Cybersecurity
SIEM
Security Information and Event Management (SIEM) software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Vendors sell SIEM as software, as appliances, or as managed services; these products are also used to log security data and generate reports for compliance purposes.
IAM Fundamental Capabilities (5)
1) Authentication: Ensuring that users are who they say they are. This includes Single Sign-On (SSO), which allows one identity provider to do the authentication and then "vouch" for that authentication with other apps that are using the same identity provider. It also includes Multi-Factor Authentication (MFA), which goes beyond just what you know (passwords) and into one of the other elements of identity -> what you have (token or SMS text code) or what you are (biometrics) 2) Directory: an active list that maps back your username / password to first establish you are who you say you are 3) Identity Management: the lifecycle management component of IAM; it adds new users, deletes non-active users, and changes access over time. This can often be an automated function 4) Access Management: the ability to provision or de-provision a users access to apps / services based on their identity 5) Audit / Reporting: regular reporting on identities, access, and least privilege for compliance standards / IT hygeine
Zero Trust Security
A security concept created by Forrester asserting that companies should not automatically trust anything inside or outside its perimeters. It means users should authenticate themselves whenever possible, have least privilege, and be micro-segmented
Identity and Access Management (IAM)
IAM is not simply user names and passwords, it is about managing what applications / services those identities have access to, how those identities are constantly changing, and doing it in large organizations with thousands of identities without compromising security or user experience.
IAM Subsegments (5)
1) Identity Management (SSO): the largest component of IAM at $3.9B (2019, IDC) and growing at ~4% CAGR through 2023E. This sub-market also includes the management system for granting and changing user rights and priveleges 2) Advanced Authentication (MFA): the 2nd largest segment of IAM at $1.8B (2019, IDC) and growing at ~7% CAGR through 2023E 3) Privileged Access Management: this segment is all about securing the privileged users and devices within an environment and often includes greater feature sets and monitoring. It's a $0.8B (IDC, 2019) market growing at ~11% CAGR through 2023E 4) B2C Identity Management "Customer IAM (CIAM)": A $0.3B (IDC, 2019) market growing at ~18% CAGR 5) Legacy / Other: $0.2B
SIEM Fundamental Capabilities (6)
1) Log Management: aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events. 2) Correlation: Looks for common attributes, and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. Correlation is typically a function of the Security Event Management portion of a full SIEM solution 3) Alerting: The automated analysis of correlated events. Dashboards: Tools can take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern. 4) Compliance: Applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes. 5) Retention: Employing long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements. Long term log data retention is critical in forensic investigations as it is unlikely that discovery of a network breach will be at the time of the breach occurring. 6) Forensic Analysis: The ability to search across logs on different nodes and time periods based on specific criteria. This mitigates having to aggregate log information in your head or having to search through thousands and thousands of logs