility model, cloud service providers handle security for the cloud environment, and organizations secure what is in the cloud. Generally, the responsibilities are divided as shown below.
  3. Critical infrastructure security
    Special security processes and types of cybersecurity solutions are used to protect the networks, applications, systems, and digital assets depended on by critical infrastructure organizations (e.g., communications, dams, energy, public sector, and transportation). Critical infrastructure has been more vulnerable to cyber attacks that target legacy systems, such as SCADA (supervisory control and data acquisition) systems. While critical infrastructure organizations use many of the same types of cybersecurity as other subcategories, it is often deployed in different ways.
  4. Data security
    A subset of information security, data security combines many types of cybersecurity solutions to protect the confidentiality, integrity, and availability of digital assets at rest (i.e., while being stored) and in motion (i.e., while being transmitted).
  5. Endpoint security
    Desktops, laptops, mobile devices, servers, and other endpoints are the most common entry point for cyber attacks. Endpoint security protects these devices and the data they house. It also encompasses other types of cybersecurity that are used to protect networks from cyber attacks that use endpoints as the point of entry.
  6. IoT (Internet of Things) security
    IoT security seeks to minimize the vulnerabilities that these proliferating devices bring to organizations. It uses different types of cybersecurity to detect and classify them, segment them to limit network exposure, and seek to mitigate threats related to unpatched firmware and other related flaws.
  7. Mobile security
    Mobile security encompasses types of cybersecurity used to protect mobile devices (e.g., phones, tablets, and laptops) from unauthorized access and becoming an attack vector used to get into and move networks.
  8. Network security
    Network security includes software and hardware solutions that protect against incidents that result in unauthorized access or service disruption. This includes monitoring and responding to risks that impact network software (e.g., operating systems and protocols) and hardware (e.g., servers, clients, hubs, switches, bridges, peers, and connecting devices).

    The majority of cyber attacks start over a network. Network cybersecurity is designed to monitor, detect, and respond to network-focused threats.
  9. Operational security
    Operational security covers many types of cybersecurity processes and technology used to protect sensitive systems and data by establishing protocols for access and monitoring to detect unusual behavior that could be a sign of malicious activity.
  10. Zero trust
    The zero trust security model replaces the traditional perimeter-focused approach of building walls around an organization’s critical assets and systems. There are several defining characteristics of the zero trust approach, which leverages many types of cybersecurity.

    At its core, zero trust is based on several practices, including:
    1. Continuously verifying users’ identity
    2. Establishing and enforcing the principle of least privilege for access, granting only the access that is explicitly required for a user to perform a job and only for as long as that access is required
    3. Microsegmenting networks
    4. Trusting no users (i.e., internal or external)

Cybersecurity subcategories

Many of the solutions within each of these types of cybersecurity are used across subcategories, including the following.

Anti-malware or anti-virus software

Anti-malware, also called anti-virus software, is a type of software designed to protect digital systems from malicious software, such as viruses, worms, and trojans that spread malware like keyloggers, spyware, adware, and ransomware. These programs continuously scan for malware and can automatically quarantine or remove it when it is detected.

Data backup

Data backup is considered a critical component of a robust cybersecurity strategy. Having readily accessible copies of data facilitates a rapid recovery in the event of a cyber attack, especially in the event of a ransomware attack.

Data backups involve creating and storing duplicates of critical information. A best practice for data backups is to use the 3-2-1 method, which stores three copies of data. Two copies are stored on different types of storage media, and one copy is stored at an offsite location.

Data loss prevention (DLP)

Data loss prevention solutions identify and prevent unauthorized sharing, transfer, or use of data on on-premise systems, cloud environments, and endpoint devices (e.g., end-user systems). Used to protect sensitive information, DLP plays a vital role in preventing data breaches and other inappropriate data exfiltration. DLP solutions protect information in motion, in use, and at rest.

Encryption

Encryption is a cybersecurity tool that encodes data into an unreadable format that can only be decoded with a unique key. The most widely used type of encryption is the Advanced Encryption Standard (AES), which uses a symmetric encryption algorithm to encode data. Once encrypted, the information is protected from unauthorized viewing or modification. This makes encryption a cornerstone of data security but, unfortunately, a powerful weapon in the hands of threat actors who use it for malicious purposes, such as ransomware attacks.

Endpoint detection and response (EDR)

Endpoint detection and response continuously monitor endpoint devices, such as desktop systems, laptops, servers, smartphones, tablets, virtual machines, workstations, and IoT devices (e.g., cameras, printers, and scanners), to identify and proactively respond to cyber threats.

Also referred to as endpoint threat detection and response (EDTR), EDR solutions also provide insights to help security teams respond to threats. These tools track what happened in the event of an incident, including the point of entry, the scope of the spread, and recommendations for how to mitigate it. EDR systems can also perform automatic actions when threats are detected, such as sending alerts and quarantining affected systems.

Enterprise mobility management (EMM)

With enterprise mobility management, organizations can secure employees’ use of mobile devices, including bring your own device (BYOD), wireless networks, and mobile applications. EMM also helps IT departments more easily distribute and update applications on mobile devices.

Firewalls

Firewalls are a type of network security system that monitors and controls traffic coming into and out of a network. Usually positioned between public or untrusted networks (e.g., the internet) and private networks or intranets, firewalls stop unauthorized or malicious traffic from moving in or out of networks. Traffic content is assessed based on an established set of security rules. The three types of firewalls are hardware-based appliances, software-based systems, and those that are hosted and offered as a cloud service.

Identity and access management (IAM)

Identity and access management (IAM) is a collection of cybersecurity technology, policies, and processes that are used to protect data, applications systems, and services located on-premises, remote locations, and in the cloud. The components of IAM solutions are used in concert to control access to digital resources by managing and maintaining users’ digital identities and associated access privileges throughout their lifecycle. These tools ensure that users (i.e., human and non-human) have access to the digital resources that they need when they need them while restricting excessive or unauthorized access.

Intrusion detection and prevention system (IDPS)

An intrusion detection and prevention system (IDPS) combines the capabilities of intrusion detection and intrusion prevention into a single solution. These tools provide end-to-end network protection by monitoring for and identifying suspicious activity, alerting security personnel, and automating responses to mitigate and remediate threats.

Multi-factor authentication (MFA)

Multi-factor authentication is a layered security approach for controlling access to digital systems. With MFA, users are required to provide two or more factors (i.e., unique identifiers) before gaining access to a resource. Three types of factors are commonly used for MFA: Knowledge or something you know (e.g., password), possession or something you have (e.g., a smartphone or token), and inherence or something you are (e.g., fingerprint or iris scan).

Network access control (NAC)

Network access control is a subset of identity and access management that is focused on protecting networks from unauthorized access by people, systems, or applications. NAC solutions enforce policies that ensure that only authenticated users can gain access.

Next-generation firewall (NGFW)

Next-generation firewalls add advanced functionality to traditional firewall capabilities to enhance threat detection and response. NGFWs not only detect threats but prioritize them and offer recommendations for remediation that cannot be handled automatically. Additional capabilities found in NGFWs are application awareness and control, deep packet inspection, intrusion prevention, threat intelligence, and malware protection.

Secure access service edge (SASE)

A secure access service edge (SASE) (pronounced “sassy”) is a cloud-native architecture used to provide a wide area network and security controls as a cloud service. It unifies SD-WAN and security functions, such as secure web gateway (SWG), cloud access security broker (CASB), firewall as a service (FWaaS), and zero trust network architecture (ZTNA) into one cloud service.

Security information and event management (SIEM)

Security information and event management solutions combine security event data from logs and then apply rules and statistical correlations to identify threats. Security teams rely on SIEMs to detect threats in real-time and direct actions to remediate or mitigate them. Insights provided by SIEMs are also used to manage incident response and identify root causes of incidents during forensic investigations.

Security orchestration, automation, and response (SOAR)

Security orchestration, automation, and response systems integrate separate security tools. This integration helps security teams more efficiently coordinate and automate repetitive tasks as well as streamline incident and threat response workflows. The three primary capabilities combined in a SOAR tool are threat management, incident response, and automation of security operations.

Threat intelligence

Threat intelligence is the result of gathering, analyzing, and interpreting data related to security threats. There are three types of threat intelligence—strategic, tactical, and operational. Threat intelligence is generated internally using data from an organization’s systems and externally by third parties.

User and entity behavior analytics (UEBA)

User and entity behavior analytics leverages machine learning algorithms and other advanced analytics approaches to identify unusual user (i.e., human and non-human) and device behavior that could be indicators of security threats. UEBA solutions can help security teams proactively detect lateral movement, the use of compromised credentials, and other malicious behavior.

Virtual private networks (VPNs)

A virtual private network extends a private network across one or more networks that are public, untrusted, or require isolation. VPNs create a virtual tunnel in which data is encrypted and internet protocol (IP) addresses are masked to provide privacy and data protection.

Web application firewalls (WAFs)

A web application firewall protects web applications, mobile apps, and APIs by filtering and monitoring HTTP traffic. WAFs stop attacks application-layer attacks, such as cross-site scripting (XSS), cross-site forgery, cookie poisoning, file inclusion, and SQL injection.

How cybersecurity threats have evolved

Types of cybersecurity threats have changed significantly since 1965, when the first computer vulnerability was exploited. The following is a brief timeline of notable incidents.

1965: Software vulnerability

William D. Mathews from the Massachusetts Institute of Technology (MIT) found a flaw in a Multics Compatible Time-Sharing System (CTSS), the first general-purpose time-sharing operating system. The vulnerability could be used to disclose the contents of the password file. This is widely held to be the first reported vulnerability in a computer system.

1970: Virus

Bob Thomas created the first virus and unleashed the first cyber attack. Meant as a joke, the program moved between computers and displayed the message, “I’m the creeper, catch me if you can.” In response, his friend, Ray Tomlinson, wrote a program that moved from computer to computer and duplicated itself as it went. The message was changed to “I’m the reaper, catch me if you can.” While these were intended to be practical jokes, they started what would evolve into the advent of malicious cyber attacks.

1989: Worm

The Morris Worm, created by Robert Morris to determine the size of the internet, ended up being responsible for the first-ever denial-of-service (DoS) attack. With an initial infection, the worm slowed computers, but by infecting the same system multiple times, the worm was able to cause systems to crash.

1989: Trojan

The first ransomware attack was perpetrated at the 1989 World Health Organization’s AIDS conference when Joseph Popp distrusted 20,000 inflected floppy discs. Once booted, the discs encrypted users’ files and the threat actors demanded payment to unencrypt them.

1990s: Fast-spreading, malicious viruses

Particularly virulent viruses began to emerge in the 1990s, with the I LOVE YOU and Melissa viruses spreading around the world, infecting tens of millions of systems and causing them to crash. These viruses were distributed via email.

Early 2000s: Advanced persistent threats (APTs)

The early 2000s saw the rise of advanced persistent threats (APTs), with the Titan Rain campaign aimed at computer systems in the US and believed to have been initiated by China. Perhaps the most famous ATP is the Stuxnet worm that was used to attack Iran’s SCADA (supervisory control and data acquisition) systems in 2010, which were integral to their nuclear program.

Early 2000s: Ransomware-as-a-service

The first ransomware-as-a-service, Reveton, was made available on the dark web in 2012. This allowed those without specialized technical abilities to rent a ransomware system, including collecting payments.

The 2013 emergency of the CryptoLocker ransomware marked a turning point for this malware. CryptoLocker not only used encryption to lock files, but was distributed using botnets.

2016: Botnets used to attack IoT devices

As the Internet of Things (IoT) exploded, this became a new attack vector. In 2016, the Mirai botnet was used to attack and infect more than 600,000 IoT devices worldwide.

2020: Supply chain attack

In 2020, a vulnerability in one enterprise organization’s network management system software was exploited by a group believed to be working with Russia. More than 18,000 customers were impacted when they deployed a malicious update that came from the compromised organization.

Present

Traditional cyber attack methods continue to be widely used because they remain effective. These are being joined by evolving versions that take advantage of machine learning (ML) and artificial intelligence (AI) to increase their reach and efficacy. Ironically, many of these attack methods take advantage of the technology that cybersecurity solutions use to thwart them.

Gen V attacks

Categorized as Mega attacks, Gen V is the latest generation of cyber threats. Gen V cyberattacks, which emerged in 2017, use large-scale, multi-vector approaches to target IT infrastructure with advanced attack technologies.

These cyber threats are believed to originate with state organizations that leak the technology to public cyber criminals. The hallmark of Gen V cyber attacks is that they attack multiple vectors and are polymorphic, changing as they move around and acting differently on different systems. NotPetya and WannaCry are examples of Gen V cyber attacks.

Supply chain attacks

Supply chain attacks have evolved with other attack vectors, since the same technologies and approaches are usually used. Supply chains have become a target for cyber criminals because these organizations provide an easier point of entry to specific enterprises than attacking those larger companies directly. Supply chain attack targets can be used to gain access to many organizations connected with the target.

Ransomware

Ransomware has seen a fast and virulent evolution due to its efficacy and profitability. Attacks have escalated in terms of the scope of what is held hostage and level of threats. Ransomware is used for extortion, with extorters threatening to disclose information or destroy vital data if the ransom terms are not met. Ransomware-as-a-service has also made it much more accessible to cybercriminals.

Phishing

Phishing attacks persist as a preferred attack vector for cyber criminals, but new approaches are emerging to evade cybersecurity measures, such as using QR codes to direct users to malware. There has also been an increase in multi-stage attacks to bypass multi-factor authentication.

Spear phishing and whale phishing are also on the rise. These approaches target specific individuals with messages developed using in-depth research to increase effectiveness. Phishing attacks are also increasing due to the increase in phishing kits sold on the dark web.

Malware

Malware continues to evolve by augmenting or changing legacy software using the latest technologies. Gen V cyber attacks leverage these newly updated malware packages.

What is a consolidated cybersecurity architecture?

A consolidated security architecture creates a single point of control for managing multiple types of cybersecurity solutions. When there were fairly limited types of cybersecurity products, it was possible to manage point solutions to defend against different threats and use cases. As the number of types of cybersecurity increased, the move to a unified approach was driven by:

  1. A growth of remote workforces that dissolved security perimeters and multiplied threat vectors as users connected from disparate points with varying degrees of protection.
  2. An endpoint explosion that started with desktop and laptop systems and grew to a great sprawl of connected devices, including mobile phones, tablets, and IoT devices.
  3. Increased complexity as new types of cybersecurity solutions were added to the defense mix to address new threats and hybrid environments (i.e., on-premises systems and users along with cloud systems and applications) that were difficult to monitor and manage.
  4. A need for more sophisticated types of cybersecurity to combat more adept cyber attackers with more advanced threats that could not be detected with legacy security tools.

A consolidated cybersecurity architecture was created to solve for these issues by integrating different types of cybersecurity and aggregating them under a centralized, scalable control platform. With this new model, specialized cybersecurity could be leveraged in the fight against threats and risks more cost-effectively and efficiently. A consolidated cybersecurity architecture delivers a number of benefits, including:

  1. Eliminating overlapping functionality that comes with disparate cybersecurity deployments
  2. Expediting the creation of rules and reports
  3. Filling gaps in security coverage due to multiple solutions’ inability to communicate and work together cohesively
  4. Maximizing efficacy of machine learning (ML) and artificial intelligence (AI) to improve detection capabilities and accelerate response times
  5. Providing broad visibility across all cybersecurity functions in the organization
  6. Reducing the expenses associated with purchasing and implementing different types of cybersecurity
  7. Reducing the number of tools and vendors needed to perform different cybersecurity functions
  8. Shifting to an integrated security approach that enhances cybersecurity posture
  9. Simplifying threat monitoring and prevention as well as incident response
  10. Streamlining management and maintenance of the many types of cybersecurity
  11. Unifying cybersecurity solutions to enable protection across all attack surfaces (e.g., networks, devices, and applications)

Many types of cybersecurity are needed to combat cybercrime

Cybercrime, attack surfaces, and attack methods continue to grow and evolve, getting more complex with time. The good news is that there are many types of cybersecurity solutions to combat cyber criminals. Taking time to understand the relevant threats and vulnerabilities helps organizations find the right mix of cybersecurity solutions and the best ways to deploy them.

DISCLAIMER: THE INFORMATION CONTAINED IN THIS ARTICLE IS FOR INFORMATIONAL PURPOSES ONLY, AND NOTHING CONVEYED IN THIS ARTICLE IS INTENDED TO CONSTITUTE ANY FORM OF LEGAL ADVICE. SAILPOINT CANNOT GIVE SUCH ADVICE AND RECOMMENDS THAT YOU CONTACT LEGAL COUNSEL REGARDING APPLICABLE LEGAL ISSUES.

Answers to frequently asked questions about types of cybersecurity

What are the seven layers of cybersecurity?

1. Human—Focuses on user behavior and awareness and includes security awareness training, phishing simulations, clear policies, role-based awareness, and insider threat programs.
2. Network—Protects data in motion and segments traffic to limit blast radius with controls that include segmentation, firewalls, an Intrusion Detection System/Intrusion Prevention System (IDS/IPS), secure routing, and virtual private networks (VPNs).
3. Perimeter—Edge defenses that filter external threats before they reach internal systems, such as email and web gateways, reverse proxies, next-gen firewalls, and secure remote access gateways.
4. Endpoint—Protects individual devices (e.g., laptops, servers, and mobile devices) using configuration hardening, disk encryption, device controls, email and web gateways, endpoint detection and response (EDR), and antivirus.
5. Application—Ensures software is designed, built, and run securely with secure software development lifecycle (SDLC) practices, static application security testing and dynamic application security testing (SAST/DAST), runtime application protection, input validation, and web application firewalls (WAFs).
6. Data—Focuses on protecting the asset itself across its lifecycle with data classification, encryption, backup and retention controls, and data loss prevention.
7. Identity—Governs who can access what using identity and access management (IAM), single sign-on (SSO), multi-factor authentication (MFA), least-privilege access controls, and privileged access management.

What are the five Cs of cybersecurity?

The five Cs of cybersecurity are change, continuity, cost, compliance, and coverage.
1. Change refers to the dynamic nature of the threat landscape and the need for ongoing adaptation of security measures as new vulnerabilities and attack vectors emerge.
2. Continuity focuses on ensuring that critical operations remain functional, even in the face of a cyber incident, by establishing robust incident response and recovery plans.
3. Cost emphasizes the importance of balancing cybersecurity investments with organizational resources to deliver protection that is both effective and financially sustainable.
4. Compliance addresses the requirement for organizations to adhere to relevant laws, regulations, and industry standards to avoid legal penalties and maintain customer trust.
5. Coverage pertains to the need for comprehensive protection over all digital assets, networks, devices, and users to eliminate security gaps that malicious actors can exploit.

What are evolving threats in cybersecurity?

Evolving threats in cybersecurity are attack techniques or adversary behavior that change over time to evade existing defenses and adapt to new technology. Because they adapt quickly, defending against evolving threats requires continuous threat intelligence, behavior-based detection, rapid patching, and regular control updates. Examples of evolving threats include:

What is DevSecOps?

DevSecOps (development, security, and operations) is the operational bridge between cybersecurity and modern engineering practices. DevSecOps integrates security into the development pipeline using automated testing, shift-left practices (i.e., run security early in the design, code, and build stages), infrastructure-as-code scanning, and deployment gates.

With DevSecOps, systems have fewer vulnerabilities shipped, which means reduced risk from supply chain attacks.

What are managed security services?

Managed security services (MSS) are outsourced cybersecurity functions provided by managed security service providers (MSSPs) or specialist vendors. Among the many managed security services offered are:

  • Compliance support
  • Digital forensics and incident response (DFIR)
  • Log management as a service
  • Managed detection and response (MDR)
  • Managed firewalls
  • Security operations centers (i.e., SOC as a service)
  • Threat intelligence and hunting
  • Vulnerability scanning and patch management
How do emerging technologies like artificial intelligence (AI) impact cybersecurity?

AI is a cybersecurity force multiplier for both defenders and attackers.

Among the ways defenders leverage AI for cybersecurity include:

  • Faster anomaly detection and triage
  • Automated log correlation and playbook execution
  • Prioritized vulnerability discovery
  • Improved threat-hunting at scale

Several ways that attackers use AI include:

  • More scalable, convincing, and dynamic attacks
  • AI-generated social engineering and deepfakes
    • Automated reconnaissance and exploit generation
    • Prompt injection or data exfiltration against AI services
    • Machine learning support to evade detections
What are some current and future trends in cybersecurity?

As technology rapidly evolves, so do the cybersecurity threats and challenges. Several of the widely cited trends expected to impact cybersecurity are:
1. AI and machine learning
The use of artificial intelligence (AI) and machine learning (ML) in cybersecurity defenses and offensive use by malicious actors is accelerating. AI and ML will continue to speed detection, triage, and automation. Meanwhile, attackers are increasing their use of agentic AI and ML tools for scalable phishing, automated exploits, and evasive malware.
2. Identity-first security
Identity is becoming the primary control plane with continuous authentication, passwordless authentication, multi-factor authentication (MFA), and privileged access management (PAM) as perimeter boundaries blur and vanish.
3. Zero trust
Network architectures will continue to shift to zero-trust security in networking stacks for consistent policy enforcement across cloud and remote users. Zero trust forces continuous verification and least-privilege access to limit damage from compromised users or devices, which is critical for exponentially expanding attack surfaces.
4. AI security governance
Regulations are expected to require AI governance and risk frameworks. This will likely include rules and guidance (e.g., NIST’s AI Risk Management Framework), as well as AI model governance requirements, provenance, and explainability.
5. Quantum computing and risk
Quantum computing is expected to have a major impact on cybersecurity, as it holds the potential to break traditional encryption methods. Attackers are already conducting attacks to exfiltrate encrypted data with the intent to "harvest now, decrypt later" (i.e., attackers capture and store encrypted communications or data today so they can decrypt it in the future when they obtain keys, breakthroughs in computing, or quantum computing enable today’s codes to be broken).
6. Connected devices
As connected devices (e.g., Internet of Things (IoT), Operational Technology (OT), and Industrial Control Systems (ICS) continue to proliferate, threats will increase. Security solutions will have to be optimized and created to address this segment of the attack surface, which is very vulnerable today.

What are some examples of the importance and impact of cybersecurity?

Several examples of why cybersecurity is important and how it addresses specific challenges are:

  • Preventing data breaches by stopping sensitive information from being stolen and sold to avoid reputational damage, financial losses, and regulatory penalties and fines.
  • Protecting financial systems and e-commerce by securing online payments and banking platforms so commerce can operate safely.
  • Keeping critical infrastructure operational by preventing damage or disruption to power grids, water systems, transportation infrastructure, and hospitals.
  • Enabling digital transformation and cloud adoption by providing organizations with the controls and assurances needed to securely move services to cloud, software-as-a-service (SaaS), and mobile platforms.
  • Protecting intellectual property by preventing theft of trade secrets, product plans, and research and development (R&D) work.
  • Reducing operational downtime and recovery costs by implementing incident response systems and processes that limit outage scope and speed recovery to minimize operational interruption losses.
  • Enabling safe use of new technology (e.g., AI and IoT) by protecting emerging systems from catastrophic failures or security breaches.
  • Lowering long-term costs through risk reduction by using cybersecurity proactively to reduce the costs of breaches, remediation, compliance failures, brand damage, and increased cyber insurance premiums.
Date: December 24, 2025Reading time: 19 minutes
CybersecurityMitigating risk

Get started

See what SailPoint identity security can do for your organization

Discover how our solutions enable modern enterprises today to meet the challenge of ensuring secure access to resources without compromising productivity or innovation.

Request a demoContact us