NAVIGATING

THE SECURITY
LANDSCAPE
A Guide to Technologies
and Providers
How to Use This Guide

Optiv Security leverages its deep cybersecurity expertise in more

than 50 vendor technologies – and close partnerships with more
than 350 technology providers – to help enterprises navigate an
increasingly complex cybersecurity landscape.

We help our clients build out their security programs leveraging

proven technology and innovation from our trusted vendor
community. Optiv adds value to clients by also integrating effective
services and innovation to address the complete cybersecurity
lifecycle.

Navigating the Security Landscape: A Guide to Technologies and

Providers is a resource to help technology buyers achieve be"er,
more specific security outcomes.

This guide provides an agnostic overview of the current

cybersecurity technology landscape, free of guidance and
recommendations, since every business has a unique environment
and security profile.

For an unbiased, in-depth and tailored recommendation, based on

proven cybersecurity expertise and technical knowledge, get in
touch at Optiv.com.

B
Contents

DATA PROTECTION ........................................................................................ 1

Data Discovery and Classification ............................................................... 1

Data Loss Prevention ......................................................................................... 1

e-Discovery .............................................................................................................. 1

Encryption ............................................................................................................... 2

File Integrity Protection ................................................................................... 2

Database Security ................................................................................................ 2

Public Key Infrastructure ................................................................................ 3

Data Access Governance ................................................................................... 3

Rights Management............................................................................................ 3

Secure Collaboration .......................................................................................... 3

Tokenization ........................................................................................................... 4

Blockchain ............................................................................................................... 4

SECURITY OPERATIONS ............................................................................ 5

Monitoring and Operations ............................................................................ 5

Change Management ......................................................................................... 6

Orchestration and Automation..................................................................... 6

Vulnerability Assessment and Management ......................................... 7

Threat Detection and Analysis ...................................................................... 8

Incident Management and Response ........................................................ 8

FOUNDATIONAL SECURITY................................................................... 10

Network .................................................................................................................... 10

Data Center ............................................................................................................. 12

Endpoint ................................................................................................................... 13
CLOUD SECURITY ............................................................................................. 15

Cloud Application Security ............................................................................. 15

RISK AND COMPLIANCE .......................................................................... 17

Governance ............................................................................................................. 17

APPLICATION SECURITY ........................................................................... 18

So!ware Composition Analysis.................................................................... 18

Web Application Firewall /Runtime Application

Self-Protection ....................................................................................................... 18

Static and Dynamic Application Security Testing .............................. 18

AppSec Program Management ..................................................................... 18

IDENTITY MANAGEMENT ....................................................................... 19

Identity and Access Management ............................................................... 19

Access Governance .............................................................................................. 19

Privileged Access Management .................................................................... 19

Data Access Governance ................................................................................... 20

IoT/ICS .......................................................................................................................... 21

Internet of Things/Industrial Control Systems Analytics .............. 21

Data Protection Key functions are discovery of data/file types, classification
based on business rules, monitoring and protection.
Depending on the so!ware, available features may include
role-based access controls, fingerprinting, optical character
recognition, metadata inspection, forensic analysis and
Data protection (DP) is inclusive of data integrity and audit trails.
data privacy. DP technologies span data discovery and
classification, encryption, data access, secure collaboration, DLP technology can help control and protect information
blockchain and more. by preventing data from leaking to USB drives, stopping
unauthorized emailing of sensitive information and
blocking unauthorized uploads of information to websites.
Data Discovery and Classification
Description DATA LOSS PREVENTION
Data discovery and data classification so!ware automate PROVIDERS
tasks related to locating, identifying, classifying and
analyzing information, typically in an integrated data
CA Technologies McAfee
security platform. Data discovery reveals where data assets
Check Point Netskope
exist, enabling adequate protection to be implemented.
Code42 Proofpoint
The classification process tags data based on various
CoSoSys Somansa
criteria to make it searchable and trackable, assists with
Digital Guardian SuperCom
deduplication, simplifies data retrieval and supports
Fidelis CyberSecurity Symantec/Blue Coat
efficient regulatory compliance. Tagging also provides
Forcepoint X1
information about the type of data in a file and level of
IS Decisions Zecurion
sensitivity.

Capabilities may include data modeling, interactive data

visualization, data analysis, integration of geospatial data, e-Discovery
dashboards and reports. Proper discovery and classification
provide insights into the required level of security for Description
each type of data and increases efficiency through built- Electronic discovery (e-Discovery) encompasses identifying,
in analytics or integration with third-party business collecting and producing electronically stored information
intelligence tools. (ESI) requested in legal proceedings or regulatory
investigations. Any type of electronically stored data may be
requested, but the most common types are emails, business
DATA DISCOVERY AND documents, videos, audio files, databases and photos.
CLASSIFICATION PROVIDERS
The e-Discovery process typically follows the stages in the
1TOUCH.io OneTrust Electronic Discovery Reference Model (EDRM): information
BigID Protegrity governance, identification, preservation, collection,
Cognigo Seclore processing, review, analysis, production and presentation.
Covata Tanium Technology-assisted review (TAR) introduces machine
IBM Security Titus learning or rules-based so!ware to assist with assessing
Imperva Varonis ESI for relevance. e-Discovery so!ware speeds the efforts
Microsoft of legal teams with on-premises, cloud and hybrid models;
customizable workflows and audit trails; and integration
with third-party applications, enterprise networks and
data sources.
Data Loss Prevention
Description
Data loss prevention (DLP) consists of so!ware tools and
processes designed to protect information in motion, at rest
and in use. DLP can be deployed on endpoints, networks
and in the cloud to make sure that users do not send
sensitive information outside an organization’s network.

Navigating the Security Landscape | Identity Management 1

 into some solutions. Many regulations, including Payment
e-DISCOVERY PROVIDERS Card Industry Data Security Standard (PCI-DSS), Federal
Information Security Modernization Act (FISMA), Health
AccessData OpenText/ Insurance Portability and Accountability Act (HIPAA) and
BlackBag Technologies Guidance Software Sarbanes-Oxley Act (SOX), require file integrity monitoring.
Consilio Logicube
Digital Intelligence MSAB The so!ware establishes a baseline for file integrity, then
Fidelis Cybersecurity Nuix monitors file changes on servers, databases, applications
Forcepoint Relativity and network-a$ached devices. Items such as access
Ground Labs Symantec credentials, privileges and security se$ings can be
monitored. When the so!ware detects an unauthorized
change, it sends an alert. Some so!ware solutions provide
remediation steps or remediate the problem automatically.
Encryption
Description FILE INTEGRITY
Encryption involves cryptographic algorithms (or ciphers) PROTECTION PROVIDERS
that encode information and help prevent unauthorized
access to the data. An algorithm generates the encryption FireEye Symantec
keys that are provided to users who encrypt or decrypt LogRhythm Tripwire
information. Encryption can be used on data in use, at McAfee Varonis Systems
rest or in motion and in all environments — on premises, STEALTHbits Technologies
public cloud, hybrid cloud and virtual. It is also available as
a service.

Encryption enables enterprises to satisfy compliance Database Security

mandates and regulatory requirements with capabilities
such as centralized key and policy management, least- Description
privilege access controls and the ability to detect sensitive Database security tools safeguard databases from internal
information. and external threats, streamline database security
management and support compliance requirements —
ideally without slowing down performance.
ENCRYPTION PROVIDERS
The so!ware monitors elements such as configurations,
Certes Networks Ionic user privileges and even regulatory best practices, and
Check Point Kindite alerts administrators to potential vulnerabilities. Some
CipherCloud McAfee solutions offer remediation guidance. Security control
CryptoMove PKWARE features include data classification and discovery,
Cyphre Proofpoint data masking, encryption and penetration testing.
DataLocker Protegrity Administrators can manage databases centrally and verify
Duality Technologies SecurityFirst that they are in conformance with enterprise policies.
Enveil Thales
Gemalto Vaultive
HP DATABASE SECURITY
PROVIDERS

DB Networks Imperva
File Integrity Protection Fortinet McAfee
IBM Security Oracle
Description
Malware can be introduced into files through email, online
file transfer tools, personal storage devices and other
methods that move files onto a network. File integrity
so!ware is designed to stop these intrusions and detect
and remediate malware residing on file shares. Machine
learning and user behavior analytics (UBA) are incorporated

Navigating the Security Landscape | Data Protection 2

Public Key Infrastructure
DATA ACCESS GOVERNANCE
Description PROVIDERS
Public key infrastructure (PKI) is a system designed to
manage public-key encryption and digital certificates.
Bolden James Netskope
Digital certificates are used primarily to authenticate
Covertix SailPoint Technologies
users and servers that are involved in activities such as
Druva STEALTHbits Technologies
e-commerce, online financial transactions and email.
IS Decisions Veritas
Transport Layer Security (TLS) server certificates, an update
of the older Secure Sockets Layer (SSL), are used in HTTPS,
the web-browsing protocol. Certificates are registered with
and issued by a certificate authority, which is a trusted third Rights Management
party.
Description
A PKI system includes so!ware, hardware, policies and Rights management so!ware protects documents and
procedures whose collective purpose is to enable electronic emails on multiple devices using encryption, permissions,
information to be transferred securely between trusted authentication and policies. The protection is a$ached
endpoint connections. Automated PKI management to the data, so it remains in effect inside or outside an
encompasses the certificate lifecycle, from creation organization regardless of how the information is shared
through replacement or decommission. It streamlines and where it resides. Rights management so!ware aids
handling of certificate requests, renewals, installation and compliance with HIPAA, SOX, PCI-DSS, Family Educational
configuration, and provides remediation in case of security Rights and Privacy Act (FERPA) and other regulations that
issues. Newer approaches include blockchain-based PKIs require restricted access to information.
and cloud-based PKI platforms.
On-premises, cloud or hybrid solutions offer an array
of capabilities including sanitizing emails, downloading
PUBLIC KEY INFRASTRUCTURE files and transferring files. Users can manage policies,
PROVIDERS permissions, identity and other components centrally,
and they can streamline the rights management process
Acertia RSA by integrating enterprise content management systems,
Certes Networks Symantec collaboration platforms, data loss prevention solutions and
Futurex Thales other enterprise applications.
Gemalto Venafi
HydrantID
RISK MANAGEMENT PROVIDERS

Allure Security Seclore

Data Access Governance FinalCode Vera
Ionic Virtru
Description Microsoft Votiro
Data access governance (DAG) is the oversight of
information access controls related primarily to
unstructured data. The so!ware helps organizations Secure Collaboration
understand permissions and how they are being used, and
it enables the implementation of least-privilege access. Description
By increasing accountability for file use and security, Secure enterprise collaboration platforms allow businesses
DAG solutions help prevent data loss and enforce policy- to share information internally and externally while
based data lifecycle management while minimizing IT maintaining compliance with corporate policies or
involvement. regulatory requirements. Platforms can encompass content
management, workflow and collaboration through online
DAG so!ware can identify sensitive data, where it workspaces, file sharing and email.
resides, who has access to it and what users do with
the information. It supports regulatory compliance Secure collaboration solutions integrate with hundreds of
requirements for data access, use and retention, in part by enterprise applications and enable centralized management
providing a data access certification process. of provisioning, files, security and policies. Collaborators
can save time by commenting on and assigning tasks

Navigating the Security Landscape | Identity Management 3

within files, streaming files from the cloud to desktops and satisfy diverse requirements. Capabilities include data
accessing content from mobile devices. encryption, shredding and distribution; monitoring and
reporting cryptocurrency-related activities; and detection
and investigation of suspicious activity, transactions and
SECURE COLLABORATION threats. Chain-of-custody tools help satisfy compliance
PROVIDERS requirements.

Box Wiretap
Mattermost BLOCKCHAIN
PROVIDERS

Chainalysis Leonovus
Tokenization
Description
Tokenization is a process that protects sensitive data
by replacing it with a number (token) that is generated
algorithmically. Tokens traverse the internet or networks,
preventing sensitive information from being exposed. The
only way to reverse the tokenization process is with the key
used for token creation.

Tokenization can be managed centrally and generally

requires no changes to applications, databases or systems.
Web services such as Simple Object Access Protocol (SOAP)
and Representational State Transfer (REST), as well as
bulk tokenization, speed deployment. Access controls
restrict viewing of tokens and data. A key advantage of
tokenization is reduced PCI compliance scope because it
lowers the number of systems that have access to sensitive
data such as credit card information.

TOKENIZATION
PROVIDERS

Gemalto TokenEX

Blockchain
Description
Blockchain architecture combines encryption, digital
signatures, digital currencies, cryptographic hash schemes
and distributed communications networks. A blockchain
keeps a record of data exchanges that are validated,
encrypted and added as blocks, which are distributed across
a ledger accessible via a public or private network. Users
access the network using cryptographic keys, which create a
unique identity and digital signature. Each computer node
in a blockchain retains a copy of the ledger, eliminating any
single point of failure.

Basic blockchain functions include record-keeping and

transactions, but the so!ware can be configured to

Navigating the Security Landscape | Data Protection 4

Security • Network performance monitoring (NPM). NPM
so!ware monitors, evaluates, analyzes and reports
on the performance levels of a network, allowing

Operations network administrators to address issues quickly.

ANALYTICS PROVIDERS
APCON Outcold Solutions
Security operations encompasses technologies that
Bricata Palo Alto Networks
enable comprehensive business security, from assessing
Confluent Paterva
vulnerabilities through incident management and response.
Corelight Patrocinium Systems
CorrelationX Preempt Security
Monitoring and Operations Cybraics
DomainTools
RSA
SecBI
Elastic SevOne
Description
ExtraHop Splunk
Security monitoring and related operations are performed
Gigamon SS8
by an enterprise security team or outsourced as a managed
Indegy ThetaRay
service. Some companies have a security operations
Insight Engines ThreatModeler
center (SOC) on premises or rely on third-party SOCs
IPsoft TIBCO
to provide varying amounts of technology and talent.
JASK Twingo
Security analysts monitor and analyze endpoints, networks,
Knowi UpGuard
applications, websites and other systems to identify events
LogRhythm Verizon/ProtectWise
or behaviors that may indicate a threat or potential breach,
NetBrain
then prioritize incidents and manage them through to
Netsurion/
resolution.
EventTracker

Subsets of monitoring and operations

• Analytics. Security monitoring, threat hunting, threat APPLICATION PERFORMANCE

detection and response rely on the capabilities of data
MONITORING PROVIDERS
gathering, correlation and analysis to turn massive
amounts of raw data into meaningful insights.
AppDynamics Riverbed Technology
• Application performance monitoring (APM). APM
ExtraHop SolarWinds
tools monitor applications to detect and diagnose
ManageEngine Symantec
problems that can negatively affect availability or
New Relic
service levels.

• Security information and event management

SECURITY INFORMATION AND EVENT
(SIEM)/logging. SIEM systems log data from sources
like networks, databases and applications, analyze MANAGEMENT/LOGGING PROVIDERS
it and send alerts of potential security issues to
security analysts for further investigation. Analysts Alert Logic LogRhythm
utilize dashboard controls to generate reports on AT&T/AlienVault McAfee
the collected data as well as compliance-related BlackStratus Micro Focus
documentation. Chronicle Microsoft
Cisco Netsurion/EventTracker
• User behavior analytics (UBA)/entity and user CorreLog New Relic
behavior analytics (UEBA). UBA so!ware looks Delphix Paessler AG
at user identities and behaviors such as access to Devo RSA
applications or sensitive files to find pa$erns that Exabeam Splunk
may signal unusual behavior. UEBA is similar but goes Fortinet Statseeker
further by analyzing user activity plus entities such IBM Security Sumo Logic
as endpoints, applications and networks to identify JASK TIBCO
external threats. LogPoint Uplevel Security

Navigating the Security Landscape | Identity Management 5

 USER BEHAVIOR ANALYTICS/ ASSET MANAGEMENT PROVIDERS
ENTITY AND USER BEHAVIOR
1E Jamf Software
ANALYTICS PROVIDERS Absolute Software NetSupport
Axonius Symantec
Aruba Forcepoint
Blackberry/Cylance VMware
Balabit Gurucul
Bay Dynamics Interset
BehavioSec Jazz Networks
BioCatch Prelert PATCH AND SYSTEM
Cylance RSA/Fortscale
MANAGEMENT PROVIDERS
Dtex Systems Securonix
Ekran System Splunk
1E Net New
Exabeam VMware/E8 Security Technologies (NNT)
Autonomic Software
Center for Internet Security Semperis
GFI Software STEALTHbits
Symantec
NETWORK PERFORMANCE IBM Security
LogRhythm Tanium
MONITORING PROVIDERS
Microsoft
Aruba Keysight
Arista NetBrain
Cisco NetScout CONFIGURATION MANAGEMENT
Corelight Statseeker
DATABASE PROVIDERS
Gigamon Tridium
IDERA
Cisco ServiceNow
McAfee Skybox Security
Palo Alto Networks Symantec

Change Management
Description Orchestration and Automation
Change management is the process that guides changes
to security hardware and so!ware. It encompasses the Description
documentation and tools that automate security asset Security orchestration and automation (SAO) tools create
discovery, patching, checks and balances and change efficiencies in the movement of data between toolsets.
oversight. Orchestration connects various tools and systems.
Automation executes tasks without manual intervention.
Subsets of change management
Subsets of orchestration and automation
• Asset management. Asset management so!ware
allows enterprises to discover, track, monitor and • Security orchestration and automated response
manage IT assets and enforce applicable policies. (SOAR). This integrated platform brings together
people, security tools and processes to facilitate
• Patch and system management. So!ware scans a and speed activities such as orchestration,
network to detect potential issues, and it provides the threat investigation/analysis and threat/incident
tools users need to install and manage patches. management.

• Configuration management databases (CMDBs). • Robotic process automation (RPA). An approach to

CMDBs are databases that store information about automating business processes, RPA allows users to
so!ware and hardware assets, giving organizations configure so!ware to perform basic tasks, relieving
a complete view of their assets and simplifying asset human workers of repetitive tasks and reducing
management. manual errors.

Navigating the Security Landscape | Security Operations 6

 • DevOps automation. When aspects of the application and execution of penetration tests vary depending on
development lifecycle are automated, the processes what an organization wants to accomplish.
become repeatable, faster, more accurate and more
secure. Tools address moving applications to the • Vulnerability management and testing. Vulnerability
cloud, managing patches, building containers and management is a process or program designed to
other tasks. manage vulnerabilities in a consistent manner,
considering factors such as enterprise assets,
departmental dependencies, risk, remediation and
SECURITY ORCHESTRATION AND reporting. Periodic testing of the process or program
AUTOMATED
• RESPONSE PROVIDERS ensures it is up to date and effective.

Ayehu Palo Alto Networks/ • User testing/social engineering. These solutions

CyberInt Demisto collect, analyze and respond to phishing threats
CyberSponse Proofpoint and educate/engage employees through security
FireEye ServiceNow awareness training.
IBM Security Siemplify
LogRhythm Splunk • Cyber range. A virtual cyber range environment
Microsoft Swimlane immerses trainees in a simulated SOC and fabricated
NetBrain VMware a$acks based on customizable scenarios and tools.

PENETRATION TESTING PROVIDERS

ROBOTIC PROCESS
AUTOMATION PROVIDERS Rapid7 RiskSense

Automation Anywhere OpenConnect

Blue Prism WorkFusion
VULNERABILITY MANAGEMENT
AND TESTING PROVIDERS
DevOps AUTOMATION PROVIDERS Arxan Risk Based Security
AttackIQ RiskRecon
AppViewX Red Hat
Automox RiskSense
Chef SaltStack
Balbix SafeBreach
Puppet
BeyondTrust SAINT Corporation
Code DX SCYTHE
Conventus Shodan
Vulnerability Assessment and Cymulate Tenable
Expanse (formerly Qadium) ThirdPartyTrust
Management IBM Security Titania
Joval UpGuard
Description Outpost24 Verodin
Vulnerability assessment and management includes Pcysys Vulcan
technology designed to spot weaknesses in an organization’s Qualys WhiteHat Security
security defense before an a$acker can exploit them and Rapid7 XM Cyber
to eliminate them in accordance with established processes
and procedures.

Subsets of vulnerability assessment and USER TESTING/SOCIAL

management ENGINEERING PROVIDERS

• Penetration testing. During penetration testing, Barracuda Networks MediaPRO

simulated a$acks target vulnerabilities in technology, Cofense Proofpoint
people and processes that other methods, such as KnowBe4
scanning, may not detect. The goals, methodologies

Navigating the Security Landscape | Identity Management 7

 CYBER RANGE PROVIDERS THREAT INTELLIGENCE PROVIDERS
Cyberbit CYBERGYM 4iQ IntSights
Anomali Jigsaw Security
Bandura Cyber McAfee
BinaryEdge AG OPSWAT
Threat Detection and Analysis Blueliv Palo Alto Networks
BrandProtect Perch Security
Description Centripetal Networks Recorded Future
Threat detection and analysis comprises the technology, CrowdStrike ReversingLabs
people and processes that collectively deliver intelligence, CyberInt RiskIQ
detection, investigation, analytics, communication and DarkOwl Seclytics
reporting. These solutions incorporate machine learning to Digital Defense Silobreaker
speed steps such as identifying threat actors, prioritizing Digital Shadows Sixgill
threats, reducing false positives and providing threat Expanse (formerly Qadium) SpyCloud
context. Flashpoint ThreatConnect
FireEye ThreatMetrix
Automation relieves security analysts of repetitive tasks so Forescout ThreatQuotient
they can focus on understanding and responding to threats, GreatHorn TruSTAR Technology
and it streamlines workflows. Some platforms enable GroupSense VirusTotal
collaboration with internal enterprise groups and external Intel 471
partners. Implementation options include on premises,
cloud and even air gapped solutions.

Subsets of threat detection and analysis ADVANCED MALWARE

DETECTION PROVIDERS
• Threat intelligence. Threat intelligence consists of
the raw data that is gathered from multiple sources, BluVector McAfee
correlated and analyzed to produce knowledge about Bricata ODIX
threat actors — tools, techniques and procedures Check Point Palo Alto Networks
(TTPs) along with other contextual information Cisco Proofpoint
such as motives or goals. Threat intelligence Juniper Networks/Cyphort ReversingLabs
enables analysts to make informed decisions, and it Fidelis Cybersecurity SonicWall
strengthens SIEMs with up-to-date information. FireEye Sophos
Forcepoint Symantec
• Advanced malware detection. These solutions Fortinet Trend Micro
help security analysts be$er understand the a$ack Joe Security Votiro
lifecycle and enhance threat intelligence. Solutions Lastline
are extensively automated and include artificial
intelligence, malware hunting, sandboxing, behavioral
and heuristic analysis and forensics.
Incident Management and
Response
Description
Incident management and response is the process that
defines how a business handles a security breach. The
goal is to limit potential negative consequences — brand
reputation, financial costs, penalties and/or time to recover.
The incident response plan — ideally developed cross-
functionally — includes policies, definitions, roles, processes
and tasks.

Navigating the Security Landscape | Security Operations 8

Subsets of incident management and response
CONTAINMENT AND
• Forensics. Following an incident that involves ISOLATION PROVIDERS
sensitive information, a forensics team creates a plan
and conducts an investigation to identify relevant
Carbon Black Palo Alto Networks
digital evidence and determine the scope of a breach.
CyberInt SentinelOne
Relevant electronic data must be collected and
Fortinet Symantec
managed according to strict procedures. PCI Forensic
Illumio Trend Micro
Investigators (PFIs) specialize in payment card
Juniper Networks VMware
industry (PCI) breaches.
McAfee

• Legal response. When an incident involves

e-discovery, organizations execute a legal hold process
to notify all parties to a litigation to preserve relevant
ELIMINATION AND
information. So!ware automates many aspects of
legal hold, including legal notices and reporting,
REMEDIATION PROVIDERS
to help ensure that the process is executed in a
defensible manner that meets deadlines. 1E Iron Mountain
Blancco LogicHub
• Containment and isolation. Containment strategies CarbonHelix Malwarebytes
and technologies vary, but the goal is to limit the CyberInt One Identity/Balabit
damage caused by an incident and prevent whatever Fidelis Cybersecurity WhiteCanyon Software
caused the damage from spreading. Isolation products Infocyte
segregate and enclose a network or system that may
be infected or exhibits vulnerabilities. This creates
a barrier that prevents malware from escaping and
causing damage.

• Elimination and remediation. Malware elimination

involves removal of executables as well as any
artifacts from an infected system or endpoint.
Remediation addresses the root causes of a breach.

FORENSICS PROVIDERS

AccessData FireEye
BlackBag Technologies Intezer
Cisco LSoft Technologies
Consilio OpenText/
CounterTack Guidance Software
Cylance Silicon Forensics
Datiphy Sumuri
DF Labs TZWorks
Digital Intelligence WhiteCanyon Software
Fidelis Cybersecurity

LEGAL RESPONSE PROVIDER

OpenText/Guidance Software

Navigating the Security Landscape | Identity Management 9

Foundational with security policies, rules or user profiles.
Noncompliant devices are denied access.

Security • SSL visibility. Malware can penetrate SSL encryption

and remain invisible to many security inspection
solutions. SSL visibility technologies take different
approaches to solve this problem, but they typically
involve classification, decryption and re-encryption.
Foundational security describes essential security that
every organization needs to protect networks, data centers • Secure networking. A secure network is protected
and endpoints. from threats outside or inside an organization using
a layered defense strategy, and it maintains expected
performance levels.
Network
• Secure web gateway. On-premises or cloud-based
Description solutions (web proxies) are placed between users and
Network security consists of so!ware, hardware, policies the internet to enforce policies and stop external
and practices designed to protect the network and the data threats. They monitor, inspect and filter network
on the network. The technologies help stop unauthorized traffic. Integrated technologies can include CASBs,
access or use that can lead to the compromise or the! antivirus scanning, sandboxing and data loss
of sensitive information. In addition to network access prevention.
controls, other forms of network security include
authentication/authorization, antivirus/antimalware • DDoS mitigation. Network equipment or cloud-based
so!ware, email security so!ware, firewalls and web solutions resist or stop distributed denial-of-service
gateways. (DDoS) a$acks to keep websites up and running when
they’re under a$ack.
Subsets of network security
• Remote access so!ware-defined perimeter. An
• Firewall. Hardware or so!ware, or both, monitors and alternative to device-based network security, a
filters outgoing and incoming network traffic. Based so!ware-defined perimeter combines approaches
on security rules, the firewall allows traffic to proceed to enable a zero-trust model. Granular identity
or blocks unauthorized users, illegimate so!ware or management control helps reduce the breadth of
other suspicious activity. access and risk.

• Wireless. Security for wireless networks include

components such as encryption, permissions and FIREWALL PROVIDERS
support for the latest WiFi standards. Wireless
solutions protect against unauthorized or Barracuda Networks Huawei
misconfigured access points, devices not approved by Check Point Juniper Networks
policy, users connecting to unsecured networks, denial Cisco Leidos
of service (DoS) a$acks and other types of threats. Endian Netgate
Enghouse Networks Palo Alto Networks
• Intrusion detection systems (IDS)/intrusion F5 Sangfor
prevention systems (IPS). IDS and IPS systems can Forcepoint SonicWall
stand alone behind a firewall but are now commonly Fortinet Sophos
integrated into firewalls. IDS systems scan network GE/Wurldtech Trend Micro
traffic and provide information about threats via
alerts. IPS systems are proactive. They analyze traffic
and act based on rules. For example, they send alerts,
block undesirable traffic and drop out suspicious
packets.

• Network access control (NAC). NAC solutions

integrate with wired and wireless networks. They
provide endpoint visibility and operate in accordance

Navigating the Security Landscape | Foundational Security 10

 WIRELESS PROVIDERS SECURE NETWORKING PROVIDERS
Aruba Extreme Networks Aruba Extreme Networks
AccelTex Fluke Networks ADTRAN F5 Networks
Aerohive Networks Fortinet Arista GTT Communications
AirPatrol Juniper Networks Attivo Juniper Networks
AnaLynk Wireless Meru Networks Broadcom MRV Communications
Arista/Mojo Networks Mojix
Cisco Riverbed Technology
Arris Riverbed Technology
Certes Networks Siemens
Broadcom 7Signal
Cisco WatchGuard Technologies Cloudflare Silver Peak
Cradlepoint Zebra/Motorola CloudGenix SolarWinds
Edgecore Networks Cumulus Networks Symantec
Edgecore Networks Thinkst
Exinda Zscaler

INTRUSION DETECTION SYSTEMS/

INTRUSION PREVENTION SYSTEMS
SECURE WEB GATEWAY PROVIDERS
PROVIDERS
Authentic8 Menlo Security
Check Point Netshield (formerly Cato Networks Netgate
Cisco SnoopWall)
Cisco OPAQ
CyberX Palo Alto Networks
F5 Networks Palo Alto Networks
Fortinet Reservoir Labs
Forcepoint Proofpoint/Weblife.io
Juniper Networks Trend Micro
Fortinet Symantec
McAfee WatchGuard Technologies
GFI Software WatchGuard Technologies
McAfee Zscaler

NETWORK ACCESS
CONTROL PROVIDERS DDoS MITIGATION PROVIDERS

Aruba Netshield (formerly Arbor Networks FlowTraq

Forescout SnoopWall) Check Point Fortinet
InfoExpress Portnox Cloudflare Imperva
Saviynt F5 Networks Radware

SSL VISIBILITY PROVIDERS REMOTE ACCESS SOFTWARE-

DEFINED PERIMETER PROVIDERS
ExtraHop Ixia
F5 Networks Palo Alto Networks
AGAT Software NCP Engineering
Fidelis Cybersecurity SonicWall
Aporeto Palo Alto Networks
FireEye Symantec
Attila Security Pulse Secure
Gemalto Thales
Cisco Safe-T
Gigamon
Cyxtera Securelink
Fortinet Tempered Networks
LogMeIn

Navigating the Security Landscape | Identity Management 11

Data Center
SECURE STORAGE PROVIDERS
Description
Data centers are protected by physical and virtual solutions Altus Technologies Minuteman Power
to support service levels related to data storage, backup/ BS Cable Technologies
recovery, networking and other IT functions. Commvault Perle Systems
ExaGrid QNAPWorks
Subsets of data center Finisar Spectra Logic
HPE Veritas
• Secure storage. Data — and especially sensitive Western Digital
information — is protected from unauthorized access
using hardware and so!ware solutions including
cabling, input/output (I/O) connectivity and storage SECURE PLATFORM PROVIDERS
technologies like flash and disk drives.
Amazon Web Services Rackspace
• Secure platform/Infrastructure as a Service. IaaS is
Cisco Rubrik
a cloud service that provides on-demand computing
IBM Security Symantec
on a pay-as-you-go basis. The supplier provides and Microsoft
manages the infrastructure. Users install, configure Nutanix
and manage their so!ware.

• Domain name system (DNS)/dynamic host

configuration protocol (DHCP)/IP address DOMAIN NAME SYSTEM/
management (IPAM). DNS translates the names DYNAMIC HOST CONFIGURATION/
of websites into IP addresses and looks up existing IP ADDRESS MANAGEMENT
addresses. DHCP assigns IP addresses to specific
PROTOCOL PROVIDERS
computers. IPAM is embedded in computer so!ware
for purposes of planning and managing IP addresses
BlueCat F5 Networks
and related resources.
Cisco Infoblox
Cyren Neustar
• Network visualization/container security.
EfficientIP Quad9
Containers are standardized units of so!ware that
“package” code and code dependencies to enable
applications to run reliably in multiple computing
environments and support compliance requirements. NETWORK VISUALIZATION/
CONTAINER SECURITY PROVIDERS
• Email security. The most common a$ack vector for
initial infiltration, email security is improved through
Armor LogicHub
solutions such as anti-spam and filtering malicious
BluVector McAfee
emails, a$achments and URLs.
Bricata Outcold Solutions
Capsule8 Palo Alto Networks/
• Deception. A data center security layer, deception Evident.io
Check Point
technology generates traps or decoys that appear as Seclytics
Cisco
real technology. When an a$acker reaches a trap or ShieldX
Cloudistics
decoy connected to data, applications, hardware or Tufin
Corelight
networks, administrators are alerted. vArmour
Cypherpath
DivvyCloud Verizon/ProtectWise
Gigamon Zerto
Lacework

Navigating the Security Landscape | Foundational Security 12

 • Application control. Application control helps
EMAIL SECURITY PROVIDERS protect servers and applications by allowing known,
trusted (whitelisted) so!ware to run through
Area1 Security Mimecast network endpoints. Some solutions also block known,
Avanan Proofpoint untrusted (blacklisted) applications.
Check Point Sasa Software
EdgeWave SegaSec • Host intrusion prevention system (IPS). An IPS
FireEye SonicWall monitors network traffic to detect and prevent
Forcepoint STEALTHbits exploits that take advantage of vulnerabilities.
Fortinet Symantec Solutions may cover both physical and virtual
Glasswall Trend Micro networks and offer capabilities such as blocking IP
GreatHorn Valimail addresses, excluding hosts and detecting port scans.
IRONSCALES
• Secure desktop. Physical, virtual and cloud desktops
are secured by various strategies that reduce the risk
of a compromised desktop infecting other desktops.
DECEPTION PROVIDERS Solutions may include full endpoint monitoring,
migration tools, endpoint hygiene and secure payment
Attivo Illusive Networks systems.
CounterCraft PacketViper
CyberTrap Smokescreen
Cymmetria TrapX Security ENDPOINT PROTECTION
Guardicore Thinkst
SUITE PROVIDERS

AhnLab Kaspersky
Endpoint Avast McAfee
Bitdefender Minerva Labs
Description Carbon Black Morphisec
Endpoint security consists of identifying, securing and
Check Point Nyotron
managing devices connected to a network. Endpoints
Cylance Panda Security
include desktops, mobile devices, point-of-sale devices,
Deep Instinct Rubica
wearables, printers, cloud-based applications or servers
Ensilo Sophos
and Internet of Things (IoT) devices and sensors. Security
ESET Symantec
controls, which increasingly incorporate machine
F-Secure Trend Micro
learning, include authentication, antivirus, antimalware,
Fortinet Webroot
antispyware, firewalls and reputation scoring.

Subsets of endpoint
ENDPOINT DETECTION AND
• Endpoint protection suite. These solutions go beyond
basic endpoint protection like antivirus so!ware by
RESPONSE PROVIDERS
integrating multiple layers of defense into a suite or
platform that can be managed centrally. Capabilities Carbon Black Fidelis Cybersecurity
may include integration of security policies, rule Check Point FireEye
se$ing, response se$ings, firewall, automated patch CounterTack Malwarebytes
management, content blocks, malware tracking, CrowdStrike McAfee
whitelist databases and scanning so!ware. Cybereason Nehemiah Security
Cylance Palo Alto Networks
• Endpoint detection and response (EDR). EDR Deep Instinct RSA
solutions collect endpoint data during real-time Emsisoft SentinelOne
monitoring. Security analysts use the data to conduct Endgame Tanium
investigations or to engage in threat hunting to ESET Ziften
find anomalies, which they can triage immediately. eShore Ltd
Defensive tactics may include stopping an a$ack,
isolating compromised systems and eradicating
threats.

Navigating the Security Landscape | Identity Management 13

 APPLICATION CONTROL
PROVIDERS

Carbon Black McAfee

CyberArk Palo Alto Networks
Cylance Trend Micro

HOST INTRUSION PREVENTION

SYSTEM PROVIDERS

McAfee Symantec

SECURE DESKTOP PROVIDERS

1E Hysolate
Absolute Software IBM Security
Axonius Ivanti

Navigating the Security Landscape | Foundational Security 14

Cloud Security operations, threat intelligence, anomaly detection,
analytics, regulatory compliance, forensics, incident
response and other automated processes.

• Compliance. These technologies are designed to

Digital transformation relies heavily on cloud services. automate compliance and help organizations make
Companies should proactively implement their own sure they are compliant with applicable laws and
cloud security, regardless of each cloud provider’s regulations. Solutions offer an array of functions
security controls. including comprehensive visibility, assessments,
secure cloud migration, metrics and management
of security effectiveness, micro-segmentation and
Cloud Application Security automated remediation.

Description • Container security. Containers are standardized

Applications that operate in the cloud require rigorous units of so!ware that “package” code and code
security to supplement the security controls of cloud dependencies to enable applications to run reliably in
providers. The first step is discovering cloud use, including multiple computing environments – and they make
shadow IT, then imposing data protection and threat governance easier.
protection strategies. Security controls may include
scanning to detect vulnerabilities, scoring and ranking • Cloud workspace protection. These technologies
applications, identity and access management, policy are designed to protect workloads in dynamic cloud
enforcement, firewalls and application security testing. environments in which frequent configuration
changes and evolving industry/regulatory compliance
Subsets of cloud application security requirements can increase risk.

• Cloud access security broker (CASB). CASB so!ware

sits between the users of cloud services and cloud CLOUD ACCESS SECURITY
service providers, either on-premises or in the BROKER PROVIDERS
cloud. It enforces enterprise security policies such
as authentication, authorization, encryption and Bitglass Netskope
tokenization. Cisco OverWatchID
Forcepoint Palo Alto Networks
• Micro-segmentation. This technique enhances ManagedMethods Symantec
network security by allowing organizations to secure McAfee/Skyhigh Networks
individual workloads and limit the efforts of threat
actors who a$empt to move laterally.

• Web application firewall (WAF). This customizable MICRO-SEGMENTATION PROVIDERS

so!ware monitors, filters and blocks malicious web
traffic before it reaches the server. Aporeto Palo Alto Networks
Cisco ShieldX
• Managed services. Managed services can protect Cyxtera Tempered Networks
applications in on-premises and private, public and Fortinet Trend Micro
hybrid clouds. They help organizations keep up with Guardicore Verizon/Vidder
the latest cybersecurity capabilities on an OpEx basis. Illumio VMware
Jazz Networks
• Center for Internet Security (CIS) Controls. This set
of actions focuses on prioritizing and stopping certain
types of a$acks based on intelligence from leading
threat reports that is ve$ed by leading forensics and WEB APPLICATION FIREWALL
incident response organizations. PROVIDERS
• Automation. Orchestration and automation F5 Networks ThreatX
techniques for cloud infrastructures (primarily public Imperva
cloud) provide security platforms suitable for any
application. Capabilities span visibility into cloud

Navigating the Security Landscape | Identity Management 15

 MANAGED SERVICES PROVIDERS CLOUD WORKSPACE
PROTECTION PROVIDERS
Akamai Cerdant
Alert Logic NTT Data
Atomicorp Symantec
Arctic Wolf Nubeva
Caveonix Trend Micro
Armor SecureWorks
Box Symantec

CENTER FOR INTERNET SECURITY

CONTROLS PROVIDERS

Cloudentity Ping Identity

Obsidian SailPoint
Okta

AUTOMATION PROVIDERS

Armor Nubeva
Cisco/ Proofpoint
Observable Networks Splunk
Cloudreach Tufin
Demisto vArmour
HashiCorp Zerto
Lacework

COMPLIANCE PROVIDERS

Cavirin McAfee
Check Point/Dome9 Netskope
CloudCheckr OPAQ
CloudPassage OverWatchID
DivvyCloud Palo Alto Networks
Guardicore Tufin
Lacework Verodin

CONTAINER SECURITY PROVIDERS

Aqua Security Portshift

Capsule8 Stablewave
Cloudentity StackRox
Layered Insight Tenable
NeuVector Twistlock

Navigating the Security Landscape | Cloud Security 16

Risk and
Compliance
Risk and compliance tools provide visibility into risks —
enterprise, operational, IT and third parties — and oversight
of risk remediation to help organizations avoid or minimize
data loss, financial loss, fines and legal penalties.

Governance
Description
Governance encompasses design, development and
implementation of risk and compliance programs. This
may include assessments; strategies and solutions for data
storage, record retention, content management and email;
monitoring/measurement; and audit readiness.

Subsets of governance

• Governance, risk and compliance (GRC). GRC

applications and platforms are designed to integrate
GRC-related processes, provide visibility into them,
and deliver solutions in areas such as risk assessment,
authentication, encryption, compliance content and
classification methodologies.

• Fraud. Fraud prevention technologies span

monitoring, detection and incident case management
for threats such as fake users, spam, website scraping
and fake reviews.

GOVERNANCE, RISK AND

COMPLIANCE PROVIDERS

Consilio Panaseer
CyberOne RSA
CyberSaint Security SAP
Galvanize SigmaFlow
LockPath SimpleRisk
MetricStream TrustMapp
OneTrust

FRAUD PROVIDERS

Arkose Labs

Navigating the Security Landscape | Identity Management 17

Application WAF & RASP PROVIDERS
6Scan Micro Focus

Security A10 Networks

Akamai
Morphisec
Netsparker
Arxan Technologies Oracle/Zenedge
Avi Networks Penta Security
Barracuda Networks PerimeterX
Application security involves so!ware features or functions Contrast Security Prevoty
that protect applications against an array of threats. A top DenyAll Radware
objective is finding and fixing security gaps or flaws. Ergon Informatik AG Reblaze
F5 Networks Signal Sciences
Fortinet ThreatX
Software Composition Analysis IMMUNIO Waratek
Imperva
Description
So!ware composition analysis platforms and tools can
address one or all phases of the so!ware development
Static and Dynamic Application
lifecycle (SDLC) as well as purchased and downloaded Security Testing
so!ware. Capabilities include providing visibility into
so!ware composition, finding and fixing so!ware Description
vulnerabilities, assessing risk, managing so!ware Static and Dynamic Application Security Testing (SAST/
libraries and open source components, and testing. DAST) are application testing solutions. SAST tools are
typically used early in the SDLC to test byte code and
source code for vulnerabilities. DAST testing happens when
SOFTWARE COMPOSITION applications are running, and they are designed to work
ANALYSIS PROVIDERS inside an application and detect vulnerabilities.

Checkmarx Synopsys/Black Duck SAST/DAST PROVIDERS

Micro Focus Software
Sonatype Veracode Acunetix Peach Tech
Synk WhiteSource Software CA Technologies/Veracode Perforce Software
Checkmarx PortSwigger
Coverity Qualys
Web Application Firewall/Runtime HP Rapid7
IBM Security WhiteHat Security
Application Self-Protection Immunity Inc ZeroNorth/CYBRIC
Micro Focus
Description
A Web Application Firewall (WAF) is designed to protect
HTTP applications from a$acks such as DoS, DDoS, SQL AppSec Program Management
injections, malicious file execution and cross-site scripting.
A WAF sits between a web client and web server. It inspects Description
web traffic and isolates or blocks suspicious or abnormal The approaches to managing application security programs
traffic. Runtime Application Self-Protection (RASP) vary, but they generally focus on centralized governance,
technology provides protection from within an application’s policies, continuous testing and metrics. Solution
runtime environment, and it detects, blocks and documents capabilities may include version control, agile planning
a$acks. and lifecycle management. Crowdsourced security and
bug bounty programs are increasingly popular.

AppSec PROGRAM
MANAGEMENT PROVIDERS

Atlassian HackerOne
Bugcrowd Perforce
CA Technologies/Veracode

Navigating the Security Landscape | Application Security 18

Identity Access Governance
Description

Management Access governance — known also as identity governance —

provides visibility into who has access to what assets (such
as applications, database and devices) based on policies. The
objective is to guard against inappropriate use of privileges,
stale credentials and shared credentials.
Identity management (IM) programs ensure the right
people access the right data in the right manner – returning
trust and compliance to the business. IM solutions address ACCESS GOVERNANCE
identity challenges, data sprawl and exposure risks PROVIDERS
associated with both workforces and consumers.
CA Technologies RSA
HID Global/Crossmatch SailPoint
Identity and Access Management IBM Security Saviynt
One Identity
Description
The numbers of identities, devices, data points and data
access controls are constantly growing and shi!ing.
Identity and access management (IAM) technologies help Privileged Access Management
organizations protect sensitive data without slowing down
the pace of business. Description
Privileged access management (PAM) solutions are designed
Credential compromise is driving a change in security to prevent breaches and limit ongoing damage linked to
strategy — less focus on the a$ack vector and how an a$acks in which privileges are used as the penetration
a$acker got in and more focus on understanding access tactic. Credentials such as those given to administrators
privileges and the Zero Trust model. IAM enables controls are highly desirable to malicious actors who can leverage
based on “who you are” and “what privileges you have to them throughout an organization. PAM security strategies
access which company assets and data.” This approach and technologies monitor and control the activities of
is replacing the security concept of “inside or outside the users with higher-level credentials than regular users.
network” to define controls. Solution capabilities span single Tools can discover privileged accounts, manage passwords,
sign-on, multi-factor authentication, identity management monitor and track privileged access activities and block
for workforces and customers, directory management, API unauthorized access. Automated auditing simplifies
security, monitoring and auditing, and analytics.. compliance.

IDENTITY AND ACCESS PRIVILEGED ACCESS

MANAGEMENT PROVIDERS MANAGEMENT PROVIDERS

CA Technologies One Identity Anixis Onion ID

Centrify Pindrop Security Bomgar Oracle
CoreBlox Ping Identity CA Technologies Remediant
Crossmatch QuickLaunch Centrify Specops Software
Daon Radiant Logic CoreBlox SSH.COM
Idaptive RES Software CyberArk Userify
ForgeRock SecureAuth nFront Security
LexisNexis/ThreatMetrix Semperis
Microsoft SyncServer
NoPassword VMware
Okta Yubico

Navigating the Security Landscape | Identity Management 19

Data Access Governance
Description
Data access governance solutions manage access to
different types of data on premises or in the cloud. By
implementing appropriate technologies, companies can
be$er satisfy compliance requirements and operate by the
principle of least privilege.

DATA ACCESS GOVERNANCE

PROVIDERS
Bolden James Symantec
Crossmatch Varonis
Preempt Security
STEALTHbits

Navigating the Security Landscape | Identity Management 20

IoT/ICS
Internet of Things/Industrial
Control Systems Analytics

Description
Analytics for the Internet of Things (IoT) and industrial
control systems (ICS) are increasingly part of digital
transformation initiatives. Tools are purpose-built and
yield granular insights to improve decisions related to
applications, efficiencies, cost, security, asset management
and other operational objectives. Solutions may include
asset discovery, identification of communications protocols,
data ingestion, risk and threat quantification, remote
monitoring and anomaly detection/remediation.

INTERNET OF THINGS/INDUSTRIAL
CONTROL SYSTEMS ANALYTICS
PROVIDERS

Armis General Electric

Bastille Networks Leidos
Bayshore Networks Medigate
Claroty Nozomi Networks
ClearBlade Ordr
Cybeats RedSky Technologies
CyberX ShieldIOT
Dragos Waterfall Security
ExtraHop Zingbox
Forescout/SecurityMatters

Navigating the Security Landscape | Identity Management 21

Want to
learn more?
Navigating the breadth and depth of cybersecurity technologies can be overwhelming.
Optiv guides enterprises through this complex landscape with expertise and insights that
save time and accelerate decision-making. Beginning with risk mitigation, Optiv tailors
solutions to address each organization’s desired business and security outcomes.

Get started with an assessment of your cybersecurity program by visiting Optiv.com.

Who secures your insecurity?™

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build
Optiv Global Headquarters
and run successful cyber security programs that achieve business objectives through our depth and
breadth of cyber security offerings, extensive capabilities and proven expertise in cyber security 1144 15th Street, Suite 2900
strategy, managed security services, incident response, risk and compliance, security consulting, Denver, CO 80202
training and support, integration and architecture services, and security technology. Optiv maintains 800.574.0896
premium partnerships with more than 350 of the leading security technology manufacturers. For more www.optiv.com
information, visit www.optiv.com or follow us at www.twi"er.com/optiv, www.facebook.com/optivinc
and www.linkedin.com/company/optiv-inc. © 2019 Optiv Security Inc. All Rights Reserved
7.19 | F1