Abstract
As the complexity of applications and software frameworks increases, cybersecurity becomes more challenging.The potential attack surface keeps expanding while each product has its own peculiarities and requirements leading to tailor-made solutions per case.These are the primary reasons which render security solutions expensive, highly complex and with significant deployment delay. This technical survey intends to reveal the pillars of today’s cybersecurity market, as well as identify emerging trends,key players and functional aspects. Such an insight will allow all interested parties to optimize the design process of a contemporary and future-proof cybersecurity framework for end-to-end protection.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
As the complexity of applications and software frameworks increases, cybersecurity becomes more challenging [5]. The attack surface keeps expanding while each product has its own peculiarities and requirements leading to tailor-made solutions per case. This is the primary reason which renders security solutions expensive, highly complex and with significant deployment delay. Larger companies are willing to pay the protection premium since a potential breach could have severe economical and reputational impact. Alas, small-medium enterprises (SMEs) and public administrations with limited budget are generally reluctant to invest in cybersecurity. They plan and operate without thinking about security, designing new services and products with two main objectives in mind: time to market and cost minimization.
The most important factor to boost cybersecurity in SMEs, public administrations and organizations with restricted budget in general, is to link it with its economic impact and the market that is forming around it. One must admit that, in most cases, cybersecurity is promoted with no economic impact. And even though all companies agree that boosting their security will eliminate service disruption and data recovery costs, the truth is that the majority would be more interested in advancing their security methods if they could identify opportunities for additional economic profit (e.g. new services, clients, markets etc.). This technical survey intends to reveal the most important cybersecurity market pillars, identify emerging trends in cybersecurity and identify key players and performance capabilities. Such an insight will allow all interested parties to optimize the design process of a contemporary and future-proof cybersecurity solution and will also shed some light on how the integrated framework of the SMESEC Project [4] intends to deliver end-to-end cybersecurity protection.
Cyber-attacks become more and more sophisticated, rendering legacy solutions no longer adequate for today’s systems and services. Cybersecurity solutions evolve and become more “intelligent” with technologies like machine learning, statistical analysis, user behavioral analysis etc. but these solutions are offered to closed standalone products. This consortium argues that the complexity of managing cybersecurity world cannot be one man’s job. Not all products can address or have the optimal solutions for all the different cases of cyber-attacks (viruses, malware, ransomware, intrusion detection, DDoS etc.). A proper framework must be able to adopt the latest innovations by integrating products (not only from security) with focused solutions from different providers very fast and considerably easy.
2 Identifying Imperative Cybersecurity Market Segments
Cyber-protection is a constant circular process which can be described in the following high level steps: (i) perform a risk assessment, (ii) develop a security plan, (iii) deploy the right defenses, (iv) monitor and (v) re-perform risk assessment. It is clear that this process is expensive and time consuming. Current solutions offered by security companies are off-the-shelf products charged by the number of protected end-devices and cannot be easily modified to accommodate the specific needs of small businesses. In addition, steps like risk assessment and security plan deployment are not always included and SMEs need to (a) evaluate and integrate extra modules thus increasing the overall cost or (b) settle with a product which might not be the optimal solution for their use cases. It is therefore important to take a step back and identify, categorize and analyze some important existing and upcoming security market segments, along with the key players and dominant products in each case.
2.1 Contemporary Security Market Segments and Related Products
Encryption refers to the process of protecting sensitive data by converting to an encoded form that can be decrypted by means of a protected key. This method ensures that even if security is breached in other levels, data will still be highly protected and will be useless to any malicious user. In fact, encryption is one of the first requirements when it comes to protecting sensitive data. Apart from the key players and proprietary solutions presented in Table 1, there is a wide range of open source solutions which cover different aspects like file, filesystem, and network encryption such as VeraCryptFootnote 1 and CryptToolFootnote 2. None of the SMESEC contributed products is now directly related to the encryption market, thus it makes this particular market attractive for adding the specific capabilities to the SMESEC.
SymantecFootnote 3 is a key player in the specific domain with an encryption portfolio that includes endpoint, file and folder and email encryption. Integration with Symantec Data Loss Prevention automatically encrypts sensitive data being moved onto removable media devices or residing in emails and files. Robust management features include individual and group key management, automated policy controls, and out-of-the-box, compliance-based reporting. Heterogeneous management capabilities include support for native OS encryption (FileVault2) and Opal compliant self-encrypting drives. SophosFootnote 4 introduces the most complete data protection solution on the market today, protecting data on multiple devices and operating systems. Whether data resides on a laptop, a mobile device, or being collaborated upon via the cloud or other file sharing method, SafeGuard Encryption is built to match organizational workflow and processes without slowing down productivity.
Governance, Risk Management and Compliance (GRC) create an acronym often used to describe the organization efficiency to achieve its objectives, address uncertainty and act with integrity. In these three terms, (i) Governance refers to the processes involved to assure that the organization handles information properly across all workflows, (ii) Risk Management stands for predicting and handling possible risks that may slow the organization achieving the goals and (iii) Compliance includes all the processes to adhere with laws and regulations, as well as company policies.
This market segment covers some security aspects that usually SMEs neglect to address, for instance who has the rights to the obtained datasets, whether datasets adhere to company or other legal compliances, and how to deal with issues identified through the initial risk management process. This kind of services often comes on top of other first level security solutions, and SMESEC aims to address this space as well.By collecting traffic, usage, and other data from the underlying infrastructure (firewall, antivirus, etc.) the integrated framework can re-assess the risk periodically, whereas the overall architecture should take into account general governance and compliance constraints (Table 2).
Security Information and Event Management (SIEM) is a technology that enables the aggregation of data produced by multiple devices, network infrastructure, systems, and applications. Data logs may be the primary source of information but SIEM systems are able to absorb and identify other complex data structures as well. These characteristics, allow SIEM systems not only to monitor systems and users but also comply with policies and standards as well.
Undoubtedly, SIEM is a key component in a security solution, especially when multiple products are involved. The ability of SIEM products to ingest large amounts of heterogeneous data from several sources, correlate, create and visualize insights, makes it indispensable component in a security architecture (Table 3).
Intrusion Detection and Prevention Systems (IDS/IPS) implement threat deterrent technologies which monitor live network traffic [2] to detect and prevent vulnerabilities [3], based on a given set of rules. Besides the proprietary solutions presented in Table 4 there are some popular open-source solutions such as SuricataFootnote 5 and SnortFootnote 6.
Distributed Denial-of-Service (DDoS) refers to attacks from multiple sources to a single target in order to make it unable to provide a service by causing denial of service due to flooding by immense traffic. Such attacks directly affect the organization operations by denying access to legitimate users, therefore mitigation solutions have been developed, as shown in Table 5.
Web Application Firewall (WAF) differ from the typical firewall as they focus mainly on protecting the web traffic (HTTP protocol) from a variety of attacks, such as Cross-Site Scripting (XSS) or SQL injection. WAFs are able to inspect the payload of the HTTP traffic, decide if this is legit, and provide input to other tools like SIEMs.
Several businesses today depend on web applications due to platform independency, easy-of-deployment which together with the evolution of cloud computing [6] generated a whole new market. It is WAFs which protect these valuable applications and nullify attacks targeting other dependant assets (Table 6).
Secure Web Gateways (SWG) protect company assets while surfing and enforce the policy companies to the network traffic. They may offer a range of capabilities, including URL filtering, antivirus/antimalware protection, SSL traffic inspection, etc.
Secure Web Gateways can offer a wide range of protections for web traffic, covering not only incoming but outgoing traffic as well. Characteristics such as URL filtering or anti-malware protection can help into preventing malicious content and code entering the organization. The ability to inspect secure traffic makes it also attractive as much of the malware can be transported over secure web connections that otherwise pass uninspected (Table 7).
Endpoint Security and Protection Platforms (EPP) intend to protect endpoints such as workstations, servers or mobile devices from viruses, trojans, spyware, malware, or phishing attacks.
EPP is one of the traditional markets in terms of awareness, as antivirus solutions used to be present in SME environments several years ago. The increasing complexity of viruses and malware today, rendered these solutions even more necessary, and the integration with other security products is definitely an advantage when it comes to the prevention of this kind of threats (Table 8).
Application Security Testing (AST) helps developers, administrators, and enterprises to identify security vulnerabilities by performing exhausting testing on various aspects of the software. AST is usually an operation that does not run in the front-line, but a careful testing of a hardware or software applications before deployment can prevent future attacks. Testing can take place even before deployment, but also while a product has been deployed, providing continuously feedback. Another possible benefit will be enriching tests with even more attack scenarios and consuming this information in an automated manner (Table 9).
2.2 Emerging Security Market Sectors and Key Players
A number of emerging markets that will expand significantly in next few years is those including certain characteristics such as: (i) intelligent methods of detecting/mitigating attacks, rather than a rule or signature-based approach (ii) advanced behaviour analysis and user profiling (iii) a centralized way of collecting, correlating and extracting intelligence from multiple endpoints, providing higher level of confidence for the risks than individual indications. Some of the key players in these markets and a short description of their products follow in the following sections.
Deception Technology is an emerging market segment in cybersecurity. The main goal of deception technology solutions is the deployment of several decoys in parts of the infrastructure that are indistinguishable with the real servers. If an attacker gains access, these decoys act as an easy target and quickly notify as well as trigger appropriate actions against the intruder (Table 10).
Endpoint Detection and Response. Endpoint Detection and Response (EDR) is the evolution of EPP. Typically, EDR involves the detection and mitigation to a more sophisticated process including detection, analytics and prioritization of incident response.Currently there is some confusion over the exact borders of each market. However, the characteristics of the EDR products can be a driver for extending the capabilities of the EPP ones, either directly, or through the development of synergies between modules that will render existing frameworks capable of eventually providing EDR services (Table 11).
Cloud Access Security Brokers (CASB) have appeared in an era where cloud applications become more and more an integral part of the organization workflow, manage corporate data but do not operate on private infrastructure. CASB is entity which provides common access policies from any corporate device to any cloud application (Table 12).
Identity and Access Management (IAM) is the process of managing digital identities, and access rights to enterprise resource and auditing in an automated manner. From a technical standpoint, IAMs are centralized management systems that consolidate the processes of authentication and auditing providing a single framework for access. Main goals in IAM are (i) Multi-factor authentication schemes, (ii) Integration with directory services (LDAP, Active Directory, etc.), (iii) Single Sign-On (SSO), (iv) Credentials management, (v) Auditing, (vi) Analytics.
The core idea of IAM is the existence of some common user authentication service that not only allows access, but also audits the use of assets and reports possible malicious events. It also allows the correlation of events from multiple sources to single users through the common directory service. SMESEC does not have an offering in this field, however the study of the capabilities of IAM offerings can help SMESEC understand what should be needed to effectively handle the identifications of users and the correlation to specific access events (Table 13) .
3 Towards a Holistic Cybersecurity Framework for SMEs
The previously mentioned security market analysis identified some key market segments along with the technical requirements of each one. Apart from the traditional segments, emerging ones are also presented since they are going to play a key role in the cybersecurity ecosystem over the next few years. It is imperative that any properly-designed framework must embrace some of the new features or provide the hooks to connect with third-party products there.
When the project started, the SMESEC consortium members [4] conducted a thorough technical analysis of the independent products contributed to be integrated in the overall platform. This analysis, as shown in Table 14, revealed that these products indeed provide a wide range of capabilities to cover the high-level requirements derived from the security market analysis. Some products can produce reports that go beyond the raw data and reveal more insights. The existence of processed data means less burden and traffic to other architecture components that will perform the data analysis. In addition, the integration effort should ensure that these requirements also stay on top during the design and implementation of the unified framework. This analysis also investigated possible integration strategies in regards to architecture, platform deployment and cloud readiness, all of paramount importance for delivering a robust and noteworthy cybersecurity framework.
Not all products can address or have the optimal solutions for all the different cases of cyber-attacks. Efficient combination of existing feature is the key to successful cyber-attack mitigation, regardless of how sophisticated this may be. In addition, a proper framework must be able to adopt the latest innovations by integrating products (not only from security) with focused solutions from different providers very fast and considerably easy. These two elements are considered of paramount importance for the SMESEC consortium members and will be an integral part of the overall design, implementation and integration phase of the project. There is currently no contributed product focused on behaviour analysis, other than BD GravityZone which rather examines software behaviour. On the contrary, few products support risk assessment from raw events. This is an interesting point architecturally, as the collection of more events from all other products to them, can potentially reinforce their risk assessment capabilities.
4 Conclusions
There is no cybersecurity product capable of addressing every different case of cyber-attacks (viruses, malware, ransomware, intrusion detection, DDoS etc.), nor worthy of being considered as a holistic cybersecurity solution. Any framework must be able to adopt the latest innovations by integrating a variety of products and focused solutions from different providers, very fast and considerably easy.
Cybersecurity solutions are becoming more “intelligent” with technologies like machine learning [1], statistical and user behavioral analysis, in a struggle to mitigate the constantly more sophisticated and perplexed cyber-attacks. However, Not all products can address or have the optimal solutions for all the different cases of cyber-attacks, therefore it should be flexible and modular enough to adopt the latest innovations by integrating products (not only from security) with focused solutions from different providers very fast and considerably easy .
Based on the technical analysis of the contributed products and the market segment analysis, focus is given on placing the SMESEC framework in the security landscape. In the first phase, only as a sum of the products, but it is anticipated that the integration will produce some extra value to the overall solution. Some product extensions, as identified by partners, point to new features that would help SMESEC strengthen its position as a unified security framework, provide added-value to all individual products, and greatly improve the benefits for SMEs.
References
Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2016). https://doi.org/10.1109/COMST.2015.2494502. Secondquarter
Butun, I., Morgera, S.D., Sankar, R.: A survey of intrusion detection systems in wireless sensor networks. IEEE Commun. Surv. Tutor. 16(1), 266–282 (2014). https://doi.org/10.1109/SURV.2013.050113.00191. First
Gendreau, A.A., Moorman, M.: Survey of intrusion detection systems towards an end to end secure internet of things. In: 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), pp. 84–90, August 2016. https://doi.org/10.1109/FiCloud.2016.20
SMESEC Project Consortium. https://smesec.eu/
Thakur, K., Qiu, M., Gai, K., Ali, M.L.: An investigation on cyber security threats and security models. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, pp. 307–311, November 2015. https://doi.org/10.1109/CSCloud.2015.71
Tselios, C., Politis, I., Tselios, V., Kotsopoulos, S., Dagiuklas, T.: Cloud computing: a great revenue opportunity for telecommunication industry. In: 51st FITCE Congress (FITCE), Poznan, Poland, vol. 6 (2012)
Acknowledgment
This work has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 830927 (CONCORDIA). This work is also partly supported by the European Commission under the auspices of SMESEC Project, Horizon 2020 Research and Innovation action (Grant Agreement No. 740787). The views and opinions expressed are those of the authors and do not necessary reflect the official position of Citrix Systems Inc.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Tselios, C., Tsolis, G., Athanatos, M. (2020). A Comprehensive Technical Survey of Contemporary Cybersecurity Products and Solutions. In: Fournaris, A., et al. Computer Security. IOSEC MSTEC FINSEC 2019 2019 2019. Lecture Notes in Computer Science(), vol 11981. Springer, Cham. https://doi.org/10.1007/978-3-030-42051-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-42051-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42050-5
Online ISBN: 978-3-030-42051-2
eBook Packages: Computer ScienceComputer Science (R0)