Cybersecurity Ecosystem

Introduction

This is an ongoing project to capture the layout of the industries that comprise cybersecurity, privacy, and risk.

The mapping project is a combination of visuals, definitions, and examples from each area of the ecosystem. Seeing the ecosystem from multiple views is the most practical approach to grappling with the enormity of it all.

A table of contents is available to help you navigate through the mapping. It's large, and there is no way to simplify it without losing important details.

Various image formats and source files are also available at the bottom. You're welcome to use them as you please.

For more background on the thought process behind the project, check out the introductory article:

Mapping the Cybersecurity Ecosystem
An introduction to the cybersecurity ecosystem mapping project. It’s time to reframe our view of cybersecurity and move our thinking from industries to ecosystems.

I hope you find this useful as you build your understanding of cybersecurity and plot your course in the industry.

Application Security

API Security

Overview: Processes and tools for preventing and monitoring malicious attacks and misuse of APIs.

Example(s): Salt Security, Wallarm, 42Crunch

Bot Management

Overview: Techniques and tools for assessing website bots and blocking malicious activity.

Example(s): PerimeterX, Netacea, Imperva Advanced Bot Detection, F5 Distributed Cloud Bot Defense

DevSecOps

Overview: An approach to software development that includes the combination of development, security, and operations as a shared responsibility throughout the lifecycle of an application.

Example(s): NIST: DevSecOps

Software Composition Analysis

Overview: Processes to identify use of open source software in a codebase to evaluate security, quality, licensing, and other software supply chain risks.

Example(s): Veracode, WhiteSource, Sonatype, Cloudsmith

Software Supply Chain Security

Overview: The identification, analysis, monitoring, and mitigation of security risks from third party software vendors, packages, integrations, and other components.

Example(s): Chainguard, Cloudsmith, Phylum

Static and Dynamic Application Security Testing (SAST/DAST)

Overview: Methodologies and tools for identifying security vulnerabilities in applications.

Example(s): Snyk, Acunetix, Stackhawk, Cobalt Strike

Web Application Firewall (WAF)

Overview: Systems to protect web applications or APIs against exploits, bots, and attacks that compromise the security and availability of web applications.

Example(s): F5 Advanced WAF, Signal Sciences, Cloudflare Web Application Firewall, Reblaze

Blockchain and Web3

Overview: Tools for securing and managing risks on blockchain and Web3 platforms.

Example(s): valid.network, Fireblocks, GK8, NuID, Remme

Cloud Security

Cloud Access Security Brokers (CASB)

Overview: Platforms to help secure and manage use of cloud-based SaaS applications and infrastructure.

Example(s): Netskope, Bitglass, McAfee MVISION Cloud

Cloud Infrastructure Entitlements Management (CIEM)

Overview: Tools to help companies manage permissions and detect excessive or risky access in cloud environments.

Example(s): Authomize, Ermetic

Cloud Security Posture Management (CSPM)

Overview: Continuous management, monitoring, policy enforcement, and compliance for cloud environment configurations.

Example(s): Wiz, Orca, Bridgecrew, Cloudanix, CrowdStrike Falcon Horizon

Cloud Workload Protection Platforms (CWPP)

Overview: Processes and tools for securing containers and workloads within different cloud environments.

Example(s): Aqua, Portshift, Intezer Protect, Zscaler Cloud Protection

Microsegmentation

Overview: Techniques and tools to logically divide networks into security segments at the workload level with specific controls based on the risk and requirements of each segment.

Example(s): Akamai Guardicore, Illumio

Certifications and Training

Certifications

Overview: Official cybersecurity professional credentialing programs offered by governing bodies.

Example(s): Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH)

Training

Overview: Education and learning courses or materials about cybersecurity-related topics.

Example(s): SANS Institute, The Cyber Mentor, Cybrary

Cyber Crime

Advanced Persistent Threats (APT)

Overview: Organized groups of threat actors who gain unauthorized access to networks for political or economic reasons.

Example(s): Cozy Bear, Double Dragon

Botnets

Overview: A network of compromised devices under the organized control of an attacker.

Example(s): Mirai, Necurs, Bredolab

Dark Web

Overview: A hidden area of internet sites and services, accessible only from a specialized web browser or proxy.

Example(s): The Hidden Wiki, ProPublica, Daniel, Silk Road

Fraud and Scams

Overview: Content, phishing, spam, and other fraudulent activity intended to trick users into sharing sensitive information.

Example(s): Marketplace Fraud, Account Takeover (ATO), Employment Scams

Malware

Overview: Intrusive software developed by cybercriminals to steal data or damage systems and networks.

Example(s): Pegasus, Petya, Morris worm

Ransomware

Overview: A specific type of malware and associated techniques for restricting access to data or other resources until a ransom is paid.

Example(s): REvil, WannaCry, DarkSide

Spyware and Stalkerware

Overview: Tools that enable someone to spy on another person's digital activity without their knowledge.

Example(s): Pegasus, mSpy, ClevGuard

Digital Identity

Authentication

Access Management

Overview: Platforms for identifying, tracking, controlling, and managing user access to applications and infrastructure.

Example(s): Okta Single Sign-On, Ping Identity Single Sign-On, ForgeRock Access Management

Biometrics

Overview: Use of physical or behavioral traits to authenticate and verify identity.

Example(s): Clear, Prove, Keyless

Customer Identity (CIAM)

Overview: Systems for controlling customer access to applications and managing customer profile information.

Example(s): Okta, ForgeRock, Ping Identity, FusionAuth

Electronic Identification

Overview: Government systems for digital proof of identity for citizens and organizations.

Example(s): Aadhaar, Israeli ID

Identity Graphing and Resolution

Overview: Services that correlate online and offline identifiers with consumer identities to create an accurate view of customers.

Example(s): LiveRamp Identity Resolution, Amperity Identity Resolution, Tapad

Identity Proofing

Overview: A service used for verifying a user's identity based on life history or other data aggregated from public and proprietary data sources.

Example(s): Persona, Trulioo, Jumio, AU10TIX

Passwordless and Multi-Factor Authentication

Overview: Authentication that replaces traditional passwords or combines two or more authentication requirements (e.g. password and one-time token) for increased security.

Example(s): Stytch, Transmit Security, HYPR, Beyond Identity, Duo Security, Authy, Trusona

Password Managers

Overview: Tools to help users generate, store, and use secure passwords.

Example(s): 1Password, LastPass, Dashlane

Social Login

Overview: Sign in to third party sites using authentication from social networks.

Example(s): Facebook Login, Google Sign-In, Sign in with Slack, Passport

Authorization

Background Screening

Overview: Services that compile and help verify employment, criminal, financial, and other records for people and organizations.

Example(s): Checkr, Truework, HireRight

Data Access Governance

Overview: Systems for gaining visibility and enforcing access control policies on unstructured data (spreadsheets, documents, PDFs, etc.).

Example(s): Varonis, StealthBits, SailPoint File Access Manager, Immuta

Directory Services

Overview: A repository for collecting information about users, devices, and resources for authentication and authorization. LDAP is a common standard for directory services.

Example(s): Microsoft Active Directory, ForgeRock Directory Services, JumpCloud

Identity Governance and Administration (IGA)

Overview: Systems for administering accounts and credentials, access provisioning, and access reviews.

Example(s): SailPoint, Oracle Identity Governance, ForgeRock Identity Management

Identity Theft Protection

Overview: Services that monitor and restore the personal data of consumers in the event of abnormal activity and theft.

Example(s): LifeLock, Identity Guard

Identity Wallets

Overview: Identity stores that allow users to manage and share their digital identity credentials and data.

Example(s): Spruce, Auth0 Sign In With Ethereum (SIWE), Proxy

Physical Access Control

Overview: Solutions that manage physical identities and access to physical locations and spaces.

Example(s): Envoy Visitor Management System, Openpath, Kisi, Sine

Privileged Access Management (PAM)

Overview: Systems for managing privileged (elevated) access for users, shared accounts, secrets, keys, and other high risk credentials.

Example(s): CyberArk, BeyondTrust, HashiCorp Vault

Fraud and Transaction Security

Fraud and Risk

Overview: Systems and processes to monitor, detect, prevent, and remediate fraudulent transactions and activities.

Example(s): Sift, Riskified, Deduce, Arkose Labs, BioCatch, Bolt Fraud Protection, MagicCube, Shift, DataVisor, Alloy

Trust and Safety

Overview: Business practices, workflows, and tools used by online platforms to reduce the risk of users experiencing harm, fraud, abuse, and other negative behaviors.

Example(s): Spectrum Labs, Cinder, Trustpage

Governance, Risk, and Compliance

Governance

GRC

Overview: Systems to automate and integrate enterprise, operational, and IT risk management processes and data.

Example(s): RSA Archer, LogicGate, ServiceNow GRC

Metrics and Dashboards

Overview: Tools used to track and display key performance indicators to measure cybersecurity risk and effectiveness.

Example(s): UpGuard, custom internal dashboards

Policies and Procedures

Overview: Written documents and tools for managing rules for individuals accessing an organization's systems and data.

Example(s): SANS Security Policy Templates, Zavanta, Tugboat Logic Information Security Policy Generator

Security Architecture

Overview: A core information security function that defines and guides architectural requirements and design of security-relevant elements within an organization.

Example(s): Zero Trust Architecture (ZTA), Software Defined Perimeter (SDP), Secure Access Service Edge (SASE) , Privacy by Design

Security Awareness

Overview: Training, instruction, and tools to educate users within an organization how to protect themselves and the company's assets from loss or harm.

Example(s): KnowBe4, CybSafe, Living Security

Segregation of Duties (SOD)

Overview: Automated enforcement of shared responsibilities among multiple people for execution of critical processes. Reduces fraud and errors.

Example(s): SAP Access Control, Pathlock

Standards and Frameworks

Overview: Documented guidance for policies and controls to systematically manage security and risk.

Example(s): NIST Special Publication 800-53, ISO 27002, ISACA COBIT, MITRE ATT&CK

Risk

Cyber Insurance

Overview: Specialty business insurance for protection against cybersecurity-related losses, including data breaches, ransomware, and other incidents.

Example(s): AIG Cyber Insurance, Chubb Cyber Insurance, Liberty Mutual Cyber Liability

Enterprise Risk Management

Overview: Identification, management, and remediation of company-wide risk at an executive level.

Example(s): COSO ERM Integrated Framework, ISO 31000

Risk Ratings

Overview: Assessment and quantification an organization's cybersecurity risk level.

Example(s): BitSight, SecurityScorecard, Corax

Compliance

Auditors and Assessors

Overview: Firms authorized to conduct independent reviews and certify compliance with regulations and standards.

Example(s): PwC – Trust Solutions, Deloitte – Audit & Assurance, EY – Assurance, KPMG – Audit, Trustwave

Compliance Automation

Overview: Tools for automating compliance processes and continuous controls monitoring.

Example(s): Vanta, Secureframe, Tugboat Logic, Drata, Very Good Security

Regulations

Overview: Official rules to enforce laws created by governments. Implemented and maintained by authorized government agencies.

Example(s): HIPAA, Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR)

Third Party Assurance

Overview: An examination of a service provider's services, internal controls, and risks conducted by a third party on behalf of customers. Results are documented in a compliance report.

Example(s): SOC 2, ISO 27001

Government and NGOs

Agencies

Overview: Government agencies specializing in cybersecurity policy, research, and protection.

Example(s): National Security Agency (NSA), Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Institute of Standards and Technology (NIST)

International Organizations

Overview: International government organizations specializing in cybersecurity policy, research, and protection.

Example(s): INTERPOL, NATO Cyber Defence, United Nations Office of Counter-Terrorism

NGOs

Overview: Nonprofit organizations specializing in cybersecurity policy, research, and protection.

Example(s): Electronic Frontier Foundation (EFF), Internet Watch Foundation (IWF), Information Security Forum (ISF), Center for Internet Security (CIS)

Universities

Overview: Cybersecurity research and education programs at public and private universities.

Example(s): Citizen Lab, Stanford Internet Observatory, Cybersecurity at MIT Sloan

Infrastructure Security

Network Security

DDoS Mitigation

Overview: Services to throttle and prevent distributed denial of service attack disruptions.

Example(s): Cloudflare DDoS Protection, Radware Cloud DDoS Protection Service, Akamai Prolexic

DNS/DHCP/IPAM

Overview: Services and administration for DNS, DHCP, and IP addressing used on a network.

Example(s): OpenDNS, Cloudflare DNS, BlueCat

Firewalls

Overview: Network security devices to regulate network traffic based on rules.

Example(s): CheckPoint Firewall, Cisco Secure Firewall, F5 Advanced Firewall Manager, Palo Alto Networks Next-Generation Firewall

Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)

Overview: Systems to monitor and prevent network traffic matching recognized security threat profiles.

Example(s): CheckPoint Intrusion Prevention System, Cisco Secure IPS, Juniper SRX

Messaging Security

Overview: Processes and tools to secure and protect messaging and communication infrastructure, primarily focused on email-based threats.

Example(s): Tessian, ProofPoint Email Security and Protection, Mimecast Email Security, GreatHorn, IRONSCALES, Area 1

Network Access Control (NAC)

Overview: Systems that provide visibility and control of devices accessing a network.

Example(s): Aruba Secure Network Access Control, Netshield, Portnox

Secure Networking

Overview: Policies, processes, and tools to augment networking with additional security controls. An adjacent domain with several features related to cybersecurity.

Example(s): Exinda Network Orchestrator, Forescout

Secure Web Gateway

Overview: Systems to filter user-initiated internet traffic and enforce corporate and regulatory content policies.

Example(s): Menlo Secure Web Gateway, Zscaler Internet Access, Lookout Secure Web Gateway, Forcepoint Secure Web Gateway

SSL Visibility

Overview: Tools that provide visibility into encrypted network traffic for monitoring and threat analysis.

Example(s): F5 SSL Orchestrator, Broadcom SSL Visibility Appliance

Virtual Private Networks (VPN)

Overview: Systems that enable users to securely and privately browse public internet sites and access private networks across a public network.

Example(s): NordVPN, ProtonVPN, PulseSecure

Wireless Security

Overview: Prevention of damage and unauthorized access via wireless networks.

Example(s): 7SIGNAL, WatchGuard Secure Wi-Fi, Aruba Wireless

Zero Trust Network Access (ZTNA)

Overview: Products that broker access to applications and network resources based on identity and context.

Example(s): Appgate SDP, Zscaler Private Access, Palo Alto Networks Prisma Access

Endpoint Security

Application Control

Overview: Approach and tools for protecting against execution of malware and unapproved applications on endpoints.

Example(s): Thycotic Privilege Manager, McAfee Application and Change Control, VMware Carbon Black App Control

Endpoint Detection and Response

Overview: Tools installed on endpoints to record key activity for monitoring and threat investigations.

Example(s): SentinelOne, Cybereason, Tanium Threat Response, Sophos Intercept X Endpoint

Endpoint Protection

Overview: Software to protect endpoints from threats, including malware, ransomware, phishing, and data theft.

Example(s): Kaspersky, CrowdStrike Falcon Endpoint Protection, SparkCognition DeepArmor

File Integrity Monitoring

Overview: Solutions to monitor changes in operating system, database, and application files.

Example(s): CrowdStrike Falcon FileVantage, Tripwire File Integrity Manager, Qualys File Integrity Monitoring

Host Intrusion Prevention System (HIPS)

Overview: Endpoint-based intrusion detection and prevention system to monitor and analyze internals and network traffic on the endpoint for prevention and detection of threats.

Example(s): McAfee Host Intrusion Prevention

Secure Desktop

Overview: Management of endpoints for containment of threats and secure enterprise network access.

Example(s): Hysolate, Absolute, Ivanti

Secure Web Browsers

Overview: Security-focused web browsers and isolation for enterprises.

Example(s): Authentic8, Island, Talon

Data Center Security

Backup and Recovery

Overview: Processes and tools for creating, storing, and restoring copies of data to protect against data loss.

Example(s): Veritas, Rewind, Hewlett Packard Enterprise Data Protection

Secure Storage

Overview: Processes, hardware, and facilities for maintaining data security and integrity.

Example(s): Commvault, Veeam, Iron Mountain

Investors

Angel and Seed Investors

Overview: Independent individual investors or a group of individual investors who invest capital in early stage cybersecurity companies.

Example(s): Silicon Valley CISO Investments, SYN Ventures, Cyber Seed Fund I

Investment Banking

Overview: Advisors and intermediaries for financial transactions, including mergers, acquisitions, and large scale investments.

Example(s): Momentum Cyber, AGC Partners, DBO Partners

Private Equity

Overview: Late stage private equity firms and investment banks with significant portfolios of cybersecurity companies.

Example(s): Thoma Bravo, Vista Equity Partners, Symphony Technology Group

Venture Capital

Overview: Institutional venture capital firms with a significant number of cybersecurity investments and exits.

Example(s): Andreessen Horowitz, Sequoia, NightDragon, YL Ventures, AllegisCyber Capital, ForgePoint Capital, Ten Eleven

Media

Analysts

Overview: Firms and independent analysts covering cybersecurity companies and trends.

Example(s): Gartner, Forrester, Strategy of Security

Books

Overview: Authors writing books about cybersecurity topics.

Example(s): Bruce Schneier, Matt Bishop, Victoria Baines

Events

Overview: Conferences and events related to cybersecurity.

Example(s): RSA Conference, DEF CON, Oktane

News

Overview: Media and independent journalists covering cybersecurity news and events.

Example(s): CyberWire, This Week In Security, tl;dr sec

Publications

Overview: Magazines, journals, and other digital media about cybersecurity topics.

Example(s): SC Magazine, ISACA Journal, CISO Magazine

Mobile Security

Overview: Tools protect sensitive information stored on mobile devices, including smartphones, tablets, and wearables.

Example(s): Lookout Mobile Endpoint Security, Deep Instinct Mobile Security, SIRIN LABS

Physical Security

Connected Car Security

Overview: Protection of vehicle electronic systems, software, and data from malicious attacks.

Example(s): Foretellix, SafeRide, Otonomo

Connected Home Security

Overview: Protection of home electronic systems, software, and data from malicious attacks.

Example(s): Bitdefender BOX, CUJO AI, SAM

Firmware Security

Overview: Protecting the firmware of computers or devices from compromise.

Example(s): Trapezoid, Eclypsium, Vdoo, Finite State, Palitronica Anvil

Internet of Things (IoT) Security

Overview: Security for Internet of Things (IoT) devices and connected networks.

Example(s): Armis, Regulus, Bastille, Karamba Security

Operational Technology (OT) Security

Overview: Tools to monitor and control the security of Industrial Control Systems (ICS).

Example(s): Dragos, Claroty, Tenable.ot, Star Lab, Palitronica Palisade

Privacy

Consumer Privacy

Anonymous Communication

Overview: Tools and protocols for protecting and anonymizing user internet traffic to conceal location, usage, and identity against network surveillance or traffic analysis.

Example(s): The Tor Project, Freenet, Invisible Internet Project (I2P)

Breach Notification Services

Overview: Services that help inform users if their personal information, such as email address or passwords, have been leaked in data breaches.

Example(s): Have I Been Pwned, 1Password Watchtower, Firefox Monitor

Personal Data Economy

Overview: Platforms that enable individuals to take ownership of their information and potentially profit from selling data.

Example(s): Meeco, digi.me, CitizenMe, Dataswift

Personal Information Removal

Overview: Services that centralize and automate the process of opting out and removing personal data from data brokers.

Example(s): Optery, Removaly

Privacy Assistants

Overview: Tools to help users understand and manage access to their private data.

Example(s): Fastmail, MySudo, Jumbo, Rita, Privacy, Cloaked

Secure Collaboration

Overview: Platforms for private messaging and information sharing through encrypted communication channels.

Example(s): Signal, Telegram, WhatsApp

Data Protection

Data Loss/Leakage Prevention

Overview: Systems to detect and prevent transmission of sensitive data.

Example(s): Code42, Forcepoint Data Loss Prevention, McAfee Total Prevention

Database Security

Overview: Tools, controls, and processes to protect databases from compromise.

Example(s): Fortinet FortiGuard Database Security, IBM Guardium, Baffle

e-Discovery

Overview: Identification, collection, and storage of electronic information for investigations and legal requests.

Example(s): Relativity, Logicube, Nuix, Consilio

Public Key Infrastructure

Overview: Infrastructure to establish and manage public key encryption for user identities, device identities, and secure end-to-end communications.

Example(s): Entrust, Keyfactor, Let's Encrypt, Venafi

Rights Management

Overview: Software to help companies protect digital content (videos, images, files, etc.) from unauthorized distribution and duplication.

Example(s): Vera, Seclore EDRM

Enterprise Privacy Management

Data Discovery and Classification

Overview: The process of scanning data sources to find and classify structured and unstructured data, with a focus on sensitive and/or regulated data.

Example(s): BigID, ActiveNav, Tanium Reveal, Varonis Data Classification Engine

Data Deidentification and Pseudonymity

Overview: Tools to redact and deidentify data for use by researchers, data scientists, and other parties without compromising the privacy of people in the dataset.

Example(s): Privitar, Hazy, Statice, Sarus

Enterprise Communication

Overview: Messaging solutions to help employees and partners within an organization communicate securely.

Example(s): Mattermost, Silent Circle

Encryption and Tokenization

Overview: Processes and tools for transforming sensitive data into an encrypted or masked value.

Example(s): Very Good Security, Skyflow, Evervault, StrongSalt

Privacy Program Management

Assessment Managers

Overview: Workflows and automation for various functions of a privacy program.

Example(s): OneTrust Privacy Management, TrustArc, BigID Privacy Impact Assessment App

Overview: Systems and processes for notifying users about personal data collection and collecting explicit consent.

Example(s): UserCentrics, Osano, CookieYes

Data Mapping

Overview: Tools to help organizations map data flows across the enterprise.

Example(s): DataGrail, BigID Data Mapping

Data Subject Request Automation

Overview: Processes and tools to support individual requests for personal data and use under data privacy laws.

Example(s): Transcend, Metomic, Ethyca, Ketch Data Subject Rights Fulfillment

Privacy Information Managers

Overview: Information and updates for understanding global privacy laws and regulations.

Example(s): OneTrust DataGuidance

Website Scanning

Overview: Tools to check websites to identify which cookies, beacons, and trackers are in use.

Example(s): PrivacyScore, Sovy GDPR Scan, Blacklight

Professional Services

Managed Services

Managed Detection and Response (MDR)

Overview: Outsourced management and monitoring for advanced cybersecurity functions and systems, including threat intelligence, threat hunting, and incident response.

Example(s): eSentire, Arctic Wolf, Red Canary

Managed Security Service Provider (MSSP)

Overview: Outsourced management and monitoring for basic cybersecurity functions and systems.

Example(s): Optiv, IBM, Verizon

Outsourcing

Overview: External management of specific cybersecurity functions (typically operational tasks). Often focused on cost reduction.

Example(s): Wipro, TCS, Infosys

Consulting

Boutique

Overview: Specialized cybersecurity, privacy, or risk consulting practices within small professional services firms.

Example(s): Krebs Stamos Group, Mandiant, Praetorian

Large

Overview: Cybersecurity, privacy, and risk consulting practices within large professional services firms.

Example(s): Accenture, PwC, Deloitte

Talent Marketplaces

Freelance Consulting

Overview: Platforms for short-term cybersecurity gigs or contracts for 1099 workers through an employer.

Example(s): PwC Talent Exchange, EY GigNow, Accenture Contractor Exchange

Crowdsourcing

Overview: Public platforms for specific cybersecurity services, such as bug bounties.

Example(s): HackerOne, BugCrowd, Synack

Security Operations

Monitoring and Operations

Analytics

Overview: Data analytics platforms to proactively monitor and analyze security data.

Example(s): Awake, Exabeam, Darktrace

Application Performance Monitoring (APM)

Overview: Software for application monitoring, tracing, diagnostics, and performance. This domain is adjacent to cybersecurity with some common cybersecurity features.

Example(s): Datadog, New Relic, Sentry

Data Management

Overview: Processes and tools to extract, normalize, and enrich security data from multiple tools.

Example(s): Monad

Employee Monitoring

Overview: Monitoring tools for logging and measuring employee activity and productivity.

Example(s): Controlio, TeraMind

Network Performance Monitoring

Overview: Platforms to visualize, monitor, optimize, troubleshoot, and report on the health and availability of networks.

Example(s): NetScout, SolarWinds Network Performance Monitor

Security Information and Event Management (SIEM)

Overview: Tools to consolidate and correlate log data for identification of security incidents.

Example(s): Splunk Enterprise Security, Sumo Logic Cloud SIEM, Elastic SIEM, Panther

User and Entity Behavior Analytics (UEBA)

Overview: Processes and tools to detect threats based on patterns in user behavior.

Example(s): Securonix UEBA, Gurucul, Exabeam Behavioral Analytics

Vulnerability Assessment and Management

Cyber Range

Overview: Platforms for hands-on cybersecurity attack training and practice.

Example(s): Hack the Box, Cyberbit Cyber Range

Penetration Testing

Overview: Intentional attacks on applications, networks, and infrastructure to identify exploitable vulnerabilities.

Example(s): Wireshark, Metasploit, NMAP

Social Engineering

Overview: Techniques to manipulate people into exposing confidential information, allowing unauthorized access, and other human-exploitable vulnerabilities.

Example(s): Cofense, Proofpoint

Vulnerability Management and Testing

Overview: Processes and tools for discovering, classifying, prioritizing, and remediating software and infrastructure vulnerabilities.

Example(s): Qualys, Tenable, ThreadFix, Vulcan

Change Management

Asset Management

Overview: Processes and tools for identifying and managing IT assets and their potential security risks.

Example(s): Jamf, Axonius, Armis

Configuration Management Database (CMDB)

Overview: A database for storing information about hardware and software assets. CMDBs are primarily used for IT Service Management; however, much of the data is applicable to security operations.

Example(s): ServiceNow CMDB, Solarwinds CMDB, JupiterOne

Patch and System Management

Overview: Processes and tools for keeping applications and infrastructure up to date with patches to address bugs and vulnerabilities.

Example(s): Tanium Patch, Solarwinds Patch Manager, ManageEngine Patch Manager

Incident Management and Response

Deception

Overview: Tools and techniques to deceive and catch attackers by imitating real assets as traps and decoys.

Example(s): Canary, Illusive Attack Detection System, TrapX

Extended Detection and Response (XDR)

Overview: Systems to aggregate and analyze data to improve threat detection and incident response.

Example(s): Anomali, Cynet, FireEye XDR

Forensics

Overview: Tracking and analysis of data on networks, mobile devices, computers, and storage devices for cybercrime investigations.

Example(s): AccessData, The Sleuth Kit, EnCase

Security Orchestration, Automation, and Response (SOAR)

Overview: Systems and processes for collecting data from various security operations sources to define, prioritize, and automate incident response activities and workflows.

Example(s): FireEye Helix, Cyware, Swimlane, Tines

Intelligence

Open Source Intelligence (OSINT)

Overview: Collection of publicly available data and information sources to provide actionable intelligence.

Example(s): Shodan, Maltego, GreyNoise

Threat Intelligence

Overview: Collection of intelligence used to understand current or future threats to an organization.

Example(s): Recorded Future, RiskIQ, ZeroFox, Digital Shadows


Files

The cybersecurity ecosystem mapping is free for you to use and republish. Several variations in multiple file formats are available here.

The full ecosystem map was created in a resolution suitable for 24x36 posters.

SVG

A vector graphic in SVG format for dynamic resizing and printing.

PNG

A raster graphic in PNG format.

PDF

A printable graphic in PDF format.

Figma

The original Figma source file in read-only format.

GitHub Repository

Text for the definitions and mapping in Markdown format.

GitHub - strategyofsecurity/cybersecurity-ecosystem: Data behind the Strategy of Security cybersecurity ecosystem mapping project.
Data behind the Strategy of Security cybersecurity ecosystem mapping project. - GitHub - strategyofsecurity/cybersecurity-ecosystem: Data behind the Strategy of Security cybersecurity ecosystem map...

Credits

Multiple sources were used for this meta-analysis of the cybersecurity ecosystem, including the following:

Ecosystems
Table of Contents
You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Strategy of Security.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.