THE ECOSYSTEM, EXPLAINED
We’ve all been there. No matter how long you've worked in cybersecurity, you know the feeling — that knot in your stomach from another acronym you don't know or another company you've never heard of.
You don't need another oversimplified industry model. You need to navigate the nuances. This is my answer to the confusion and controversy about the business of cybersecurity.
Strategy of Security's ecosystem reveals the hidden architecture of the cybersecurity industry. It includes a meticulous curation of today's most elite cybersecurity companies, continuously updated to highlight the leaders of tomorrow.
If I've done my job, you just might encounter that delightful moment of insight when even the most advanced concepts suddenly fall into place.
Cybersecurity, Privacy, and Trust
Overview: Measures, technologies, and policies employed to protect systems and sensitive information, ensure the confidentiality and control of personal data, and build confidence in the integrity and reliability of technological systems and processes.
Example(s): Cisco, CrowdStrike, Google Cloud Security, Microsoft Security, Palo Alto Networks
AI/ML Security
Overview: Products and strategies to protect AI/ML systems and models from manipulation or attack.
AI Governance
Overview: Establishing and overseeing guidelines and practices to ensure the ethical, transparent, and accountable development and implementation of AI.
Example(s): Cranium, Credo AI, Holistic AI
LLM Security
Overview: Practices and measures to protect LLM models from being exploited for malicious purposes, and to ensure their safe, ethical, and responsible use.
Example(s): Robust Intelligence, CalypsoAI, Lakera, Cape Privacy
ML Security
Overview: Protecting machine learning systems from attacks, manipulations, and vulnerabilities, ensuring the integrity, reliability, and confidentiality of ML models and their data
Example(s): HiddenLayer, Protect AI, Adversa AI
Application Security
Overview: Practices and techniques used to secure applications from threats and vulnerabilities throughout the development lifecycle.
Example(s): Synopsys Application Security
Application Protection
Overview: Technologies to safeguard software applications from vulnerabilities and attacks across their development, deployment, and operational stages.
Example(s): Cloudflare Application Security & Performance, F5, Radware
API Security
Overview: Processes and tools for preventing and monitoring malicious attacks and misuse of APIs.
Example(s): Salt Security, Noname, Wallarm, 42Crunch, Astrix
Bot Mitigation
Overview: Techniques and tools for assessing website bots and blocking malicious activity.
Example(s): Fingerprint, HUMAN, Kasada, Netacea
CI/CD Security
Overview: Integrating security practices and tools into the Continuous Integration (CI) and Continuous Deployment (CD) pipeline to protect software during the testing, build, and deployment processes.
Example(s): Cloudsmith, BluBracket
Runtime Application Self-Protection (RASP)
Overview: Technology that integrates with an application to detect and prevent real-time attacks by analyzing behavior and context during execution.
Example(s): Contrast, Ghost, Data Theorem, Talsec
Web Application Firewall (WAF)
Overview: Systems to protect web applications or APIs against exploits, bots, and attacks that compromise the security and availability of web applications.
Example(s): F5 Advanced WAF, Signal Sciences, Cloudflare Web Application Firewall, Reblaze
Application Security Testing
Overview: The process of evaluating and examining software applications for security vulnerabilities and weaknesses.
Example(s): Snyk, Veracode, Checkmarx
Application Security Posture Management (ASPM)
Overview: The continuous process of assessing, improving, and monitoring the security state of software applications.
Example(s): Bionic, Cycode, Enso Security, Legit Security
Application Security Orchestration and Correlation (ASOC)
Overview: Integration and automation of various application security tools and processes to enhance efficiency and effectiveness in identifying and mitigating vulnerabilities.
Example(s): ArmorCode, Kondukto
Dynamic Application Security Testing (DAST)
Overview: A method of testing applications for security vulnerabilities by simulating external attacks on a running application.
Example(s): Project Discovery, OWASP ZAP, StackHawk, Burp Suite
Fuzz Testing
Overview: A testing technique that involves inputting random, malformed, or unexpected data into an application to detect coding errors and security vulnerabilities.
Example(s): Code Intelligence, Mayhem, Google OSS-Fuzz
Infrastructure as Code (IaC) Security
Overview: Practices and tools used to ensure that the code and processes used to automate and manage IT infrastructure are secure and free from vulnerabilities.
Example(s): Apiiro, Bridgecrew, GuardRails, Trivy
Interactive Application Security Testing (IAST)
Overview: A testing approach that combines static and dynamic analysis to evaluate applications for vulnerabilities in real-time during testing and operation.
Mobile Application Security Testing (MAST)
Overview: The process of assessing and identifying security vulnerabilities in mobile applications.
Example(s): Appknox, Guardsquare, Zimperium Mobile App Protection Suite
(MAPS)
Static Application Security Testing (SAST)
Overview: A method of analyzing code for security vulnerabilities without executing the application.
Example(s): Bearer, Semgrep, Sonar
Software Supply Chain Security
Overview: The identification, analysis, monitoring, and mitigation of security risks from third party software vendors, packages, integrations, and other components.
Example(s): Chainguard, Phylum, Endor Labs, Socket, Sonatype, Rezilion
License Compliance
Overview: Ensuring the use of software within an organization adheres to the terms and conditions outlined in its licensing agreements.
Example(s): Flexera FlexNet Manager, Snow License Manager, USU License Management
Dependency Scanning
Overview: The process of analyzing dependencies for known vulnerabilities and security issues to ensure the security and integrity of an application's third-party components.
Example(s): GitLab Dependency Scanning, Retire.js, OWASP Dependency-Check
Code Signing
Overview: The process of digitally signing software to verify the author's identity and ensure that the code has not been altered or corrupted since it was signed.
Example(s): Sigstore, SignPath, PrimeKey Code Signing
Software Composition Analysis (SCA)
Overview: Processes to identify use of open source software in a codebase to evaluate security, quality, licensing, and other software supply chain risks.
Example(s): Mend.io, Synopsys Black Duck
Software Bill of Materials (SBOM)
Overview: A comprehensive inventory of all components, libraries, and modules used in an application, detailing their versions, licenses, and dependencies.
Example(s): Anchore, Finite State, FOSSA
Blockchain and Web3
Overview: Tools for securing and managing risks on blockchain and Web3 platforms.
Example(s): Aleo, CertiK, Chainalysis, Fireblocks, Ledger, StarkWare
Capital Markets
Overview: Financial markets where equity and debt are traded, facilitating capital raises by companies, investments by individuals and institutions, and mergers and acquisitions by strategic buyers and institutional investors.
Angel and Seed Investors
Overview: Independent individual investors or a group of individual investors who invest capital in early stage cybersecurity companies.
Example(s): Boldstart, Silicon Valley CISO Investments, Team8, Cyberstarts
Investment Banking
Overview: Advisors and intermediaries for financial transactions, including mergers, acquisitions, and large scale investments.
Example(s): Momentum Cyber, Altitude Cyber, Tidal Partners, Houlihan Lokey
Private Equity
Overview: Late stage private equity firms and investment banks with significant portfolios of cybersecurity companies.
Example(s): Thoma Bravo, Vista Equity Partners, Symphony Technology Group
Venture Capital
Overview: Institutional venture capital firms with a significant number of cybersecurity investments and exits.
Example(s): Andreessen Horowitz, Sequoia, NightDragon, SYN Ventures, YL Ventures, ForgePoint Capital, Ten Eleven
Certifications and Training
Overview: Comprehensive cybersecurity awareness, education, and credentialing organizations covering one or more major cybersecurity domains.
Example(s): SANS Institute, OffSec, ISC2
Certifications
Overview: Official cybersecurity professional credentialing programs offered by governing bodies.
Example(s): Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH)
Training
Overview: Education and learning courses or materials about cybersecurity-related topics.
Example(s): The Cyber Mentor, Cybrary
Consumer Security and Privacy
Overview: Practices and countermeasures to protect personal data and ensure the digital safety of consumers against unauthorized access, misuse, and threats.
Anonymous Communication
Overview: Tools and protocols for protecting and anonymizing user internet traffic to conceal location, usage, and identity against network surveillance or traffic analysis.
Example(s): The Tor Project, Freenet, Invisible Internet Project (I2P)
Breach Notification Services
Overview: Services that help inform users if their personal information, such as email address or passwords, have been leaked in data breaches.
Example(s): Have I Been Pwned, 1Password Watchtower, Firefox Monitor
Consumer Privacy
Overview: Protection of personal information and data of consumers, ensuring their right to control its collection, use, and sharing.
Example(s): Privacy, MySudo, Fastmail, Cloaked
Identity Theft Protection
Overview: Services that monitor and restore the personal data of consumers in the event of abnormal activity and theft.
Example(s): LifeLock, Identity Guard
Personal Data Economy
Overview: Platforms that enable individuals to take ownership of their information and potentially profit from selling data.
Example(s): Meeco, World Data Exchange, CitizenMe, Dataswyft
Personal Information Removal
Overview: Services that centralize and automate the process of opting out and removing personal data from data brokers.
Personalized Managed Cybersecurity
Overview: A set of countermeasures and services designed to protect individuals from security threats.
Example(s): Agency, Blackcloak, Sunday
Privacy Assistants
Overview: Tools to help users understand and manage access to their private data.
Example(s): Rita
Reputation
Overview: Monitoring, influencing, and improving an individual's public perception and online presence.
Example(s): Reputation Defender, BrandYourself
Secure Collaboration
Overview: Platforms for private messaging and information sharing through encrypted communication channels.
Example(s): Signal, Telegram, WhatsApp
Cyber Crime
Overview: Illegal activities conducted online, including offenses like hacking, identity theft, and online fraud.
Advanced Persistent Threats (APT)
Overview: Organized groups of threat actors who gain unauthorized access to networks for political or economic reasons.
Example(s): Cozy Bear, Double Dragon
Botnets
Overview: A network of compromised devices under the organized control of an attacker.
Example(s): Mirai, Necurs, Bredolab
Dark Web
Overview: A hidden area of internet sites and services, accessible only from a specialized web browser or proxy.
Example(s): The Hidden Wiki, ProPublica, Daniel, Silk Road
Fraud and Scams
Overview: Content, phishing, spam, and other fraudulent activity intended to trick users into sharing sensitive information.
Example(s): Marketplace Fraud, Account Takeover (ATO), Employment Scams
Malware
Overview: Intrusive software developed by cybercriminals to steal data or damage systems and networks.
Example(s): Pegasus, Petya, Morris worm
Ransomware
Overview: A specific type of malware and associated techniques for restricting access to data or other resources until a ransom is paid.
Example(s): REvil, WannaCry, DarkSide
Spyware and Stalkerware
Overview: Tools that enable someone to spy on another person's digital activity without their knowledge.
Example(s): Pegasus, mSpy, ClevGuard
Data Security
Overview: Practices and technologies used to protect data from unauthorized access, corruption, or theft throughout its lifecycle.
Example(s): Imperva, Rubrik, Varonis
Data Protection
Overview: Technologies to safeguard personal and organizational data from unauthorized access, disclosure, alteration, and destruction.
Example(s): IBM Guardium, Securiti
Database Security
Overview: Tools, controls, and processes to protect databases from compromise.
Example(s): JumpWire, Fortinet FortiGuard Database Security, Baffle
Data Security Posture Management (DSPM)
Overview: A comprehensive approach to continuously identify, assess, and manage the security of data across an organization's entire digital landscape.
Example(s): Cyberhaven, Cyera, Metomic, Normalyze, Reco
e-Discovery
Overview: Identification, collection, and storage of electronic information for investigations and legal requests.
Example(s): Relativity, Logicube, Nuix
Insider Threat Detection
Overview: Identifying and mitigating risks posed by individuals within an organization who might misuse access to harm the organization or its data.
Public Key Infrastructure
Overview: Infrastructure to establish and manage public key encryption for user identities, device identities, and secure end-to-end communications.
Example(s): Entrust, Keyfactor, Let's Encrypt
Rights Management
Overview: Software to help companies protect digital content (videos, images, files, etc.) from unauthorized distribution and duplication.
Example(s): Vera, Seclore EDRM
Data Resilience
Overview: Processes and technologies to reliably store, manage, and recover critical data in the face of disruptions, attacks, or failures.
Example(s): Acronis, Datto, Druva Veeam, CrashPlan
Backup and Recovery
Overview: Processes and tools for creating, storing, and restoring copies of data to protect against data loss.
Example(s): Veritas, Rewind, Hewlett Packard Enterprise Data Protection
Secure Storage
Overview: Processes, hardware, and facilities for maintaining data security and integrity.
Example(s): Commvault, Iron Mountain
Privacy
Overview: Managing and safeguarding personal and sensitive information to ensure it is not misused or accessed without proper authorization.
Example(s): BigID
Data Discovery and Classification
Overview: The process of scanning data sources to find and classify structured and unstructured data, with a focus on sensitive and/or regulated data.
Example(s): ActiveNav, Tanium Reveal, Varonis Data Classification Engine
Data Deidentification and Pseudonymity
Overview: Tools to redact and deidentify data for use by researchers, data scientists, and other parties without compromising the privacy of people in the dataset.
Example(s): Blyss, Hazy, Sarus
Enterprise Communication
Overview: Messaging solutions to help employees and partners within an organization communicate securely.
Example(s): Mattermost, Silent Circle
Encryption and Tokenization
Overview: Processes and tools for transforming sensitive data into an encrypted or masked value.
Example(s): Evervault, Skyflow, Very Good Security
Fraud and Transaction Security
Overview: Measures and technologies to protect financial transactions and sensitive data from fraudulent activities and unauthorized access.
Example(s): Alloy, Forter, Riskified, Sift
Fraud Detection
Overview: Systems and processes to monitor, detect, prevent, and remediate fraudulent transactions and activities.
Example(s): Deduce, Arkose Labs, BioCatch, Pindrop
Orchestration
Overview: Coordinating and automating various fraud detection and prevention tools and processes to organize the response to fraudulent activities across multiple channels.
Example(s): Authsignal, Dodgeball
Transaction Monitoring
Overview: Continuous analysis of financial transactions to identify and prevent fraudulent activities, money laundering, and compliance violations.
Example(s): Actimize, Verafin, Youverify
Governance, Risk, and Compliance
Overview: Methods and technologies for managing an organization's overall governance, enterprise risk management, and compliance with regulatory requirements.
Compliance
Overview: Processes and technologies to manage adherence to laws, regulations, standards, and ethical practices applicable to an organization's operations and activities.
Example(s): Drata, Secureframe, Vanta
Auditors and Assessors
Overview: Firms authorized to conduct independent reviews and certify compliance with regulations and standards.
Example(s): PwC – Trust Solutions, Deloitte – Audit & Assurance, EY – Assurance, KPMG – Audit, Coalfire
Compliance Automation
Overview: Tools for automating compliance processes and continuous controls monitoring.
Example(s): AuditCue, RegScale, Tugboat Logic, Very Good Security
Regulations
Overview: Official rules to enforce laws created by governments. Implemented and maintained by authorized government agencies.
Example(s): HIPAA, Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR)
Third Party Assurance
Overview: An examination of a service provider's services, internal controls, and risks conducted by a third party on behalf of customers. Results are documented in a compliance report.
Governance
Overview: Frameworks, policies, and processes that ensure an organization is managed effectively, ethically, and in a manner aligned with its objectives and stakeholders' interests.
Example(s): Diligent, MetricStream, ServiceNow GRC
GRC
Overview: Systems to automate and integrate enterprise, operational, and IT risk management processes and data.
Example(s): AuditBoard, Camms, LogicGate, Onspring
Metrics and Dashboards
Overview: Tools used to track and display key performance indicators to measure cybersecurity risk and effectiveness.
Example(s): ArmorPoint Unified Security Dashboard, Infosys Cyber Gaze, ServiceNow CISO Dashboard
Policies and Procedures
Overview: Written documents and tools for managing rules for individuals accessing an organization's systems and data.
Example(s): SANS Security Policy Templates, Comprose, FreePrivacyPolicy
Security Architecture
Overview: A core information security function that defines and guides architectural requirements and design of security-relevant elements within an organization.
Example(s): Zero Trust Architecture (ZTA), Software Defined Perimeter (SDP), Privacy by Design
Security Awareness
Overview: Materials and products to measure and improve the knowledge and understanding individuals have about cyber threats and the best practices to safeguard against them.
Example(s): KnowBe4, Living Security, CybSafe, Riot
Segregation of Duties (SOD)
Overview: Automated enforcement of shared responsibilities among multiple people for execution of critical processes. Reduces fraud and errors.
Example(s): SAP Access Control, Pathlock
Standards and Frameworks
Overview: Documented guidance for policies and controls to systematically manage security and risk.
Example(s): NIST Special Publication 800-53, ISO 27002, ISACA COBIT, MITRE ATT&CK
Privacy Program Management
Overview: Policies, practices, and procedures to ensure an organization's handling of personal information complies with privacy laws and respects the rights of individuals.
Example(s): TrustArc, WireWheel
Assessment Managers
Overview: Workflows and automation for various functions of a privacy program.
Example(s): OneTrust Privacy Management, BigID Privacy Impact Assessment App
Consent Management
Overview: Systems and processes for notifying users about personal data collection and collecting explicit consent.
Example(s): CookieYes, Enzuzo, Osano, UserCentrics
Data Mapping
Overview: Tools to help organizations map data flows across the enterprise.
Example(s): DataGrail, BigID Data Mapping
Data Subject Request Automation
Overview: Processes and tools to support individual requests for personal data and use under data privacy laws.
Example(s): Transcend, Ethyca, Ketch Data Subject Rights Fulfillment, MineOS
Privacy Information Managers
Overview: Information and updates for understanding global privacy laws and regulations.
Example(s): OneTrust DataGuidance
Website Scanning
Overview: Tools to check websites to identify which cookies, beacons, and trackers are in use.
Example(s): PrivacyScore, Sovy GDPR Scan, Blacklight
Risk
Overview: The process of identifying, assessing, and prioritizing risks to minimize, monitor, and control the probability or impact of unfortunate events.
Example(s): At Bay, BitSight, Coalition, SecurityScorecard
Cyber Insurance
Overview: Specialty business insurance for protection against cybersecurity-related losses, including data breaches, ransomware, and other incidents.
Example(s): AIG Cyber Insurance, Chubb Cyber Insurance, Liberty Mutual Cyber Liability
Cyber Risk Quantification
Overview: Assessment and quantification an organization's cybersecurity risk level.
Enterprise Risk Management
Overview: Identification, management, and remediation of company-wide risk at an executive level.
Example(s): COSO Enterprise Risk Management Framework, ISO 31000
Third-Party Risk Management (TPRM)
Overview: Identifying, assessing, and mitigating risks associated with external entities like vendors, suppliers, and partners that an organization engages with.
Example(s): Black Kite, Interos, UpGuard
Trust and Safety
Overview: Business practices, workflows, and tools used by online platforms to reduce the risk of users experiencing harm, fraud, abuse, and other negative behaviors.
Example(s): Cinder, SafetyKit, Trustpage, Sero AI
Government and NGOs
Overview: Public and not-for-profit entities responsible for researching, creating, enforcing, and promoting policies, regulations, standards and initiatives to protect digital information and infrastructure from cyber threats and ensure data privacy.
Agencies
Overview: Government agencies specializing in cybersecurity policy, research, and protection.
Example(s): Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Institute of Standards and Technology (NIST), National Security Agency (NSA), Unit 8200
International Organizations
Overview: International government organizations specializing in cybersecurity policy, research, and protection.
Example(s): INTERPOL, NATO Cyber Defence, United Nations Office of Counter-Terrorism
NGOs
Overview: Not-for-profit organizations specializing in cybersecurity policy, research, and protection.
Example(s): Center for Internet Security (CIS), Electronic Frontier Foundation (EFF), FIDO Alliance, Information Security Forum (ISF), Internet Watch Foundation (IWF)
Universities
Overview: Cybersecurity research and education programs at public and private universities.
Example(s): Citizen Lab, Stanford Internet Observatory, Cybersecurity at MIT Sloan
Identity Security
Overview: Policies, technologies, and controls to protect and manage digital identities, ensuring secure access to systems and information while preventing unauthorized use.
Example(s): Okta, Ping Identity, Microsoft Entra, CyberArk, RSA Security
Authentication
Overview: Technology for verifying the identity of a user or entity before granting access.
Example(s): Stytch, Transmit Security
Access Management
Overview: Platforms for identifying, tracking, controlling, and managing user access to applications and infrastructure.
Example(s): Okta Single Sign-On, Ping Identity Single Sign-On, ForgeRock Access Management
Biometrics
Overview: Use of physical or behavioral traits to authenticate and verify identity.
Example(s): Clear, Prove, Keyless
Customer Identity (CIAM)
Overview: Systems for controlling customer access to applications and managing customer profile information.
Example(s): Auth0, Descope, FusionAuth
Electronic Identification
Overview: Government systems for digital proof of identity for citizens and organizations.
Example(s): Aadhaar, Israeli ID
Identity Graphing and Resolution
Overview: Services that correlate online and offline identifiers with consumer identities to create an accurate view of customers.
Example(s): LiveRamp Identity Resolution, Amperity Identity Resolution
Identity Proofing
Overview: A service used for verifying a user's identity based on life history or other data aggregated from public and proprietary data sources.
Example(s): Persona, Trulioo, Jumio, Socure, Veriff
Know Your Business (KYB)
Overview: The process of verifying the identity and assessing the legitimacy of businesses, typically for compliance and risk management purposes.
Multi-Factor Authentication (MFA)
Overview: Authentication that replaces traditional passwords or combines two or more authentication requirements (e.g. password and one-time token) for increased security.
Example(s): Authy, Duo Security, Yubico
Passwordless
Overview: Verification of identities without the use of traditional passwords, instead relying on methods like biometrics, tokens, or cryptographic keys.
Example(s): Beyond Identity, HYPR, Passage, Trusona
Password Managers
Overview: Tools to help users generate, store, and use secure passwords.
Example(s): 1Password, LastPass, Dashlane
SaaS Identity Risk Management
Overview: Assessing, monitoring, and mitigating risks associated with user access and authentication in unmanaged SaaS applications.
Secrets Management
Overview: Securely handling, storing, and accessing sensitive information like tokens and encryption keys for protecting access to applications and services.
Example(s): CyberArk Conjur, GitGuardian, HashiCorp Vault, Truffle Security
Self-Service Password Reset (SSPR)
Overview: Toos that allow users to reset their passwords independently, typically through a series of authentication steps.
Example(s): FastPass, Quest Password Manager
Social Login
Overview: Sign in to third party sites using authentication from social networks.
Example(s): Facebook Login, Google Sign-In, Sign in with Slack
Web3 Authentication
Overview: Decentralized and user-centric identification systems in the blockchain and cryptocurrency space, enabling users to own and control their digital identities without relying on central authorities.
Example(s): Dock, Dynamic, Fractal ID, NuID, Polygon ID, Privy
Authorization
Overview: The process of granting or denying specific permissions and access rights to a user or entity based on their authenticated identity.
Background Screening
Overview: Services that compile and help verify employment, criminal, financial, and other records for people and organizations.
Example(s): Checkr, Truework, HireRight
Centralized Authorization
Overview: A security approach where access control decisions for multiple systems or applications are managed from a single, unified point of policy enforcement and management.
Example(s): Axiomatics, Oso, SGNL
Data Access Governance
Overview: Systems for gaining visibility and enforcing access control policies on unstructured data (spreadsheets, documents, PDFs, etc.).
Example(s): Immuta, SailPoint File Access Manager, Saviynt Data Access Governance
Directory Services
Overview: A repository for collecting information about users, devices, and resources for authentication and authorization. LDAP is a common standard for directory services.
Example(s): Microsoft Entra ID, ForgeRock Directory Services, JumpCloud
Identity Governance and Administration (IGA)
Overview: Systems for administering accounts and credentials, access provisioning, and access reviews.
Example(s): SailPoint, Saviynt, BalkanID, ConductorOne, Entitle, Opal, Veza
Identity Threat Detection and Response (IDTR)
Overview: Identifying, investigating, and mitigating malicious activities targeting user identities and credentials.
Example(s): Authomize, Semperis, Spera
Identity Wallets
Overview: Identity stores that allow users to manage and share their digital identity credentials and data.
Example(s): Spruce, Auth0 Sign In With Ethereum (SIWE)
Physical Access Control
Overview: Solutions that manage physical identities and access to physical locations and spaces.
Example(s): Envoy, Avigilon, Kisi, Honeywell Forge
Privileged Access Management (PAM)
Overview: Systems for managing privileged (elevated) access for users, shared accounts, secrets, keys, and other high risk credentials.
Example(s): BeyondTrust, Delinea, Teleport
Web3 Authorization
Overview: The decentralized process of granting or restricting access to resources and actions in blockchain and decentralized applications, based on verified digital identities and smart contracts.
Example(s): Gatekeeper
Infrastructure Security
Overview: Protection of critical physical and virtual systems, networks, and assets.
Example(s): Check Point, Fortinet, Ivanti
Cloud Security
Overview: Technologies and controls designed to protect data, applications, and infrastructure hosted in cloud environments from threats and vulnerabilities.
Example(s): Aqua, Lacework, Orca, Palo Alto Networks Prisma Cloud, Wiz
Cloud Infrastructure Entitlements Management (CIEM)
Overview: Tools to help companies manage permissions and detect excessive or risky access in cloud environments.
Example(s): K9 Security, Sonrai
Cloud-Native Application Protection Platforms (CNAPP)
Overview: Integrated security solutions designed to protect cloud-native applications by combining capabilities like workload protection, cloud security posture management, and application security.
Example(s): Sysdig, Uptycs, PingSafe
Cloud Security Posture Management (CSPM)
Overview: Continuous management, monitoring, policy enforcement, and compliance for cloud environment configurations.
Example(s): Microsoft Defender for Cloud, Cloudanix, CrowdStrike Falcon Horizon
Cloud Workload Protection Platforms (CWPP)
Overview: Processes and tools for securing containers and workloads within different cloud environments.
Example(s): Amazon GuardDuty, Intezer Protect, Zscaler Cloud Protection
Container Security
Overview: Measures and practices to protect containerized applications and their underlying infrastructure from threats and vulnerabilities throughout the container lifecycle.
Example(s): Fairwinds, Portainer, Red Hat Advanced Cluster Security
SaaS Security
Overview: Strategies and measures implemented to protect data, applications, and services hosted on Software as a Service (SaaS) platforms.
Example(s): AppOmni, Nudge Security, Obsidian, Push Security
Email Security
Overview: Tools used to protect email accounts and content from unauthorized access, threats, and malicious activities.
Example(s): Abnormal, Material Security, Mimecast, Proofpoint
Anti-Spam and Anti-Phishing
Overview: Security measures designed to detect, block, and prevent unwanted or deceptive emails, such as spam and phishing attempts, from reaching users.
Example(s): Avanan, Cloudflare Area 1 Email Security, GreatHorn, MX Layer
Email Archiving
Overview: Storing, preserving, and organizing email communications for long-term retention, easy retrieval, and compliance purposes.
Example(s): ArcTitan, Global Relay, Smarsh
Email Encryption
Overview: Encrypting email messages in transit and/or at rest to protect their content from being read by anyone other than the intended recipients.
Example(s): Paubox, Proton Mail, Mailfence
Phishing Simulation
Overview: A training tool that sends simulated phishing emails to users, testing their ability to recognize and respond to phishing attacks.
Example(s): Cofense, Hook Security, Phished
Secure Email Gateways (SEGs)
Overview: Security solutions that monitor and filter incoming and outgoing emails to protect against spam, viruses, phishing attacks, and other email-based threats.
Example(s): Proofpoint Email Protection, Cisco Secure Email Threat Defense, Microsoft Exchange Online Protection
Endpoint Security
Overview: Protecting network-connected devices such as computers, mobile phones, and tablets from threats and unauthorized access.
Example(s): Jamf, SentinelOne, Tanium
Endpoint Detection and Response (EDR)
Overview: Tools installed on endpoints to record key activity for monitoring and threat investigations.
Example(s): CrowdStrike Falcon, SentinelOne Singularity Endpoint, Trend Vision One
Endpoint Privilege Management (EPM)
Overview: Approach and tools for protecting against execution of malware and unapproved applications on endpoints.
Example(s): CyberArk Endpoint Privilege Manager, Delinea Privilege Manager, VMware Carbon Black App Control
Endpoint Protection Platforms (EPP)
Overview: Software to protect endpoints from threats, including malware, ransomware, phishing, and data theft.
Example(s): Deep Instinct, SparkCognition EPP, WithSecure
File Integrity Monitoring
Overview: Solutions to monitor changes in operating system, database, and application files.
Example(s): CrowdStrike Falcon FileVantage, Tripwire File Integrity Manager, Qualys File Integrity Monitoring
Host Encryption
Overview: The process of encrypting the data stored on a host, such as a server or a computer, to protect it against unauthorized access and ensure its confidentiality.
Example(s): Apple FileVault, Microsoft BitLocker, Symantec Encryption
Host Intrusion Prevention System (HIPS)
Overview: Endpoint-based intrusion detection and prevention system to monitor and analyze internals and network traffic on the endpoint for prevention and detection of threats.
Example(s): ManageEngine EventLog Analyzer, OSSEC, SolarWinds Security Event Manager
Mobile Device Management (MDM)
Overview: Technology used to secure, monitor, manage, and support mobile devices deployed across mobile operators, service providers, and enterprises.
Example(s): Absolute, Kandji, NinjaOne
Mobile Security
Overview: Tools protect sensitive information stored on mobile devices, including smartphones, tablets, and wearables.
Example(s): Jamf Protect, Lookout Mobile Endpoint Security, Deep Instinct Mobile Security
Network Security
Overview: Practices to protect networks and data from unauthorized access, attacks, or misuse.
Example(s): Barracuda, Juniper Networks, SonicWall
DDoS Mitigation
Overview: Services to throttle and prevent distributed denial of service attack disruptions.
Example(s): Cloudflare DDoS Protection, Radware Cloud DDoS Protection Service, Akamai Prolexic
DNS Security
Overview: Protecting the Domain Name System (DNS) from threats and ensuring the integrity and availability of DNS queries and responses.
Example(s): Cloudflare DNS, HYAS, OpenDNS
Firewalls
Overview: Network security devices to regulate network traffic based on rules.
Example(s): CheckPoint Firewall, Cisco Secure Firewall, Fortinet Next Generation Firewall (NGFW), Palo Alto Networks Next-Generation Firewall
Microsegmentation
Overview: Techniques and tools to logically divide networks into security segments with specific controls based on the risk and requirements of each segment.
Example(s): Akamai Guardicore, Elisity, Illumio
Network Access Control (NAC)
Overview: Systems that provide visibility and control of devices accessing a network.
Example(s): Aruba Secure Network Access Control, Portnox
Network Detection and Response (NDR)
Overview: Solutions that continuously monitor network traffic for malicious activities and anomalies, facilitating rapid detection and response to threats.
Example(s): Darktrace DETECT, ExtraHop, Vectra AI
SSL Visibility
Overview: Tools that provide visibility into encrypted network traffic for monitoring and threat analysis.
Example(s): F5 SSL Orchestrator, Broadcom SSL Visibility Appliance
Wireless Security
Overview: Prevention of damage and unauthorized access via wireless networks.
Example(s): Plume, 7SIGNAL, WatchGuard Secure Wi-Fi, Aruba Wireless
Secure Access Service Edge (SASE)
Overview: A network architecture that combines WAN capabilities with cloud-native security functions to support dynamic, secure access to apps and data.
Example(s): CATO Networks, Netskope, Zscaler
Cloud Access Security Brokers (CASB)
Overview: Platforms to help secure and manage use of cloud-based SaaS applications and infrastructure.
Example(s): Netskope Cloud Access Security Broker, Forcepoint Cloud Access Security Broker, Axis Atmos CASB
Data Loss/Leakage Prevention (DLP)
Overview: Systems to detect and prevent transmission of sensitive data.
Example(s): Forcepoint Data Loss Prevention, Proofpoint Enterprise Data Loss Prevention, Symantec Data Loss Prevention
Device Trust
Overview: A security approach that evaluates and verifies the trustworthiness of a device based on its attributes and configuration before granting it access.
Example(s): Kolide
Remote Browser Isolation (RBI)
Overview: Technology that executes web browsing sessions in a remote, isolated environment, protecting the user's device from direct exposure to potential internet threats.
Example(s): Citrix Remote Browser Isolation, Menlo Security Remote Browser Isolation, Zscaler Browser Isolation
Secure Web Browsers
Overview: Security-focused web browsers and isolation for enterprises.
Example(s): Island, Talon, SURF
Secure Web Gateway (SWG)
Overview: Systems to filter user-initiated internet traffic and enforce corporate and regulatory content policies.
Example(s): dope.security, Forcepoint Secure Web Gateway, Lookout Secure Web Gateway, Menlo Secure Web Gateway
Software-Defined Wide Area Network (SD-WAN)
Overview: A networking approach that uses software to control, optimize, and secure traffic routing across wide area networks.
Example(s): HPE Aruba EdgeConnect SD-WAN, Nuage Networks, Versa Networks
Virtual Private Networks (VPN)
Overview: Systems that enable users to securely and privately browse public internet sites and access private networks across a public network.
Example(s): NordVPN, ProtonVPN, Ivanti Connect Secure
Zero Trust Network Access (ZTNA)
Overview: Products that broker access to applications and network resources based on identity and context.
Example(s): Appgate SDP, Cloudflare Access, Palo Alto Networks Prisma Access, Zscaler Private Access
Media
Overview: Organizations providing broad industry coverage, including analysis, events, news, and more.
Example(s): Gartner, Forrester, Information Security Media Group (ISMG), Omdia
Analysts
Overview: Firms and independent analysts covering cybersecurity companies and trends.
Example(s): Strategy of Security, Software Analyst, Venture in Security
Books
Overview: Authors writing books about cybersecurity topics.
Example(s): Bruce Schneier, Matt Bishop, Victoria Baines
Events
Overview: Conferences and events related to cybersecurity.
Example(s): RSA Conference, DEF CON, Black Hat
News
Overview: Media and independent journalists covering cybersecurity news and events.
Example(s): CyberWire, This Week In Security, tl;dr sec, Return on Security
Publications
Overview: Magazines, journals, and other digital media about cybersecurity topics.
Example(s): SC Magazine, ISACA Journal, CISO Magazine
Physical Security
Overview: Measures and controls to protect people, assets, and facilities from physical actions and events that could cause serious loss or damage.
Example(s): Dragos, Claroty, Armis
Connected Car Security
Overview: Protection of vehicle electronic systems, software, and data from malicious attacks.
Example(s): Foretellix, Otonomo
Connected Home Security
Overview: Protection of home electronic systems, software, and data from malicious attacks.
Example(s): Bitdefender BOX, CUJO AI, SAM
Firmware Security
Overview: Protecting the firmware of computers or devices from compromise.
Example(s): Trapezoid, Eclypsium, Palitronica Anvil
Internet of Things (IoT) Security
Overview: Security for Internet of Things (IoT) devices and connected networks.
Example(s): Regulus, Bastille, Karamba Security, Venafi
Operational Technology (OT) Security
Overview: Tools to monitor and control the security of Operational Technology (OT) and Industrial Control Systems (ICS).
Example(s): Tenable.ot, Star Lab, Palitronica Palisade
Security Operations
Overview: Practices, processes, and technologies to continuously monitor, assess, and defend IT infrastructure against cybersecurity threats and incidents.
Example(s): Palo Alto Networks Cortex, Google Chronicle Security Operations, Palantir
Digital Forensics and Incident Response (DFIR)
Overview: Investigation of security incidents through the collection and analysis of digital evidence and implementation of measures to manage and mitigate their impact.
Example(s): Mandiant, Magnet Forensics, incident.io, Stairwell
Cloud Investigation and Response Automation (CIRA)
Overview: Automated data collection and analysis across multi-cloud environments for cloud incident investigations.
Deception
Overview: Tools and techniques to deceive and catch attackers by imitating real assets as traps and decoys.
Example(s): Illusive Attack Detection System
Forensics
Overview: Tracking and analysis of data on networks, mobile devices, computers, and storage devices for cybercrime investigations.
Example(s): AccessData, The Sleuth Kit, EnCase
Intelligence
Overview: Collection, analysis, and dissemination of information about current and potential cyber threats and vulnerabilities.
Example(s): Recorded Future, Reliaquest, ZeroFox
Open Source Intelligence (OSINT)
Overview: Collection of publicly available data and information sources to provide actionable intelligence.
Threat Intelligence
Overview: Collection of intelligence used to understand current or future threats to an organization.
Example(s): GreyNoise, Flashpoint, Cybersixgill, SpyCloud
Intrusion Detection and Prevention
Overview: Technologies that monitor network and system activities for malicious actions or policy violations and automatically take actions to block or prevent potential incidents.
Example(s): FortiNet FortiGate, Juniper Networks SRX Series Firewalls
Canaries
Overview: Decoy data or systems strategically placed within a network to detect and alert on unauthorized access or malicious activity, functioning as an early warning system.
Example(s): Thinkst Canary
Honeypots
Overview: Decoy servers, systems, or data to attract and analyze attacks, helping to understand threat tactics and enhance network defenses.
Example(s): KFSensor, Honeyd, Glastopf
Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)
Overview: Systems to monitor and prevent network traffic using recognized security threat profiles.
Example(s): CheckPoint Intrusion Prevention System, Cisco Secure IPS
Monitoring and Operations
Overview: Continuous surveillance and management of an organization's IT environment to detect, analyze, respond to, and mitigate cybersecurity threats and incidents.
Example(s): Exabeam, Splunk, Sumo Logic
Analytics
Overview: Data analytics platforms to proactively monitor and analyze security data.
Example(s): Awake, Exabeam, Darktrace
Cybersecurity ETL
Overview: Processes and tools to extract, normalize, and enrich security data from multiple tools.
Example(s): Monad, Tarsal, Synqly, Avalor
Employee Monitoring
Overview: Monitoring tools for logging and measuring employee activity and productivity.
Example(s): Controlio, TeraMind
Extended Detection and Response (XDR)
Overview: Systems to aggregate and analyze data to improve threat detection and incident response.
Example(s): CrowdStrike Falcon XDR, Palo Alto Networks Cortex XDR, Sophos XDR, Cynet,
Network Performance Monitoring
Overview: Platforms to visualize, monitor, optimize, troubleshoot, and report on the health and availability of networks.
Example(s): NetScout, SolarWinds Network Performance Monitor
Observability
Overview: Software for application and infrastructure monitoring, tracing, diagnostics, performance, and security.
Example(s): Axiom, Cribl, Datadog, New Relic, Sentry
Security Data Lakes
Overview: A centralized repository that stores large volumes of raw security data from various sources within commercial cloud data platforms, enabling advanced analytics and threat detection.
Example(s): Elysium Analytics, Hunters, Panther
Security Orchestration, Automation, and Response (SOAR)
Overview: Automation to increase the speed, reliability, and accuracy of security operations workflows.
Example(s): Tines, Torq, Revelstoke, Cyware, Swimlane
Security Information and Event Management (SIEM)
Overview: Tools to consolidate and correlate log data for identification of security incidents.
Example(s): Devo, Splunk Enterprise Security, Sumo Logic Cloud SIEM, Elastic SIEM, Securonix
User and Entity Behavior Analytics (UEBA)
Overview: Processes and tools to detect threats based on patterns in user behavior.
Example(s): Securonix UEBA, Gurucul, Exabeam Behavioral Analytics
Service Management
Overview: Planning, delivering, operating, and controlling information technology services offered to customers, focusing on aligning IT processes and services with business needs.
Example(s): ServiceNow, Oomnitza, Kaseya, Electric
Asset Management
Overview: Processes and tools for identifying and managing IT assets and their potential security risks.
Configuration Management Database (CMDB)
Overview: A database for storing information about hardware and software assets. CMDBs are primarily used for IT Service Management; however, much of the data is applicable to security operations.
Example(s): ServiceNow CMDB, Solarwinds CMDB
Patch and System Management
Overview: Processes and tools for keeping applications and infrastructure up to date with patches to address bugs and vulnerabilities.
Example(s): Tanium Patch, Solarwinds Patch Manager, ManageEngine Patch Manager
Vulnerability Assessment and Management
Overview: Systematically identifying, evaluating, treating, and reporting on security vulnerabilities in systems and software to minimize the risk of attacks.
Attack Surface Management (ASM)
Overview: The continuous process of identifying, cataloging, monitoring, and minimizing exposed and potentially exploitable points in an organization's environment.
Example(s): JupiterOne, Balbix, Upguard, NMAP
Cyber Range
Overview: Platforms for hands-on cybersecurity attack training and practice.
Example(s): Hack the Box, Cyberbit Cyber Range
External Attack Surface Management (EASM)
Overview: Identifying, analyzing, and securing an organization's publicly exposed systems, services, and data to mitigate risks from external threats.
Example(s): CyCognito, Detectify, Sevco
Penetration Testing
Overview: Intentional attacks on applications, networks, and infrastructure to identify exploitable vulnerabilities.
Example(s): Wireshark, Metasploit, Praetorian Chariot
Social Engineering
Overview: Techniques to manipulate people into exposing confidential information, allowing unauthorized access, and other human-exploitable vulnerabilities.
Example(s): Cofense
Vulnerability Management and Testing
Overview: Processes and tools for discovering, classifying, prioritizing, and remediating software and infrastructure vulnerabilities.
Example(s): ThreadFix, Vulcan, Nucleus
Services
Overview: Specialized service offerings to protect digital assets, systems, and networks from cyber threats, vulnerabilities, and attacks.
Example(s): Accenture, Mandiant, Secureworks
Managed Services
Overview: Outsourcing of specific security processes or functions to a third-party provider, who manages and delivers these services under a contractual agreement.
Incident Response (IR)
Overview: specialized assistance from external experts to effectively manage and mitigate the impact of cybersecurity incidents to recover and minimize damage.
Example(s): Binary Defense, CrowdStrike Incident Response Services, Kroll Incident Response and Litigation Support
Managed Detection and Response (MDR)
Overview: Outsourced management and monitoring for advanced cybersecurity functions and systems, including threat intelligence, threat hunting, and incident response.
Example(s): Arctic Wolf, BlueVoyant, Deepwatch, eSentire, Red Canary, Sophos
Managed Security Service Provider (MSSP)
Overview: Outsourced management and monitoring for basic cybersecurity functions and systems.
Example(s): Optiv, IBM, Verizon
Outsourcing
Overview: External management of specific cybersecurity functions (typically operational tasks).
Example(s): Wipro, TCS, Infosys
Professional Services
Overview: Specialized, knowledge-based services provided by experts in security strategy, implementation, or operations to support clients' specific business needs.
Boutique
Overview: Specialized cybersecurity, privacy, or risk consulting practices within small professional services firms.
Example(s): NetSPI, Praetorian, BeyondID, Cyderes
Large
Overview: Cybersecurity, privacy, and risk consulting practices within large professional services firms.
Example(s): PwC, Deloitte, Optiv
Talent Marketplaces
Overview: Specialized platforms that connect freelancers or job seekers with organizations or individuals looking to hire specific security skills or expertise for short-term or project-based work.
Crowdsourcing
Overview: Public platforms for specific cybersecurity services, such as bug bounties.
Example(s): HackerOne, BugCrowd, Synack
Freelance Consulting
Overview: Platforms for short-term cybersecurity gigs or contracts for 1099 workers through an employer.
Example(s): PwC Talent Exchange, EY GigNow, Accenture Contractor Exchange, Toptal
Files
The cybersecurity ecosystem is available for download. The full ecosystem map was created in a resolution suitable for 24x36 posters.
PNG
A raster graphic in PNG format.
A printable graphic in PDF format.
License
Strategy of Security Cybersecurity Ecosystem by Cole Grolmus is licensed under CC BY-NC-SA 4.0
If you're interested in using the mapping taxonomy for commercial purposes, please get in touch.