A collection of security measures for defending cloud

IAM
Identity and Access
environments against malicious activity Cloud Log
Monitoring
Management
Collects and analyzes cloud
Controls user and machine logs to detect security
access to resources. incidents.

SSO MFA Cloud Configuration Weak Password Vulnerability SBOM Admission Threat Intel
Single Sign-On Multi-Factor Authentication Scanning Detection Scanning Software Bill of Materials Controller Collecting and analyzing data
Allows access to multiple Requires multiple verification Lists components in a on potential and current
Scans cloud setups to ensure Alerts on passwords not Identifies security weaknesses Validates and enforces policies
systems with one login. methods for access. software product for threats.
compliance and security best meeting security standards. in systems and apps. on resources in a K8s cluster.
practices. transparency.

Permission Password Policies Load Balancer Network Firewall API Gateway Virtualization Host Configuration Sensitive Data Patch Quarantine SIEM
Boundary Set rules for creating and Distributes network or Monitors and controls network Manages API requests and Creates isolated virtual Scanning Scanning Management Policies Security Information and
maintaining strong passwords. application traffic across traffic based on security rules. passes them to back-end computing resources while Event Management
Defines the maximum Inspects host and app settings Identifies and protects Manages software updates to Isolate compromised
multiple servers. services. sharing hardware.
permissions an entity can have to detect misconfigurations. sensitive information in fix vulnerabilities and improve files/systems to limit blast Aggregates security data to
in an environment. systems. functionality. radius. detect and respond to threats.

Namespacing KMS ACL Proxy VPN Containerization Secure Boot Code Security Secret Scanning Account Lockout DFIR
Isolates environments to avoid Key Management System Access Control List Acts as an intermediary for Virtual Private Network Runs applications in isolated Ensures devices boot only Scanning Detects at-risk secrets across Policies Digital Forensics and Incident
cross-contamination. Manages cryptographic keys Defines who can access an requests between clients and Secures connections over the containers sharing an OS with trusted software. an organization's systems. Response
Scans source code for Lock user accounts after a
for data security. object and what they can do. servers. Internet to a private network. kernel. Processes for responding to
security vulnerabilities and number of failed login
compliance violations. attempts. security incidents.

RBAC Security Keys Bastion Host WAF Confidential FIM Workload Runtime CI/CD Security DLP Threat Hunting
Role-Based Access Control Physical / digital keys for A highly secured server used Web Application Firewall Computing File Integrity Monitoring Protection Scanning Data Loss Prevention Actively searching for threats
Assigns permissions based on multi-factor authentication. to access and protect internal Protects web apps by filtering Detects changes in files Prevents unauthorized data before they cause harm.
Protects data in use by Protects workloads in Integrates security checks in
user roles. networks. HTTP traffic. indicating cyberattacks. access, sharing, and leakage.
processing it in secure, real-time during execution. CI/CD pipelines to find
isolated environments. vulnerabilities.

ABAC PAM Microsegmentation CDN Data Encryption Data Backup Data Replication Data Masking DDoS Protection Honeypots
Attribute-Based Access Privileged Access Divides networks into Content Delivery Network Converts data to a coded Copies and archives data for Copies data across locations Obscures sensitive data to Shields networks from attacks Decoy systems designed to
Control Management segments to improve security Efficiently distributes content format readable only with a recovery in case of loss or for consistency and reliability. protect it while maintaining that overwhelm services with attract, hinder, and study
Controls access based on user Manages privileged accounts and control. to users from global servers. key. corruption. usability. traffic. threat actors.
and resource attributes. and their access to critical
resources.

CNAPP CSPM CIEM AI-SPM CDR SSPM SOAR

Cloud-Native Application Cloud Security Posture Cloud Infrastructure AI Security Posture Cloud Detection and SaaS Security Posture Security Orchestration,
Protection Platform Management Entitlement Management Management Response Management Automation, and Response
Integrates security and Monitors infrastructure to Manages identities and Assesses and enhances AI Detects and responds to Ensures SaaS configuration Coordinates security
compliance tools for maintain security best entitlements to enhance pipeline security posture. threats within cloud aligns with best practices. operations and incident
cloud-native apps. practices. security. environments. response.

KSPM CWPP DSPM CASB DAST SAST ASPM

K8s Security Posture Cloud Workload Protection Data Security Posture Cloud Access Security Dynamic Application Static Application Security Application Security Posture
Management Platform Management Broker Security Testing Testing Management
Ensures K8s compliance with Protects cloud compute Manages and secures Provides visibility and control Analyzes running apps to Identifies vulnerabilities in Maintains security posture
security best practices. against threats at runtime. sensitive data across diverse over data access. identify vulnerabilities. code during development. throughout an app's lifecycle.
data stores.

IDENTITY MANAGEMENT NETWORK MANAGEMENT HOST SECURITY ACTIVE SCANNING THREAT DETECTION

SECRET MANAGEMENT CONFIGURATION SCANNING DATA MANAGEMENT THREAT PREVENTION CLOUD SECURITY PRODUCTS