Navigating Cloud Security Ecosystem and its products

Security is becoming one of the most important area for an Organization. Securing IT in an Organization involves securing various layers. Unfortunately, there is no single tool or product which provides security for all layers. There are specialized products solving various aspects of the cloud security. As the number of products increases, it becomes increasingly complex to select the right kind of tools based on the needs of an Organization.


The objective of this blog is to navigate the Cloud security ecosystem and various products under five broad categories.

The five broad categories are

  1. Perimeter, Network and Host Security
  2. Application and Endpoint Security
  3. Data Security
  4. GRC & Audit
  5. Security Orchestration

Perimeter, Network and Host Security

Perimeter security refers to routers, firewalls, and intrusion detection systems implemented to tightly control access to networks from outside sources. This is like a Compound Gate

Network and Host Security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure and Host respectively. This is like a main gate.


Firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.

Products: Brocade Vyatta Router, Barracuda NextGen Firewall


NGFW is an integrated network platform that is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration

Products: Checkpoint, Cyberoam Virtual Security appliance, Juniper vSRX Virtual Firewall

Intrusion Detection System (IDS)

IDS is a device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is typically reported either to an administrator or collected centrally using a security information and event management. Common classification is NIDS or HIDS

Products: Snort, OSSSEC, Suricata, Kismet, Alertlogic Threatmonitor

Intrusion Prevention System (IPS)

Some IDS have the ability to respond to detected intrusions. Systems with response capabilities are typically referred to as an intrusion prevention system

Products: Radware Defensepro, IBM Security Network, Snort, Wireshark, Suricata, MCCafe Network Security Platform, Mccafe Host Intrusion Prevention,

Vulnerability Assessment (VAS)

Process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure

Products: QualysGuard, Tenable, OpenVAS, Alertlogic Cloud Insight


Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more

Products: McCafe, Symantec

Malware Detection

Malware, short for malicious software, is any software used to disrupt computer or mobile

Products: Checkpoint, Opswatt, MCCafe, Symantec, VMray

Application and End point Security

Application security identifies gaps or vulnerabilities in the security policy of an application or the underlying packages used in the application

End Point Detection and Response (EDR)
Solutions that focus on detecting, investigating, and mitigating suspicious activities and issues on hosts and endpoints. Originally dubbed Endpoint Threat Detection and Response (ETDR), the term is now more commonly referred to as Endpoint Detection and Response (EDR)

Products: Symantec End Point protection, Outlier, McAfee Endpoint Protection

SSL Certificate Manager

It lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates

Products: zscaler

Web Application Firewall (WAF) A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection

Products: Brocade vWAF, Barracuda WAF, Trustwave, Imperva SecureSphere

Penetration Testing (PenTest)

Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit

Products: Rapid7

Web Gateway or Application Vulnerability Scan (AVS)

Web Application Vulnerability Scanners are automated tools that scan web applications, normally from the outside, to look for security vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal and insecure server configuration

Products: IBM App Scan, NetSparker, HP Fortify WebInspect, zScaler

Data Security

Data security means protecting data, such as a database, from destructive forces and from the unwanted actions of unauthorized users. Data security also protects data from corruption

Identity as a Service (IDaaS)

SaaS-based IAM offerings that allow organizations to use single sign-on (SSO using SAML or OIDC), authentication and access controls to provide secure access to their growing number of software and SaaS applications

Products: Centrify, Onelogin, Okta

File Integrity Management (FIM)

File integrity monitoring (FIM) is an internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline

Products: OSSEC, TripWire

DB Vulnerability or Activity Monitoring

DB Vulnerability Scanners are automated tools that scan Vulnerabilities in Database such as SQL Server, Oracle, MySQL etc.

Products: GreenSQL, IBM Guardiam, Imperva, Trustwave Db Protect

GRC and Audit


GRC (governance, risk management and compliance) software allows publicly-held companies to integrate and manage IT operations that are subject to regulation. Such software typically combines applications that manage the core functions of GRC into a single integrated package

Products: RSA Archer, Threadfix, Metricstream, TripleHelix

Security Audit

Security audit is a systematic measurable technical assessment of a system or application

Products: Open-AudIT, Optiv

Security Orchestration

Security orchestration is a method of connecting security tools and integrating disparate security systems. It is the connected layer that streamlines security processes and powers security automation.

Products: Cloudlock Cybersecurity Orchestrator, Tufin, McAfee ePolicy Orchestrator – ePO, Intellitactics, Netflexity, Avanan, Cloudpassage, Algosec, Fireeye, Cloudenablers – Corestack

Share This Post

Leave a Reply