Cybersecurity is a critical part of managing risk in today’s climate. Organizations across the globe are feeling the toll of cybercrime, and maintaining business continuity rests on their ability to protect their network and data. To do this successfully, it’s important to understand the different types of cybersecurity and how they defend against cyber threats.
There’s no industry standard for the exact types of cybersecurity, and some of the categories overlap. Many cybersecurity solutions also fall into more than one of the category buckets. But the different types of cybersecurity serve the same purpose: to ensure the confidentiality, integrity, and availability of your data and to protect your cyber assets.
Cybersecurity: Protecting Your Cyber Resources
Many people use the terms cybersecurity and information security (or infosec) interchangeably. The two disciplines are related, but there’s one major distinction. Infosec focuses on all types of information, whether it’s in physical or digital form. Cybersecurity is only concerned with protecting the systems and data that rely on computers and the internet.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) defines cybersecurity as “the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.” The definition from the National Institute of Standards and Technology (NIST) is even simpler: “the ability to protect or defend the use of cyberspace from cyberattacks.”
With these two definitions in mind, let’s take a closer look at some of the types of cybersecurity that you should consider.
Network security is a broad term that includes the activities and controls designed to protect the integrity of your networking infrastructure — defending the network and the data against threats, unauthorized access, intrusions, breaches, misuse, and so forth. The controls come in three forms:
- Physical, which prevents unauthorized physical access to the network infrastructure, including data centers, routers, and servers
- Technical, which protects the data within the network, whether stored or in transit
- Administrative, which includes the security processes and policies that control the network access
Common threats to the network include:
- Malware and viruses
- Insiders (including employees and contractors)
- Malicious hackers
- Denial of service (DoS) and distributed denial of service (DDoS) attacks
- Hardware, firmware, or software vulnerabilities
In broad terms, this type of cybersecurity ensures that your entire underlying network infrastructure, from devices and applications to end-users, is working securely. Since the network is an integral part of their IT ecosystem, this is an area where organizations focus a large part of their security efforts.
A large variety of cybersecurity technologies and tools can help you implement best practices and controls for protecting the network. Some of the many network security solutions include:
Firewalls: These network security software or hardware devices monitor the traffic that travels across your network and blocks unwanted traffic based on rules and policies that you define. Think of firewalls as the gatekeepers or filters between the network and the outside world.
Intrusion detection systems (IDS) and intrusion protection systems (IPS): These devices also monitor traffic, while analyzing behaviors and activities to identify potential attacks. An IPS goes one step farther than IDS by analyzing network packets and having the ability to reject a packet.
Virtual private networks (VPNs): This software establishes a secure, encrypted connection to the network from another network or device. The VPN protects the transmission of data, as well as preventing unauthorized access to the network through techniques such as traffic eavesdropping.
Endpoint security could be considered a subset of network security. But endpoints deserve a separate look in today’s hybrid, mobile workplace, where the network perimeter is no longer defined and employees are using both personal and corporate devices to access the network assets and resources from anywhere.
Endpoints that need to be secured include a range of devices, including:
- Desktops and laptops
- Mobile devices such as smartphones and tablets
- Network devices such as modems and switches
- Connected, or Internet of Things (IoT) devices, including connected printers, smart assistants, and sensors
The same type of threats that affect the network can also impact endpoints. In addition to those mentioned earlier, some of the other threats include:
- Social engineering and phishing
- Credential theft
Trends such as workplace mobility, remote work, and bring your own device (BYOD) create additional risks and complexities for securing endpoints, as well as additional concerns about shadow IT.
As with the network, endpoint security needs multiple layers of defenses. Common types of endpoint security solutions and best practices include:
Endpoint protection platforms (EPP) and endpoint detection and response (EDR): EPP solutions, such as antivirus and antimalware, typically protect devices against signature-based attacks, stopping known threats from entering the endpoint. EDR, on the other hand, is designed to identify threats that get past those defenses, based on behavior analysis.
Disk encryption: In the event of a system compromise, encryption at the device level protects the privacy of your data by rendering the data useless to the attackers. Encryption protects data whether unauthorized access is by physical means (e.g., due to a stolen or lost laptop) or through the internet (e.g., due to a cyberattack).
Mobile device management (MDM): Mobile devices come with their own set of risks, and MDM protects these endpoints from hacking, data leaks, and other threats. Another way to address the risk of mobile devices is through mobile identity management. Integrating MDM with your identity and access management solution provides additional benefits, such as the implementation of multi-factor authentication.
Cloud security refers to the technology, policies, and processes you use to mitigate the security risks of cloud computing, whether you’re using public, private, or hybrid clouds. This type of cybersecurity has several unique challenges, such as:
- Visibility: Your in-house IT or security team has less visibility into the data stored in the cloud because the services are accessed outside the network and are managed by a third-party provider.
- The multi-cloud: About three-quarters of organizations have multi-cloud environments, and this trend will likely continue to grow.
- Compliance: The reliance on an outside provider when you use the public cloud adds another layer to your regulatory compliance management process.
Another challenge comes from the shared-responsibility model that cloud providers use for security, regardless of whether they’re delivering software-as-a-service (SaaS), platform-as-a-service (PaaS), infrastructure-as-a-service (IaaS), or a different type of cloud service. The responsibilities differ depending on the type of cloud you’re consuming, but in general terms:
- The provider is responsible for the security “of” the cloud, or the underlying infrastructure
- The cloud consumer (your organization) is responsible for the security “in” the cloud, or the cloud assets such as data and the management
Some of the security solutions and best practices to consider for securing the cloud are:
Cloud access security broker (CASB): Misconfigurations are a common cause of data breaches and data leaks in the cloud. A CASB solution can help identify misconfigurations, as well as provide additional security through access controls and other features.
Identity and access management (IAM): Identity and access management refers to a framework that authenticates and authorizes access, and IAM solutions work to prevent unauthorized access across your environment, including your cloud infrastructure.
Multi-factor or passwordless authentication: Multi-factor authentication (MFA) adds a layer of security for your entire environment, and it’s especially critical for accessing cloud applications and other resources. Compromised credentials are involved in 61% of confirmed data breaches, and if your user logins are stolen, MFA helps prevent unauthorized access to the cloud. Some organizations are moving away from passwords altogether and implementing passwordless authentication.
While application security is a major focus for developers, this type of cybersecurity goes beyond the development and design process. Even if you’re only deploying off-the-shelf software and applications, you need to continuously ensure that they remain secure throughout their lifecycle.
Vulnerabilities are one of the biggest risks because cyberattacks use them to gain access into your environment. There are numerous examples of breaches that showed the potential devastation of exploits. For example, the estimated total damage from the WannaCry ransomware campaign—which exploited a weakness in the Microsoft Windows operating system—climbed into the billions of dollars.
Besides vulnerabilities, other challenges in application security include:
- SQL and other code injections
- DDoS attacks
- Weak access controls
- Lack of encryption
The following are some of the practices and solutions to consider for this type of cybersecurity:
SaaS management: For cloud applications, the first step to security is a SaaS Management strategy. You can’t secure what you can’t see—and SaaS management helps you discover cloud applications, as well as enforce access policies.
Risk assessment and patching: Keeping applications and software up to date could have prevented many data breaches that have been in the headlines. Many organizations struggle to update and patch regularly, and vulnerability risk assessments help prioritize the most critical updates based on the vulnerabilities’ risk.
Access controls: Controlling access to applications can greatly reduce security risks. Consider implementing cloud governance to automate and streamline access management and policy enforcement.
Internet-borne threats are behind the majority of data breaches. Hacking is the top type of action during the first stage of a breach and the second top action during the middle and end stages—and web applications are the top hacking vectors.2
Although other types of cybersecurity, including network and cloud, help defend against internet threats, the prevalence and magnitude of these threats warrant placing internet security into its own category. And while internet security is often viewed as securing the data in transit over the internet, it encompasses much more than that.
To protect your organization against internet threats, some of the cybersecurity measures to consider include:
DNS-layer protection: A device that’s been compromised in a malware, phishing, or botnet attack typically tries to establish a connection to a command-and-control center. Blocking these requests before the device connects to the internet can stop the threats from entering the environment.
Email security: Phishing is one of the most common types of cyber threats, and blocking emails that contain malicious links and attachments can prevent employees from falling for phishing schemes. Other email security capabilities to consider include encrypting sensitive messages and applying DMARC domain protections.
URL filtering: This technology restricts the types of websites your employees can access, enabling you to block risky websites based on their content and other predefined criteria.
Moving toward identity security
As you explore the types of cybersecurity that your organization needs, one area to consider is identity security. Digital transformation and the digitalization of your data mean your operations revolve around access to digital information, and identity security brings tremendous advantages by protecting against threats that target digital identities.
Also known as identity governance or identity management, identity security goes beyond access management to grant, manage, and secure access based on least privilege principles. This ensures that your employees and other users can only access the data and resources they need for typical activities—preventing sensitive data from falling into the wrong hands.
A robust identity security solution protects your diverse, dynamic environment whether you have remote workers, are using the multi-cloud, or embracing BYOD. It’s another layer of cybersecurity that can help you keep up with the ever-evolving threat landscape.
Technology such as cloud computing fuels your organization and moves it forward. To manage risk in this fast-moving world, consider implementing cybersecurity solutions that can keep up with the pace of technology changes. SailPoint Identity Security solutions protect your business assets at scale and helps you better manage cyber risk.
You might also be interested in:
Take control of your cloud platform.
Learn more about SailPoint Identity Security.