The simplest thing for the attackers is to infect a computer in order to find a vulnerability within applications. Security oversights of software manufacturers cannot keep up with the authors of malware. One can protect oneself from these attacks by regular updating of OS applications, but such protection is not enough because of the Zero Day Vulnerability. Taking advantage of the security software vulnerability is the shortcoming of the software code of the operating system or the application. This enables a hacker to access other parts of the system, gain administrator’s privileges and to install tools for system manipulation. Today, operating systems and applications are updated at least once a week or once a day, since new software vulnerabilities are detected almost on a daily basis and they need to be fixed.
The quickest and the cheapest way to prevent this exploitation is its detection in the source code.They are fixed before the application is set to be produced since later on this process becomes more difficult and the fixing expenses exponentially grow. Programmer teams do not have trained engineers specialized in security analysis and they do not have time for it. The tools scan the source code in different languages or they are integrated with the script code or the application servers, and some even monitor the existing applications and detect more vulnerabilities a lot faster than a team of security analysis could. They have databases with hundreds of vulnerabilities of the source code, they can detect them within the source code and recommend changes for their removal.

Advanced threat detection (ATD) or the equally advanced in meaning advanced threat protection (ATP), offers protection from advanced malicious software, zero-daily exploitations and targeted attacks which are not detected by the virus scanner and the system for system breach prevention. ATD analyses files and assigns a risk grade. Local ATD policies determine how to handle the files with high, medium and small risk level.
ATD can be used for HTPP, HTTPS, FTP, SMTP and SMTPS traffic in combination with a firewall service based on the access rules. The basic functionality of such technologies is to detect advanced contemporary threats in a different way than conventional solutions. Malicious software has evolved in order to avoid detection by antivirus programs, breach prevention, firewalls and other traditional IT security solutions, which is why the advanced threat detection has been developed.
The solution tests objects and program codes in monitored traffic and carries them out in a closed and controlled virtual environment. In such environment potential malicious software, if applied, cannot cause damage and will not be able to spread.
An unknown malicious software discovered with this method could never be detected by conventional solutions. Advanced threat detection and prevention solutions use many additional advanced concepts in order to avoid malware advanced techniques of ATD avoidance.

In information technology a back up copy or a security data copy is the copy of computer data which is taken and stored elsewhere so that it could be used to retrieve the original document in case of data loss. Security copies can use to retrieve data after a loss caused by data being deleted or damaged or to recover data from an earlier time. Security copies offer a simple form of disaster recovery, but not every secure copy system is able to reconstruct a computer system or another form of complicated configuration such as computer cluster, active directory server or database server.
The system of security copies contains at least one copy of all the data which are deemed valuable enough to save. Demands for data storage can be significant. The model of information storage can be used to provide structure for this type of storage. There are different kind of devices for data storage, which are used to copy security data copies which can already be found in the secondary storage of the archive file. There are also different ways in which these devices can be distributed in order to ensure geographic dispersion, data security and transferability.

The security mediator for cloud access (Cloud Access Security Broker) is the local software or the cloud software which can be found between the service users in the cloud and the applications in the cloud and which monitors all the activities and carries out security policies. CASB can offer various services such as user activity tracker, warning the administrator of potentially dangerous actions, the execution of the compliance with security rules and automatic prevention of malicious software. CASB provides security, management or both. “Security” is the prevention of high-risk events and “management” is the tracking and the mitigation of high-risk events. One can achieve this with configuration by having proxy agents on each of the user devices or without agents and any need for configuration on each of the devices. Agent-free CASBs provide fast implementation and offer security on BYOD devices which are managed by the company and which are not managed. Agent-free CASB respects the privacy of a user by checking only the corporation data. Agent-based CASBs are difficult to apply and are only efficient on devices managed by the company. Agent-based CASBs check both the company’s and personal data.

Mitigating DDoSs is a set of techniques or tools for resisting or mitigating the influences of distributed denial-of-service (DDoS) on the networks connected to the Internet and all the IT resources which are the part of these networks. DDoS attacks represent a constant threat to the companies, which then means that the service is denied to legitimate users or systems. An extensive amount of messages, inquiries, requests to connect or poorly formed packets, force the targeted system to fail in regard to the execution of high quality service, to make such system completely inaccessible or to shut it down.
DDoS means identifying the normal conditions for network traffic, which is absolutely necessary for detecting and warning about threat. Mitigating DDoS attacks further demands the recognition of the incoming traffic so that traffic that refers to actual people could be separated from bots which are similar to humans and the web browsers which had been taken over. The procedure is carried out by comparing the signatures and testing various attributes of traffic, including IP addresses, cookie variations, HTTP headings and JavaScript footprints.
After detection, comes filtering. Filtering can be carried out with the help of anti-DDoS technology such as connection tracking, IP reputation list, deep packet control, black / white list placement or limitation of speed.
The ways of preventing DDoS can be implemented locally and / or via the provider of such solutions in the cloud. Local mitigation is most often a hardware device which is placed in front of the network, with the lack of filtering capacity which is limited to the capacity of a filtering device. It is possible to implement a hybrid solution by combining local filtering with cloud filtering, and the best procedures for mitigating DDoS attacks include the implementation of anti-DDoS technology and the anti-DDoS emergency response services.

Data Loss Prevention techniques carry out the content control check and the contextual data analysis, as well as the detection of potential data breach, data ex-filtration transfers and the prevention through tracking, detecting and blocking sensitive data during usage, both when on the move and standstill. These technological solutions carry out responses based on security policies and the rules defined for dealing with risks of unintentional or accidental loss and leakage, as well as of exposure of sensitive data to the outside of the company. The terms “data loss” and “data leakage” are often interconnected and are used when discussing an incident. Data loss incidents turn into data leakage incident in cases when the data are lost and are later acquired by unauthorized parties. Data leakage is possible without data loss on the source side. DLP can learn what are business data look like when they are used, transferred, or simply stored anywhere. It can monitor and report on the data, it can detect, warn and block all the factors which fail to comply with the safety policy of the company and business practice.

Endpoint protection entails the safety of devices such as workstations, servers and mobile devices with which we access the network. Endpoints are the weakest links in the network and enable the attack surface with which hackers can initiate malicious software attacks, steal data, take the control over network resources or interrupt key business processes. Throughout the years malicious software and attack methods have become more sophisticated. The attackers are the masters at detecting weaknesses in company networks and they focus on the end devices. The protection of these devices plays a pivotal role in the efficient strengthening of the complete network security and the insurance of the safety of IT systems and data.
Endpoint protection technologies have developed from simple malicious software attack prevention to the ability to protect data, such as disc and file encryption, prevention of data loss and complete protection which includes antivirus programs of the next generation, threat detection, investigation and response, device management, protection from data leakage and other considerations in regard to facing new threats. The expansion of security scope requires new layers of security through endpoint protection.
The increase and the use of user devices have increased the scope of system vulnerability and the companies are losing control over sensitive data. Endpoint protection is the key component for a company’s safety, complimenting other security solutions in order to ensure higher visibility and control of information system and data protection. Endpoints are usually the entrance point for malicious software and other attacks because they provide an easy access point for network breach and the endangerment or theft of sensitive data.

Hardware security module (HSM) is a physical computer device which protects and controls digital keys, carries out the functions of encrypting and decoding digital signatures, strong authentication and other cryptographic functions. These modules are traditionally delivered in a form of an extra card or an external device which is connected directly to the computer or the network provider. Hardware security module contains one or multiple crypto processor chips.
In digital business environment of a company, HSM represents a safe place for guarding assets and data. Data are protected in the network with known security measures, but the really sensitive data need to be stored in a place with additional protection, i.e. the HSM. Every unauthorized physical or electronic breach of its content means criminal activity and the criminal who is trying to access it could cause the destruction of the content they wish to access.
Modern HSM devices also have a strong capability of crypto-processing and we use them to store encryption secrets and to carry our quick cryptographic operations such as encryption, document signing, time marking etc., and they are often used to protect financials networks and transactions.

Identity and access management (IAM)is the framework of policies and technologies which use business processes to provide identity life cycle management ensuring simultaneously that the people with a company have suitable access to technological resources. These are the systems which belong to complete IT security and data management, but they also identify, verify and approve individuals who will use the resources (hardware and applications) that the employees need to access. The identity and access management solutions have become more known and more critical in the last few years because the demands for compliance with the regulations have become more rigorous and more complex.
Systems, products, applications and platforms for identity management manage the identification and the auxiliary data on entities which include individuals, computer hardware and software applications. Identity management defines in which way users acquire identity, roles and permits which the identity gives, the protection of that identity and the technologies which support this protection (e.g. network protocols, digital certificates, password, etc.).
Due to the fact that an average user has several dozens of passwords and that a large percentage of users does not remember passwords (thus increasing the possibility of security risks), companies need a way to maintain “a system of control check and balance” in order to know how their sensitive data are processed and manipulated on an individual basis.
What needs to be taken into account is the fact that IAM is not only excellent in the context of security, but it is also a great business tool. It enables companies to use secured channels in order to share their applications with all of their business partners.

The system which in an automatized manner monitors network and system events with the purpose of detecting violations of security policies is called the Intrusion Detection System (IDS). Such system is not in charge of preventing system breaches. The Intrusion Prevention System(IPS) is used for this purpose. The majority of technological solutions has both detection and prevention solutions, therefore we can talk about Detection and Prevention Systems (IPDS).

Multifactor authentication (MFA) entails the two-factor authentication (2FA). This is an electronic method of authentication which enables a computer to access the required resource only after it had successfully passed two or more tests of authentication control check which consists of knowledge (something only that user knows), possession (something only that user has) and connection (something only that user is). Computers and applications cannot know who you are. This problem is solved with passwords which represent credentials needed to access the required resources. While this normally functions well, a problem occurs when somebody steals your password. If they have your password, this means they can act on your behalf. The solution to this problem is the two-factor authentication which most of the time combines an external device together with your password, in order to confirm your identity. This can be your smart phone or your smart card.

The next generation of firewall (Next Generation Firewall) is the third generation of firewall technology. It combines conventional firewall with other filtering functions of network devices such as the application protection wall which uses Deep Packet Inspection (DPI), Detection and Prevention Systems (IDS/IPS), inspection of encrypted traffic TLS/SSL, filtering of websites, inspection of malicious software, etc. Conventional firewalls and NGFW have the same purpose for network protection, and the main difference is that NGFW provides complete visibility of the network and the additional layers of security such as visibility and application control in regard to encrypted traffic such as HTTPS, user or group control check, integrated protection (IPS, Antimalware, web filtering, data leakage protection). Next generation firewalls are more intelligent, and they can recognize an application or a website no matter the IP address or port interface. Advanced filtering technology looks deep into the application packets and can analyze and make smart decision about how the content and the packets need to be blocked.

Authentication represents the way in which we proof we are who we claim to be in the physical and the digital world. Consciously or subconsciously we authenticate our identity multiple times a day. We use authentication for work, banking, shopping, health, entertainment and various digital account which are a part of our life. Today’s security and identity teams across industries invest valuable time and resources in password protection which appear to be hackers’ favorite target and the point at which many protection methods fail.
Policies of continuous password resets are imposed on users, complex passwords are applied, education is carried out about not using the same passwords, but user accounts are still present as the main attack vectors.
Companies invest a lot of money in authentication, but they continue to rely on passwords. For the last 60 years passwords have been the crown of every hacker. New models which protect our entrance door into the digital world create a transformation moment for cybersecurity. The expense of the attack is dropping, while the cost of defense has never been higher. Hackers need to be forced to attack devices or systems on an individual basis and this approach solves massive credentials, re-uses of passwords and phishing attacks. Where the real passwordless authentication is used, users do not even know what passwords are and they use their phones to log into personal computers, mobile devices and eb applications. Administrators do not need to reset their passwords and are not worried about reusing their password.

Security information and event management (SIEM) is the area of computer security where the software products and services combine Security Information Management (SIM) and Security Event Management (SEM). They provide the analysis of security warnings which are generated by applications and network hardware in real time. SIEM products are sold as software, devices or as managed services. These products are also used for logging security data and generating reports which help with compliance. SIEM collect the data from the complete IT assets within a company – network equipment, computers, servers, applications, security solutions, etc. and stores them in a central location where it filters them, enriches them, aggregates them and with the help of more intelligent algorithms correlates them and connects them into security events.

Security Orchestration, Automation and Response (SOAR) enables companies to collect data connected to threats from various sources and automatized responses to low-level threats. The term is used to describe three software possibilities – threat and vulnerabilities management, automatization of security operations and the response to security incidents.
Since many cybernetic threats that companies are faced with, require more technologies to deal with attacks and several people to manually perform tasks and information exchange, the orchestration of the mending process must be perfect. The orchestration targets efficacy while the fixing of threat is being carried out. The automatization has as its purpose to reduce the time of these activities with the help of machine learning by making the orchestration process more efficient and the response to a security incident is the way in which a threat response is planned, managed, coordinated and monitored. The software enables the protection teams the ability to acquire an insight into the attackers with threat rules which come from the insight into tactics, techniques and procedures (TTP) and the known indicators of compromise (IoC). Companies have the control to make their response to threats and vulnerabilities quicker. Reacting to incidents becomes more accurate, less time is necessary, and the risk of threats is reduced, while the automatized procedure removes any possibility of human error.

User and Entity Behavior Analytics use large groups of data for modelling typical and atypical behavior of people and machines within a network. By defining such baselines can identify suspicious behavior, potential threats and attacks which might not be detected by a conventional antivirus program. UEBA can detected attacks which are not based on malicious software because it analyses different patterns of behavior and uses these models to estimate the level of threat by creating the risk result which can help with threat responses. More and more UEBA uses machine learning to recognize normal behavior and warnings to potentially high-risk deviations which suggest the threats from inside, sideways movement, jeopardized accounts and attacks.
The term “entity” in the context of cybersecurity can relate to IT systems, critical infrastructure, business processes, organizations and states. It processes information and determines if a specific activity or behavior could result in a cyber attack. It is capable to differentiate between a threat or an attack and regular use. A hacker can steal an employee’s login password once they are in the system, but the hacker will not be able to mimic the “normal” behavior, which is something UEBA can detect. UEBA can detect a wide range of attacks, from simple to complex, and since these detections happen in real time, security analysts can be notified very quickly and a response could be demanded from them rather quickly, making it possible to react to potential threats before they become breaches. Normally security teams would have to go through the warnings in order to determine the real threats, with UEBA this analysis is automatized, highlighting solely actual threats.
There is a close connection between UEBA and SIEM technologies because in order for UEBA to conduct their analysis, it relies on the security data collected and stored by SIEM.

The smallest concern are the employees who represent a common case of internal threats for business assets and data. Employee surveillance and all the levels of access to assets and data, is the solution which follows the approach of each employee via keyboard, mouse and monitors with the help of a surveillance agent.
Technologies which overlook all sessions, see and log all data exchanged between the users and the system, provide data which can be researched in order to use better solutions to warn of suspicious activities. Such products create a video image of a complete user session, which a security analyst can reproduce in great detail. The activities which have occurred but cannot be directly seen on user background can be detected in system libraries, scripts, orders, memory, files which do not appear in an order as open, changed or deleted.

Web Application Firewall help to protect web applications through filtering and the surveillance of the HTTP traffic between a web application inside server and the Internet. By installing WAF there is a shield placed between a web application and the Internet. Although the proxy server protects the identity of the client machine via a mediator, WAF is a kind of a reversed proxy, protecting the server from exposure by making the clients go through WAF before they reach the server.
WAF intercepts all the connections between a web server and a user which connect to it. It analyses the data on traffic and can detect and block advanced attacks which are specially designed to penetrate applications. It protects web applications from attacks, such as falsifying multiple pages, scripting web locations (XSS), opening files and SQL injection. WAF is the protection of application layer 7 (in OSI model) and is not designed to protect from all kinds of attacks. This mitigating attack method is usually a part of a chain of tools which collectively create complete defense against an attack vector chain. The value of WAF lies in its speed and the easiness with which a change in policy can be made, which in return provides a quicker answer to different attack vectors during a DDoS attack.
WAF can easily detect an SQL injection attack which takes advantage of the vulnerability of the application which do not check their users’ entries thoroughly. If in the background of a business application is an SWL database, a hacker could hide an SQL inquiry within a normal entry field in web form. By using this technique, a hacker can manipulate data or access their parts.