To understand your Cyber Asset Attack Surface Management (CAASM), let's start with your attack surface, defined as any physical or digital interface where a cyber attacker could gain entry to your system and access your sensitive information.
CAASM is a relatively new term that provides greater visibility over assets such as your software (cloud or on-premises), code repositories, devices, and identities.
As the complexity of your digital assets continues to evolve, particularly with the emergence of remote working, the harder it is to understand your complete digital asset profile, not to mention monitor and protect it from any potential breach.
CAASM provides a single pane of glass for your digital asset management. Without it, you're not just limiting the visibility of your IT Security team, but leaders throughout the business are left in the dark about their areas of greatest vulnerability. So, it serves not just as a tool within your cyber security team's confines but can help educate the rest of the business and help them visualise their shared risk.
A Cloud Access Security Broker (CASB) is a piece of software that sits between your users and your cloud applications to enforce security policies set by your security team or partner. Think of it as your security bouncer that acts as a gatekeeper to your digital environment and helps to flag any unsafe activity. And can be applied to entirely cloud-based environments, on-premises, or a hybrid of both.
Without a CASB, you're increasing the risk and complexity when moving your business to the cloud. An advanced CASB will ensure you have policies that include authentication, single sign-on, authorisation, credential mapping, device profiling, encryption, tokenisation, logging, alerting, and malware detection/prevention (Gartner, 2022).
Cloud-Native Application Protection Platform (CNAPP) is another newly coined term that combines Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP).
But what are CSPM and CWPP, I hear you ask? Well, before we get into the differences, let's address one of the commonalities: they all relate to your 'cloud' security.
Your cloud computing infrastructure, whether it's private, public, or a hybrid model, will include Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS). When it comes to managing these, you may find comfort in using one of the three major providers: Amazon Web Services, Google Cloud Platform and Microsoft Azure.
However, Gartner states that through to 2025, 99% of cloud security failures will be the fault of the customer. That's you. Why? It primarily comes down to misconfiguration, or more simply, human error. And that's precisely what CNAPP, CSPM, and CWPP are for — to prevent the misconfiguration of your cloud-based infrastructure
Going back to your CASB (your security bouncer), think of your Cloud Security Posture Management (CSPM) as your security bouncer on steroids. As you continue to scale the size and complexity of your business, CSPM will use automation to identify and remediate the risks across your cloud infrastructures.
Throughout the day, your cloud may connect and disconnect from thousands of networks (which makes the cloud so powerful), but it also increases the complexity of its security.
This is why CSPM can add so much value to your business. It reduces alert fatigue because minor alerts can be monitored and reduced using artificial intelligence, which ultimately frees up your time and productivity as a security team.
CSPM not only monitors the current state of your infrastructure, it defines the desired state of your infrastructure, ensuring that all network activity meets your security policy standards.
To understand a Cloud Workload Protection Platform (CWPP), let's first define a 'cloud workload', which is any app, database or function run within the cloud.
A CWPP solution is limited to monitoring and protecting workloads within the cloud. Think of it like a mechanic who can monitor and protect the car from potential breakdowns but can't do anything to protect you from another car on the road rear-ending you at a red light.
In summary, CWPP ensures the security of the cloud workloads, while CSPM focuses on the broader view, including the accounts deploying those workloads on the company's cloud platforms.
With elements from Microsoft Defender for Cloud, Microsoft Sentinel, Azure DevOps, Microsoft Secure Score, and Secure Score, we can achieve the same goals as CWPP, especially CNAPP, which combines CSPM and CWPP. (Watch this space as we're likely to see Microsoft Dynamics 365 published on the Gartner Magic Quadrant).
'Firewall' has become a commonly understood term, even by the most technology-illiterate users. This is because firewalls have remained the most basic and fundamental form of network security for the last 25 years.
What separates a Firewall as a Service (FWaaS) from a standard firewall is its security capability and near-instant scalability.
A FWaaS can be integrated within instances of Microsoft Sentinel for increased visibility, where a connector or API has been made available by the FWaaS supplier.
A Managed Detection and Response (MDR) service combines the speed of technology and automation and the expertise of human intervention to perform threat hunting, monitoring, and response. The main benefit of MDR is that it helps rapidly identify and limit the impact of threats without the need for additional staffing.
Any business that needs the ability to respond to any threats to information security rapidly should consider an MDR solution
An MSSP is a Managed Security Service Provider. MSSPs typically monitor security events and manage IT security technology.
Managed Detection and Response (MDR) services are often compared to Managed Security Services Provider (MSSP) services. While they share similarities, they also have significant differences.
MDR services are proactive and focus on improving vulnerabilities within your environment, whereas MSSPs are designed to be reactive to real and immediate threats that enter your environment.
So you could say an MDR provider is going to provide a greater layer of security than an MSSP.
Secure Access Service Edge (SASE), pronounced 'sassy', was first described by Gartner (2019) as "The Future of Network Security in the Cloud."
Traditional security systems were designed to assume that most, if not all, users and applications would sit inside the local network perimeter, but this is no longer the case. Your data has moved to the cloud, your employees often work remotely, and your business transformation initiatives need your technology to remain agile.
One of its key benefits is the ability for it to be scaled up and down based on usage.
The term SecOps is a conjunction of Security and Operations. It is a result of removing barriers between security-focused and operationally focused teams within your business.
As with many functions within your business, priorities can vary dramatically, so SecOps was designed to reduce conflicting priorities and align disparate tools that can create inefficiencies, reduce your security posture and expose the business to unnecessary risk.
When security and IT operations teams work more closely together in a SecOps approach, they share accountability for the priorities included in maintaining the productive state and security of their enterprise's environment.
If SecOps is your highly skilled team of professionals, then Security Operations Centre (SOC) is the shared command centre facility from which they can perform threat detection and alert triage.
In the case of your security partner, it may also be used to deliver SOC as a service which can include Managed Detection and Response (MDR) and Extended Detection and Response (XDR) services for customers too.
Most, but not all, SOCs operate 24/7 with SecOps teams working in shifts to log activity and mitigate threats.
Extended Detection and Response (XDR) collects threat data from previously siloed security tools across an organisation's technology stack for easier and faster investigation, threat hunting, and response. An XDR platform can collect security telemetry from endpoints, cloud workloads, network email, and more.
XDR typically involves the creation of automated playbooks and results in tightly integrated detection and response. One of the advantages of having a security partner is that it provides your business with access to a comprehensive playbook of threats that have occurred across a range of environments. This gives greater visibility of potential threats that may approach your environment.
Zero Trust Network Access (ZTNA) is a philosophy as much as it's a technology. It ultimately assumes that all devices and their users are threats until they prove otherwise.
Think of it as guilty until proven innocent, which may seem a little unjust, but it's this set of granular, adaptive and context-aware policies which could ultimately save the business millions in lost data, finances or reputation.
Next time you're banging your head against a brick firewall because you have to perform another Multi-Factor Authentication (MFA) to access your emails, think of the bigger picture and the added layer of security for the rest of the business.