Sabapathy Arumugam

Navigating Cloud Security Ecosystem and its products

Blog Post created by Sabapathy Arumugam on Mar 1, 2017

Security is becoming one of the most important area for an Organization. Securing IT in an Organization involves securing various layers. Unfortunately, there is no single tool or product which provides security for all layers. There are specialized products solving various aspects of the cloud security. As the number of products increases, it becomes increasingly complex to select the right kind of tools based on the needs of an Organization.


The objective of this blog is to navigate the Cloud security ecosystem and various products under five broad categories.

The five broad categories are

  1. Perimeter, Network and Host Security
  2. Application and Endpoint Security
  3. Data Security
  4. GRC & Audit
  5. Security Orchestration

Perimeter, Network and Host Security

Perimeter security refers to routers, firewalls, and intrusion detection systems implemented to tightly control access to networks from outside sources. This is like a Compound Gate


Network and Host Security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure and Host respectively. This is like a main gate.



Firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.


Products: Brocade Vyatta Router, Barracuda NextGen Firewall



NGFW is an integrated network platform that is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration


Products: Checkpoint, Cyberoam Virtual Security appliance, Juniper vSRX Virtual Firewall


Intrusion Detection System (IDS)

IDS is a device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is typically reported either to an administrator or collected centrally using a security information and event management. Common classification is NIDS or HIDS


Products: Snort, OSSSEC, Suricata, Kismet, Alertlogic Threatmonitor


Intrusion Prevention System (IPS)

Some IDS have the ability to respond to detected intrusions. Systems with response capabilities are typically referred to as an intrusion prevention system


Products: Radware Defensepro, IBM Security Network, Snort, Wireshark, Suricata, MCCafe Network Security Platform, Mccafe Host Intrusion Prevention,


Vulnerability Assessment (VAS)

Process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure


Products: QualysGuard, Tenable, OpenVAS, Alertlogic Cloud Insight



Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more


Products: McCafe, Symantec


Malware Detection

Malware, short for malicious software, is any software used to disrupt computer or mobile


Products: Checkpoint, Opswatt, MCCafe, Symantec, VMray


Application and End point Security

Application security identifies gaps or vulnerabilities in the security policy of an application or the underlying packages used in the application


End Point Detection and Response (EDR)
Solutions that focus on detecting, investigating, and mitigating suspicious activities and issues on hosts and endpoints. Originally dubbed Endpoint Threat Detection and Response (ETDR), the term is now more commonly referred to as Endpoint Detection and Response (EDR)


Products: Symantec End Point protection, Outlier, McAfee Endpoint Protection


SSL Certificate Manager

It lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates


Products: zscaler


Web Application Firewall (WAF) A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection


Products: Brocade vWAF, Barracuda WAF, Trustwave, Imperva SecureSphere


Penetration Testing (PenTest)

Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit


Products: Rapid7


Web Gateway or Application Vulnerability Scan (AVS)

Web Application Vulnerability Scanners are automated tools that scan web applications, normally from the outside, to look for security vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal and insecure server configuration


Products: IBM App Scan, NetSparker, HP Fortify WebInspect, zScaler


Data Security

Data security means protecting data, such as a database, from destructive forces and from the unwanted actions of unauthorized users. Data security also protects data from corruption


Identity as a Service (IDaaS)

SaaS-based IAM offerings that allow organizations to use single sign-on (SSO using SAML or OIDC), authentication and access controls to provide secure access to their growing number of software and SaaS applications


Products: Centrify, Onelogin, Okta


File Integrity Management (FIM)

File integrity monitoring (FIM) is an internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline


Products: OSSEC, TripWire


DB Vulnerability or Activity Monitoring

DB Vulnerability Scanners are automated tools that scan Vulnerabilities in Database such as SQL Server, Oracle, MySQL etc.


Products: GreenSQL, IBM Guardiam, Imperva, Trustwave Db Protect


GRC and Audit


GRC (governance, risk management and compliance) software allows publicly-held companies to integrate and manage IT operations that are subject to regulation. Such software typically combines applications that manage the core functions of GRC into a single integrated package


Products: RSA Archer, Threadfix, Metricstream, TripleHelix


Security Audit

Security audit is a systematic measurable technical assessment of a system or application


Products: Open-AudIT, Optiv


Security Orchestration

Security orchestration is a method of connecting security tools and integrating disparate security systems. It is the connected layer that streamlines security processes and powers security automation.


Products: Cloudlock Cybersecurity Orchestrator, Tufin, McAfee ePolicy Orchestrator – ePO, Intellitactics, Netflexity, Avanan, Cloudpassage, Algosec, Fireeye, Cloudenablers – Corestack