Key cyber-security tools

What are the key products for a cyber security expert to know?

Firewalls: Firewalls are the most basic form of cyber security, and are used to block unauthorized access to a network or system.

Firewalls work by filtering traffic between a secure internal network and the public internet. Firewalls are typically installed at the point of entry for a network, such as a router or modem. They examine all incoming and outgoing traffic, and block any traffic that does not meet the security policies set by the user.

Some good brands of firewall include Cisco, Palo Alto Networks, Juniper Networks, Fortinet, WatchGuard, and SonicWall. The cost of firewalls vary depending on the number of users, the type of network, and the features of the firewall. Generally, firewalls range from $200 to $20,000+, depending on the size and complexity of the network.

Intrusion Detection & Prevention Systems (IDS/IPS): These systems detect and prevent malicious activity from occurring on a network or system.

Intrusion Detection & Prevention Systems (IDPS) are security systems that use a combination of hardware and software to detect malicious activity on a network. They typically include a firewall (see above), an intrusion detection system (IDS), and an intrusion prevention system (IPS). The firewall is used to block unauthorized access to the network, while the IDS and IPS are used to detect and prevent malicious activity.

The IDS monitors network traffic for suspicious activity, such as suspicious IP addresses, unusual port scans, and malicious code. When suspicious activity is detected, the system alerts the administrator and may also block the traffic.

The IPS monitors network traffic for malicious activity and blocks malicious traffic before it can cause damage to the system.

Some of the more popular brands of IDPS include Cisco, McAfee, Symantec, Check Point, and Trend Micro. Prices for IDPS systems vary greatly depending on the type and amount of protection needed. Basic systems can start as low as $500, while more advanced systems can cost thousands of dollars.

Antivirus & Anti-malware Software: Antivirus and anti-malware software are used to detect and remove malicious software from computers and networks.

Antivirus and anti-malware software works by scanning the computer or device for malicious or suspicious files and programs. It can detect and remove malicious software, detect and quarantine suspicious files, and alert the user to any potential threats.

Good brands of antivirus and anti-malware software include McAfee, Norton, Kaspersky, Avast, and Bitdefender. Prices vary depending on the features included, but generally range from free to around $100 per year.

Encryption Software: Encryption software is used to protect data from unauthorized access by encrypting it.

Encryption software works by scrambling data so that it can only be accessed by those who have the correct encryption key. It is used to protect sensitive data from unauthorized access.

Some good brands of encryption software include AxCrypt, BitLocker, and DiskCryptor. Prices for these types of software vary depending on the features and level of security offered, but generally range from free to around $100 for more advanced options.

Network Access Control (NAC) Solutions: NAC solutions are used to control access to a network based on user identity and role-based policies.

Network Access Control (NAC) Solutions are designed to provide secure access to a network by controlling the identity and authentication of users. The NAC solution identifies users and their devices, authenticates the user, and checks to make sure the user and device meet the security policy requirements before granting access. It can also monitor the user’s activity on the network, and if the user’s activity deviates from the policy, the NAC solution can limit or stop the user’s access.

Good NAC brands include Cisco, Juniper, Forescout, Pulse Secure, Symantec, and McAfee.

The cost of NAC solutions depends on the features and the number of users that need to be supported. Generally, NAC solutions can range from several thousand dollars to tens of thousands of dollars.

Data Loss Prevention (DLP) Solutions: DLP solutions are used to prevent sensitive data from leaving a network or system.

Data Loss Prevention (DLP) Solutions are technologies that help organizations identify, monitor, and protect sensitive data from unauthorized access, leakage, and other forms of malicious activity. DLP solutions typically employ a combination of techniques, including data classification, encryption, tokenization, and active monitoring, to provide a comprehensive data security solution.

Data classification is the process of labelling and categorizing data based on its sensitivity and value. Once data is classified, organizations can then apply different levels of security to protect it. Encryption is the process of transforming data into a form that is unreadable and unalterable without a key. Tokenization is the process of creating a substitute value for sensitive data, such as a credit card number, to protect it from unauthorized access. Finally, active monitoring is the continuous analysis of data and user activity to detect any suspicious activity that may indicate a breach.

Some good DLP solution brands include Symantec, McAfee, and Trend Micro. Prices for these solutions can range from $100 to $1000 per user, depending on the features and capabilities of the solution.

Security Information and Event Management (SIEM): SIEM solutions are used to monitor and analyze security events and logs in order to detect and respond to security threats.

Security Information and Event Management (SIEM) is a technology that combines Security Information Management (SIM) and Security Event Management (SEM) to provide real-time analysis of security alerts generated by network hardware and applications. SIEM systems collect, analyze, and store logs from multiple sources, including firewalls, intrusion detection systems, anti-virus programs, and operating systems. The collected data is then used to generate reports, detect security incidents, and generate alerts.

Some good brands of SIEM systems are Splunk, IBM QRadar, SolarWinds Log & Event Manager, and LogRhythm. Prices vary depending on the number of users and features included, but a basic SIEM system can range from $1,000 to $10,000 per year.

Identity and Access Management (IAM): IAM solutions are used to manage user identities, access control policies, and authentication methods.

Identity and Access Management (IAM) solutions are software tools that allow organizations to manage and secure user access to their digital resources. The core component of IAM is the Identity Provider (IdP) which is responsible for authenticating, authorizing, and managing user access to resources. The IdP typically stores user credentials and provides authentication services such as two-factor authentication and single sign-on (SSO).

IAM solutions also include features such as access control, user provisioning, user lifecycle management, and audit logging. The access control component allows organizations to define access policies that restrict who has access to which resources. User provisioning allows organizations to manage user accounts and the access they have to resources. User lifecycle management includes features such as user onboarding, password management, and account disabling. Audit logging provides an audit trail of user activity and helps organizations meet compliance requirements.

Good brands of IAM solutions include Okta, OneLogin, Auth0, and Microsoft Azure Active Directory. Prices vary depending on the features included, but generally start at around $4 per user per month for basic features.