Cyber Security Landscape






 

*** Attack Methods - Phishing Attack ***

You get an email that looks like its from someone you know

It seems to be from one of your company’s vendors and asks that you click on a link to update your business account. Should you click? Maybe it looks like it’s from your boss and asks for your network password. Should you reply?

In either case, probably not. These may be phishing attempts

 

Mapped Buisness Risks
Brand Damage Data/Secret Loss Service Disruption  

 

Mapped Cyber Risks
Data Security / Loss Extortion Human Error Basic Security Hygiene Identity/Password Protection Insider Threat  

 

Mapped Mitigation Methods
Limit & Control Access Protect Data Manage Risks, Compliance and Controls Block Threats & Attacks Manage Threats & Vulnerabilities Enable Visibility  

 

Mapped Solution Categories
Third Party Risk Application Security Cloud Security Data Security DNS Security Email Security
End-Point Security Event Detection & Response Risk & Compliance Identity Mgt Insider Threat/Behavior Mgt iOT/OT Security
Logs Mgt Mobile Security Network Security Privileged Access Threat Analytics Vulnerability / Attack Surface Detection
Web Security  

 

Mapped Functions
Application Security Testing Automated Security Controls Testing Cloud Access Broker (inline) Cloud Access Broker (API/OOB) Cloud Container Security Cloud Discovery
Cloud DLP (Inline) Cloud DLP (API/OOB) Cloud Infra-as-a-Service Security Database Activity Monitoring (DAM) Data Classification & Privacy Data Encryption
Data Tokenization/Masking DDoS Protection Deception User Device Mgt - Software/Patch (End-Point) User Device Mgt - Software/Patch (Mobile) Device Mgt -Software/Patch (Server)
Disk Encryption (End Point) Enterprise DLP DMARC Security DNS Proxy (Off-Prem) DNS Proxy (On-Prem) Email Isolation
Email Behavior Analytics Email Security Cleanup/Automation Email Phishing Simulations Email Threat/SPAM Email User Warnings Application Control (End Point)
User Device Registration (End-Point) User Device Registration (Mobile) Detect & Respond (EDR) (End-Point) File Integrity (FIMM) (End-Point) Media Control (End Point) Next Gen AV (End-Point)
End-Point Protection (End-Point) Incident Response Services SIEM External/Digital Risk Review GRC Access Mgt / SSO
Active Directory Behavior Analysis Admin Server Access API Mgt Authentication/Directory Customer Identity (CIAM) Cloud Identity Monitoring
IDaaS User Identity Self Service Identity Life Cycle Mgt End-Point Local Admin Multi-Factor Auth (MFA) Session Management
IOT Device Visibility Logging Agent Log Collector Managed Hunting Services Managed Security Services (MSS) Mobile Application Reputation
Mobile Threat Network Access Control (NAC) Network Security Policy Auditor Network Security Policy Orchestration SSL Decryption Network Tap
Cloud Network Threat Analytics Network Based Threat Detection Network Threat IPS E/W Network Threat IPS N/S Network Threat Sandbox E/W Network Threat Sandbox N/S
ICS/OT Device Visibility Password Vault Security Automation (SOAR) Security Awareness Training Security Ratings (Vendor & Supplier) Micro-Segmentation
Network Firewall Segmentation (East/West) Network Firewall Segmentation (North/South) Threat Intelligence URL Filtering (Off-Net) URL Filtering (On-Net) URL Filtering/Proxy (On-Net)
URL Filtering/Proxy (On-Net) User & Device Behavior Analysis User Software Self Service (End-Point) User Software Self Service (Mobile) User-Application Access /Zero-Trust VPN End-User VPN
Site-to-Site VPN Vulnerability Scanning Web Application Firewall (WAF) Web Isolation  

 

Mapped Products
Cyberark Alero Okta Advanced Server Access  

 

Mapped OEMs
Cyberark Okta  

 

 

Last Updated: 03202020-11:28:25