The Beginner's Guide to Cybersecurity

A simple framework for synthesizing the cybersecurity industry and its 3500 vendors.

SACR

Sep 05, 2023

Actionable Summary

Security is a $200B industry growing over 11% each year, making it one of the largest and most mission-critical technology sectors.
The sector has over 3500+ companies that offer a wide variety of products and services. Many of whom are different but often similar. The largest pure-play cybersecurity company only has around 4% market share, and the sector has produced less than 10 companies that are worth >$10B in market capitalization.
This level of fragmentation and complexity makes it challenging for anyone wanting to grasp how the industry works from a beginner’s perspective.
After writing a few technical deep dives on either SASE, Cloudflare’s evolution or co-writing a piece on Palo Alto Networks, I’ve decided to step back and write an introductory piece geared toward readers interested in either learning about cybersecurity or those trying to broaden their knowledge of the industry.
In the past, I have written an ecosystem report on the Cybersecurity Landscape (check it out), but this piece is my attempt at trying to simplify cybersecurity and synthesize 3500+ vendors using simplified frameworks around what makes up an enterprise.

🚨 NEW: Cybersecurity & SaaS Bootcamp

We’re pleased to host our 2nd Cybersecurity Bootcamp featuring two prominent cybersecurity leaders:

The CISO leader of Google’s Deepmind, one of the leading thinkers in AI Security, LLMs and Foundational models in Cybersecurity!
The CISO of Datadog, the $30B observability leader in developer security.

The cybersecurity bootcamp entails the following details:

Cybersecurity Industry Overview: A 2-week bootcamp that goes in-depth into introductory cybersecurity frameworks, including cloud, endpoint, and network security. The objective is to provide participants with a good grasp of cybersecurity using simple frameworks while also learning what differentiates the leading cybersecurity companies like Crowdstrike, Palo Alto Networks and startups.

Full details here → Cybersecurity Bootcamp.

Join the bootcamp

$200B Industry Growing Double Digits:

The role of cybersecurity has only become more important for the modern enterprise and increasingly for the individual. Cybersecurity is unlike any other technology sector. It’s an industry that thrives on human fear, not greed. The sector isn’t a revenue driver for businesses neither can its cost-saving impact always be empirically measured.

The growth in the security market is driven by the need for organizations to continue spending to keep up with the evolving threat landscape. Increasing government regulations is also driving a huge tailwind for the sector. The rise in adoption of the Cloud and its proportional wide attack surface has made this category one of the fastest-growing segments over the next few years.

At $200B, this number will only continue to grow because, fundamentally, the cost of performing an attack against an adversary has been significantly lowered with more breakthroughs in technology. For example, Gen AI/LLMs have enabled new kinds of attacks or even a new model called, Ransomware-as-a-Service (RaaS) which uses affiliates to deploy already-developed ransomware software, making it incredibly easy (as little as $40/month) for new attackers to infiltrate harm to a victim. A threat actor doesn’t need every attack to be successful in order to become rich.

Cybersecurity Frameworks:

At the core, cybersecurity is all about protecting a company’s most valuable asset: data. The objective is to protect this asset against malicious actors (internal or external to the organization) and ensure business continuity. There are many frameworks used to beef up cybersecurity at large or small enterprises. The CIA Triad or the NIST Cybersecurity framework are some of the most popular frameworks used by security leaders to identify, detect, protect, respond, and recover from potential attacks. Despite the many frameworks, attacks continue to rise every year. More companies are being started and funded every year leading to a proliferation of point solutions and startups globally, as seen below. Large enterprises are not necessarily getting better at preventing these attacks. In my opinion, we need to go past these frameworks and get back to the basics, which I discuss next.

Back To Basics: What Makes Up An Enterprise?

We need to start with the core IT building blocks of an organization to understand cybersecurity. If you simplify the modern enterprise tech stack into its most basic and rudimentary elements, the enterprise is made up of hardware, software, and people. Everyone is connected to a central network that holds an organization’s most precious asset: data - which is the ultimate target for potential bad actors.

Cybersecurity is an industry built around these basic elements to protect an organization. In the early days of the internet, most companies only needed an endpoint or network security company that utilized its firewall to build a ‘castle and moat' to protect the entire network (this explains why the oldest security companies are firewalls and endpoint players). However, with the introduction of newer technologies in recent years, attackers have become more sophisticated in their ability to go past this ‘central’ network. This new paradigm has caused an explosion in zero-trust network architecture and the number of new security companies founded since 2010 to solve more niche solutions (in the background).

This is an oversimplified framework I’ve developed to help break down the industry using rudimentary concepts.

Hardware:
Software
Network
People
Data, Governance Risk & Compliance

The network interconnects the hardware and software layers. People can be users who have to verify their identity and the people responsible for protecting companies. The next section explains this market map.

Notes to readers on the market map:

This map focuses on some of the largest sub-categories of cybersecurity
This framework highlights specific vendors within each category. I recognize that many companies have multi-products that cut across multiple sectors, but I’ve focused on their core competencies for simplicity.

How Each Segment Works:

Hardware

“Hardware” is a nuanced word here because most enterprises are either mostly cloud-native or evolving their stack. Today, we refer to ‘Infrastructure’ as the building blocks for software. However, at the core, every company is made up of machines, whether user-facing (laptops, phones, iPads) or machine-facing (server infrastructure, bare metals, data centers or IoT devices). These are the gateway access to a company’s network, managing requests and data flows that go in and out. We can break this section into the following categories:

Endpoint Security
1. Unified Endpoint Management (UEM)
Asset Management (AM)
Enterprise browser
IoT / OT Security

Endpoint Security

At the core of protecting hardware devices in an organization is endpoint security. An endpoint in the context of cybersecurity is any device connected to the corporate network either within or outside an enterprise. Endpoint security is, therefore, responsible for protecting user-facing or machine devices against malware and potential threats from bad actors. Endpoint detection and response (EDR) is an advanced form of anti-virus software that monitors, records, and stores activities happening on the user’s endpoints to prevent attacks. XDR (Extended Detection and Response) is the next evolution of endpoint security that aims to go beyond the endpoint by integrating, correlating, and contextualizing data from multiple enterprise areas (like email, network etc.) beyond the endpoint to provide advanced detection and response against threats. Key vendors include Crowdstrike, SentinelOne, Cybereason, Palo Alto Networks Cortex EDR etc.

Unified Endpoint Management: Unified endpoint management (UEM) can often be mistaken for endpoint security. While both categories are somewhat similar, UEM security is responsible for securing and controlling all endpoint devices from a centralized console or dashboard. This allows IT staff to apply, access, and enforce security policies and control over all registered devices. UEM helps configure, patch (update) software updates and monitor endpoints, providing data to help security teams identify cyberattacks. Key vendors include Tanium, Microsoft Intune, VMware Workspace ONE etc.

Asset Management (AM)

These companies provide the processes and tools for identifying, tracking, and managing IT assets and inventory for a company’s infrastructure. They provide a SaaS platform to allow companies manage the tracking of assets, update inventory, automate patches, track a company’s attack surface, and update configurations as needed. Key vendors include ServiceNow IT Asset Management, Jamf, Axonius, Armis etc.

NB: AM and UEM can also appear similar. However, UEM is focused on the centralization of endpoints on an organization’s network; meanwhile, AM is focused on tracking all IT hardware and software assets.

Enterprise Browser:

The Enterprise Browser is a novel approach that organizations are using to secure enterprise assets. It is a browser installed on a laptop or computer device to secure access to web apps and content on any device, managed or not. It delivers security for web applications and their data through the browser layer. It knows the posture of the device it’s running on and enforces policies accordingly. For example, companies like Island utilize the Chromium open-source browser, or Conceal.io utilizes browser extensions to operate inside the browser layer to provide granular and “last-mile” controls on a device, such as managing what you download/upload control or sensitive data redaction. These browsers provide advanced security features that go beyond Microsoft Chrome or Edge.

IoT/OT Security

The Colonial Pipeline attack against digital pipeline systems in 2021 spurred action toward delivering strong protections against core US infrastructure. Operational Technology (OT) security has to do with protecting core infrastructure systems like manufacturing plants and pipelines that are connected to critical systems such as the US Government or the largest enterprises in any country. They are focused on preventing zero downtime to infrastructure services and Industrial Control Systems (ICS) with high-availability requirements.

IoT Security is pretty straightforward. It has to do with protecting connected devices, sensors, and edge infrastructure. Technologies that connect the digital world to the “real world.” They utilize ensure encryption, agentless device scanning and network micro-segmentation to protect IoT devices against vulnerable attacks.

Software

At the most basic and simplistic level, software facilitates communication between hardware and people within an enterprise network. Software allows us to develop apps either for the cloud or on-prem to perform core business needs. Developers go through the software development lifecycle to create and deploy cloud-native applications.

As the cloud evolved, attackers realized developers were becoming the most valuable and vulnerable target to penetrate an organization. We’ve observed new attacks in software development, such as the SolarWinds malware attack injected into code. As a result, a number of security companies evolved to protect the tools and products used by developers to build applications. They include the following (from the oldest to the latest security products):

WAF security
Application security testing
Cloud security solutions
API security
Software supply-chain security

Developer security categorizations:

Shift-left: Application security testing and software supply chain companies protect against threats during the source, build, testing and packaging development of applications. This is the concept of shifting left, which aims to prevent risks in the earliest stages of developing software.
Shifting right: Cloud security, application monitoring and API/WAF security are technologies deployed shifting right of the stack, i.e. protecting applications once they have been deployed in production in cloud environments.

Developer and cloud security platforms protect these SaaS applications against potential threats once they are brought into an enterprise network.

Application Security Testing (AST)

AST tools play a critical role in software development by identifying threats before and when applications are deployed. AST solutions scan an application for vulnerabilities before, during and after the software development stage. They are used to discover and remediate known vulnerabilities within code. AST exists in three major categories include:

Static Application Security Testing (SAST): They inspect and scan source code to find coding errors, lack of compliance with organizational standards, and validation issues. SAST tools generally provide a report on their findings to developers to fix any known issues before committing code to the next stage of development.
Dynamic Application Security Testing (DAST): They are testing tools used when applications are deployed. DAST inspects an application in runtime to understand how it responds to security vulnerabilities. They can identify how the software will respond to unexpected user actions or potential hackers.
Interactive Application Security Testing (IAST): Advanced testing solutions that combine some elements of SAST (scanning source code level) and DAST (scanning applications when deployed) to find vulnerabilities in applications. IAST can provide analytical results of issues in real time for developers.

There are other forms of testing used by developers, including Fuzz testing (automated tests to discover coding errors) and penetration testing (simulates attacks to find vulnerabilities in the application software).

Software Supply Chain:

Over 90% of codebases and applications today utilize open-source software. Almost 85% to 97% of enterprises leverage open-source software. However, attackers have found ways to penetrate open-source software to steal or inflict harm on an organization, such as the large solar winds breach that happened a couple of years ago. As a result of the prevalence of open source and the rise of attacks, software supply chain (SSC) security emerged.

Software supply chain security aims to prevent malicious attacks from third-party open-source (dependencies) or during the software development stages (source, build and deploy stage). Historically, Software Composition Analysis (SCA), a process for identifying risks from open-source software, was developed to secure against these attacks. SCA tools and recent SSC companies can identify potential known or unknown vulnerabilities in open source. Key vendors include Snyk, Veracode, WhiteSource, Sonatype, Chainguard, Cloudsmith, Stackhawk etc.

Across the entire software development lifecycle, these are the core stages involved, as well as the security activities required at each stage.

Cloud Security:

The emergence of the public and private cloud has advanced computing and storage for the creation of software. More than 85% of organizations will be cloud-first by 2025, by which time all their systems will be cloud-based. The universal adoption of cloud computing will push cloud security from the cutting edge to the mainstream within the next 5 years. Most cloud breaches occur as a result of cloud misconfigurations, poorly configured cloud buckets, poor security practices, weak cloud security posture and many more.

As more companies and applications move to the cloud, the more risks and attacks are bound to rise. This necessitates the demand for more cloud-native security solutions to protect their entire estate. It is impossible for the major cloud providers to protect every cloud customer using their infrastructure. As a result, new cloud security players have emerged to solve this problem. Key vendors: Wiz, Datadog, Palo Alto Networks Prisma Cloud etc. Cloud security can be categorized into the following areas:

CWPP (Cloud Workload Protection Platforms (CWPP) - These are technologies for protecting a company’s workloads, such as containers within different cloud environments.

Cloud Security Posture Management (CSPM) - Technologies for protecting and enforcing policies, standards, and compliance on the cloud.
Cloud Infrastructure Entitlements Management (CIEM) - Technologies for helping companies manage identities, permissions, and access control in cloud environments.
Cloud Access Security Brokers (CASB): Technologies for protecting user access to applications and SaaS applications on the cloud.

API/WAF Security:

Web Application Firewall (WAF) are web firewalls that sit between an application and its underlying infrastructure (servers) to monitor online threats and web traffic against your applications. Key WAF vendors include players like Cloudflare or Imperva.

API security primarily protects APIs but scans for risks and vulnerabilities during the DevOps and API threats when applications are deployed. Key API companies include the likes of Salt or Cequence Security.

Cloud/API/WAF technologies, together with runtime application security (RAS) and runtime application self-protection (RASP), are critical technologies used closer to when applications are deployed in the cloud.

Note: We haven’t discussed APM and containers, but they are core components for protecting applications.

Observability and Application Performance Monitoring (APM): Once the software has been deployed. Application performance monitoring platforms are installed for application monitoring, tracing, diagnostics, and performance. This domain can be complementary rather than a full cybersecurity solution. Key vendors include Datadog, New Relic, Sentry etc.
Containers and IaC Scanning Security: Increasingly containers have become a core component for building applications. Container platforms like Docker, contain all the necessary elements and dependencies required for developers to deploy applications in a portable and self-sufficient way but presents risks. Increasingly, there are security solutions for Container image scanning that look for vulnerabilities in containers. Similarly, there are security solutions that scan Infrastructure as Code (IaC) templates like Terraform for vulnerabilities and misconfigurations.

Network:

In my opinion, the network is the most central and critical part of enterprise security. Networking enables the communication between hardware and software. Network security solutions are designed to monitor network traffic requests coming in and out of the company’s network to stop threats before they materialize.

Network security at the basic level refers to security solutions that protect you every time you click on a URL, connect to a hotspot, visit a website link, or access your company’s network within a company’s network.

Historically, companies used a castle and moat approach to protect their network. They set up a network perimeter which can be thought of as a company’s walled garden to protect themselves. A company’s perimeter deals with both its VPN (virtual private networks) and its WAN (wireless area networks), which connect separate networks to join various physical locations together. However, in recent years, attackers found ways to break through this walled garden. This led to the rise of zero-trust architecture security that emphasizes least-privilege access for every company application. Implementing Zero Trust constantly requires all users, whether in or outside the organization's network, to be authenticated and authorized before accessing the network.

Firewalls:

Firewalls have historically been central to networking and the cybersecurity industry. Firewalls use rules to protect a company’s incoming and outgoing network traffic on the internet.

💡 An analogy would be the TSA and customs screening at an airport. Whenever, you leave or return back into the country, you must get screened. Similarly, firewalls permit data packets to go inside and outside of a company’s network using specific rules and policies.

Network traffic refers to the packets that pass through a network. However, not all network traffic is safe. Attackers can generate malicious network traffic (or data packets) designed to compromise or overwhelm a network. This can take the form of a distributed denial-of-service (DDoS) attack, vulnerability exploitation, or several other forms of cyber-attack. For more information, see the full reading.

Therefore, network security tools like firewalls and its associated technologies like secure networking, secure web gateway (SWG), Intrusion Prevention System (IPS), and Intrusion Detection System (IDS) are deployed to protect a company’s network. Key vendors: Palo Alto Networks, Fortinet, Zscaler and Cloudflare etc.

Note: Micro-segmentation is a core part of network security, but I haven’t decided not to provide an extensive explanation.
Micro-segmentation (also called identity-based segmentation) is a close term to network traffic security. It’s a form of zero trust networking that uses policy and application workload identity to isolate workloads, applications, and processes in data centers, the public cloud, and containers. Micro-segmentation can enforce security policies, limit the lateral spread of attacks, reduce the attack surface, and offer visibility across the network. Key providers include Illumio.

Secure Access Service Edge (SASE):

SASE, pronounced as "SaaSy," is a cloud-native framework developed by Gartner for securing an organization's network connection. SASE merges networking (internet traffic above) and security into one control plane that is delivered over an edge-based cloud platform. Secure Service Edge (SSE)/SASE secures access to the web, cloud services and private applications regardless of the location of the user or the device they are using or where that application is hosted. The objective is to provide enhanced security for remote users and full visibility for SaaS applications. SASE is mostly applicable to large enterprises with multiple branch locations and employees around the world.

SASE is one of the fastest-growing segments in cybersecurity. There is so much to discuss about SASE; you can see my full report, which explores everything to know about this technology.

SASE Breakdown: Understanding the technology, the biggest drivers behind SASE and differences amongst the major vendors. Find the report below:
SASE Breakdown: A Deep-dive And The Key Players To Watch In 2023
Francis (Software Analyst)
·
April 1, 2023
Read full story

Secure Access:

Secure remote access technologies are network security products that ensure that only authorized entities have the permissions and credentials necessary to access specific resources within a company’s private network or cloud environment. Many of these companies offer solutions that aim to replace legacy VPNs (virtual private networks) with more remote work capabilities. Their technologies often involve creating secure tunnels, gateways and authentication mechanisms for users and devices to access network resources without exposing them directly to the public internet. This sector includes companies like Tailscale, Twingate, and Teleport.

PEOPLE:

People is a nuanced word for this categorization of cybersecurity. Fundamentally, humans are at the heart of cybersecurity. Humans are the most vulnerable link to cyberattacks in any enterprise. They are also the individuals responsible for protecting their enterprises against attacks. This category of security can be broken down into:

Access: Identity security is responsible for managing people’s access to hardware, software, and the enterprise network.
Internal tools: Security Operations Center (SecOps) teams and the technologies they use internally within an organization to protect themselves against attackers.
External services: These are external managed services or consultants incurred by companies to help them assess, manage, and secure their companies against attackers.

Identity Security:

Identity and access management (IAM) revolves around verifying human identity - who are you? what company resource are you authorized to access? and what your typical behaviour should look like (vs. fraudulent bad actors with false identities). Access management tools focus on delivering access control to applications and data through the authentication and authorization of users. Identity security can be broken into two key categories:

Authentication involves verifying a user is who they claim to be. Technologies such as Multi-factor Authentication (MFA), Usernames/passwords, etc., are used to accomplish this task. Authentication categories include IAM (Identity access management), customer Identity, and CIAM (customer identity and access management).
Authorization entails granting verified users their precise level of access and privileges to entitled company resources based on role. Authorization can be implemented using active directory (AD) databases like Microsoft Active Directory that contain all user information and resources they are authorized to use.

Source: Truist Securities

Authentication and authorization are foundational to identity security. However, we can further break down identity security into two primary categories related to how the technology is implemented:

Workforce identity focuses more on the enterprise and granting access privileges for employees of an organization’s workforce, including contractors and external partners that need to access a company’s network. Workforce identity leverages access management solutions such as Privileged Access Management (PAM) and Identity and Governance Management (IGA). PAM tools are aimed at preventing credential theft using least privilege theft. Meanwhile, IGA is more of a framework and policy-based for managing digital identities and access control. Key vendors include Okta, Ping Identity, BeyondTrust etc.
Customer identity has evolved in recent years as user preferences have changed. Customers want faster log-in with minimal friction. Companies want to ensure they have strong security while not losing the customer. Customer identity aims to fix this problem. New technologies like Customer Identity and Access Management (CIAM) aim to provide improved security/compliance that is aligned with enhanced customer experience and business objectives. For example, many new apps today allow you to use your “Google account“ to register/create new accounts with them. This is called Bring Your Own Identity, or BYOI, which enables users to register with and log into services using pre-existing credentials.

Identity goes much deeper than each of these components, especially as companies move to the cloud. Newer technologies like Cloud Infrastructure Entitlement Management (CIEM) are increasingly becoming important across workforce and customer identity. However, for simplicity's sake, these are the basic concepts required for a foundational knowledge within identity security.

Security Operations (SecOps) Center:

SecOps are people and technologies involved with protecting, capturing, analyzing security information, and responding to cyber-attacks within an enterprise. These are security analysts (SOC Analysts) or employees responsible for managing all the hardware, software, and identity security components of a company.

Many of the technologies discussed throughout this report are used by SOC teams to protect their organizations. However, here are a few core technologies implemented to analyze security data and proactively monitor or investigate threats:

Security Information and Event Management (SIEM) are technologies used to consolidate and correlate security log data for the identification of security incidents. Key vendors include Splunk, Elastic etc.
User and Entity Behavior Analytics (UEBA) are technologies that use algorithms and machine learning to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network. Key vendors include Securonix UEBA, Exabeam Behavioral Analytics
Security Orchestration, Automation, and Response (SOAR) / No-Code Automation are technologies used for collecting data from various security operations sources and automating incident response activities and workflows. In recent years, newer security automation solutions like no-code platforms have evolved to automate many of the manual tasks and workflows for security professionals. Key vendors include FireEye Helix, Cyware, Swimlane, Tines etc.

Managed Services and Consulting:

These are external outsourced cybersecurity services for companies that do not have the budget and resources to build in-house security teams/products to monitor their network and devices against cyber threats.

Managed security service provider (MSSP): This is a basic outsourced security service for companies. MSSPs provide security monitoring and incident response for an organization’s enterprise network and endpoint.
Managed Detection and Response (MDR): This is an advanced form of outsourced security services (beyond MSSP) where the MDR takes full responsibility for managing all security, threat hunting and incident response for a company.
Threat Intelligence: These solutions provide enterprises with knowledge, information, and data about global cybersecurity threats. Security teams use this knowledge to prepare and improve their security posture and reduce the risk of a security breach.
Professional services: These are advisory firms that provide cybersecurity risk management services and security auditing to companies. These firms provide consulting, assessment, or advisory services rather than provide core security services.

Data, Risk And Compliance:

This category of security covers privacy management and data protection. Over the past decade, data has become an integral part of assets and information within the enterprise. This field has also gained traction because of the increasing amount of regulations for companies to protect customer and user data from being stolen. These security tools protect data through processes like data masking, encryption, and redaction of sensitive information. I’ve broken down this category into:

Data security
Vulnerability Management & Assessment (VMA)
Risk Management, governance, risk, and compliance (GRC)

Data

Data is the most valuable asset for bad actors. Although many of the solutions discussed above protect a company’s data asset in various ways. However, due to the sophistication of attackers, the evolution of technology and the loopholes from legacy security players, newer solutions have evolved to solve these new threats.

Data Loss Prevention (DLP) companies are responsible for preventing the leakage, transmission, or loss of sensitive data from an enterprise. The underlying technology uses data classification labelling, tagging and content inspection rules to identify sensitive content and analyze employee actions.
Email Security: Email is generally categorized under data security. Email is the most common vector used by hackers for targeted attacks and phishing campaigns aimed at both corporate users and consumers. According to Gartner, 40% of modern ransomware attacks infiltrate through email. The most common email attack is what is categorized as business email compromise (BEC), where a threat actor poses as a third-party partner requesting a general wire transfer. The major providers here, such as Proofpoint Security, use spam filtering, quarantine capabilities, URL rewriting, and antivirus to protect against email attacks.
Data Security Posture Management (DSPM): These companies provide companies with visibility and control over their data (data in motion and data at rest). As data continues to explode with new technologies and more data regulations like GDPR continue to be enforced, DSPM technologies give companies clear visibility into sensitive data. They scan multiple structured and unstructured data stores to identify, search, index, track, and analyze sensitive data to help companies stay compliant. They help enterprises answer these questions such as: Where is my data? what type of data do employees access? DSPM providers use data discovery and data flow analysis tools that help companies map the inflow/outflow of data, so if a data breach occurs, they can provide enterprises with answers such as the lineage of the data that was breached/how it happens. Some key players include Rubrik, Normalyze, Dig Security etc.
*AI Security: This is the latest and hottest space in technology (and cybersecurity). AI security primarily covers security for Generative AI and Large Language Models (LLMs). The objective is to protect the entire lifecycle of building and deploying a model. For example, these new security solutions can protect against data poisoning, which happens when an attacker tries to tamper and inject malicious data used by an ML model. Some of the leading startups in this new category include HiddenLayer and Protect AI.

Governance Risk & Compliance (GRC) and Privacy:

Governance, risk and compliance (GRC) is a category of security that aims to synchronize risk management into a centralized function to help prevent or act immediately in the case of a breach or cyber-attack. GRC is one of those areas of security that integrates closely with the business and its core operational process.

Governance and Risk companies are responsible for helping companies develop robust governance policies and systems around risk management reporting, standards, and metrics. They provide tools for developing risk quantification, assessment, and ratings. For example, this sector deals with Cyber insurance or governance frameworks like enforcing security awareness through training protocols.
Compliance companies help enterprises enforce compliance standards and keep up to date with the latest regulations and standards enforced by governments and key non-governmental organizations. It involves compliance automation technologies which enable companies to comply with government regulations. Key vendors include OneTrust, Vanta, Secureframe, Tugboat Logic, and Drata, enabling companies to stay compliant with HIPAA, Sarbanes-Oxley (SOX), GDPR, SOC 2, and ISO 27001.

Vulnerability Management and Assessment (VMA):

Vulnerability management solutions are often one of the most important parts of an enterprise’s security posture. VMA solutions provide a broad set of capabilities and tools used to identify, classify, prioritize, and mitigate software vulnerabilities.

VM technologies utilize software agents that are installed across an enterprise’s network devices, servers, devices, and applications to constantly scan and discover security gaps, misconfiguration, and any potential vulnerabilities. VMA offers a broad range of features that can help organizations perform breach and attack simulations to stress test their environments against popular cyberattacks. The three major players in this space include Rapid7, Tenable, and Qualys.

It’s also important to call out a sub-category called External Attack Surface Management (EASM) that helps organizations discover and map how their data assets look from the external corporate wall. EASM provides organizations with visibility into their known and unknown internet-facing assets like APIs and give enterprises an outside view of their environment to enable discover weaknesses attackers could exploit.

Conclusion: Where do we go from here?

This beginner guide has provided a broad categorization of the cybersecurity industry. The fact that many sub-categorizations were not covered in this report shows the complexities and fragmentation within this sector.

As newer advancements in technology continue to expand every day in cloud and AI, the threat landscape will only worsen. This will continue to lead to many more point solution startups. The macro slowdown was meant to provide a huge tailwind of vendor consolidation; while there has been progress, it still feels like the industry has a long way to go.

The goal of sharing this framework was an attempt to simplify this complex industry. There is no one-size-fits-all that covers a space with 3000+ vendors. However, I’m open to feedback on this framework I developed. The most important thing to note is that cybersecurity all goes back to the basics. Every company, small or large, needs to protect their devices and software applications, manage user identities and develop risk management solutions on their network.

🖥️ Cybersecurity & SaaS Bootcamp Goes Deeper 🖥️

This report is a sneak peek into the reports we share and teach during our upcoming cybersecurity bootcamp. Our cybersecurity program delves deeper into each of these foundational components providing an easy framework whether you’re an operator, investor or someone who wants to expand their knowledge of cybersecurity. We also cover the leading cybersecurity companies on the market.

Full details here → Cybersecurity & SaaS Bootcamp!

Join Bootcamp

Thank you for reading. Please share this with anyone who may find it valuable!

Subscribe:
Why? Here are some of my past cybersecurity reports: Cybersecurity Landscape, Endpoint Security, and more. Future posts will cover an updated version 2 of this report, Topics such as Software Supply Chain Security, Data security, and more real-world applications of these concepts!

Share your thoughts/feedback:

SASE Breakdown: A Deep-dive And The Key Players To Watch In 2023

Discussion about this post

Ready for more?