Cloud Access Security Brokers (CASBs)
CASBs act as a security gate between on-premises infrastructure and cloud provider's infrastructure, helping to extend the reach of security policies beyond your own infrastructure. CASBs provide visibility, threat protection, compliance, and data security.
Secure Access Service Edge (SASE)
SASE is a security framework that combines network security and wide area networking (WAN) capabilities in a single cloud service. It reflects the convergence of networking and network security services like Secure Web Gateways, Firewalls-as-a-Service, CASB, Zero Trust Network Access, etc.
Cloud Security Posture Management (CSPM)
CSPM tools continuously monitor and manage cloud security postures. They detect misconfigurations, vulnerabilities, and risk across cloud assets, providing compliance monitoring and facilitating incident response.
Cloud Workload Protection Platforms (CWPP)
CWPPs provide workload-centric security protection. This includes monitoring and management for public, private, and hybrid cloud workload protection, including vulnerability assessment, network segmentation, system hardening, and more.
Cloud Native Application Protection Platforms (CNAPPs)
These are a newer category of security solutions that extend the principles of CWPPs into the realm of cloud-native applications. CNAPPs focus on securing multi-cloud, containerized, and serverless workloads.
Cloud Data Loss Prevention (DLP)
Cloud DLP technologies protect and prevent data breaches in the cloud. They help identify sensitive information and prevent it from leaving a network or moving from cloud storage to unsecured locations.
Encryption and Key Management
Cloud services often offer encryption for data at rest and in transit. But managing encryption keys is also crucial, and cloud-based key management systems provide centralized control over cryptographic keys.
Identity and Access Management (IAM)
IAM technologies are used to ensure that only authorized individuals have access to specific resources in the cloud. They include capabilities such as Single Sign-On (SSO), Multi-factor Authentication (MFA), and Privileged Access Management (PAM).
Microsegmentation
Microsegmentation is a method of creating secure zones in cloud data centers and networks to isolate workloads from one another and secure them individually.
Zero Trust Network Access (ZTNA)
ZTNA solutions provide secure access to specific applications based on user identity and context, such as device, location, and other factors. This model assumes no trust by default, regardless of whether a user is inside or outside the network perimeter.