DOMAIN 13 Security as a Service Flashcards
Major Categories of Security as a Service Offering:
Identity, Entitlement, and Access Management Services,
Cloud Access and Security Brokers,
Web Security (Web Security Gateways),
Email Security,
Security Assessment,
Web Application Firewalls (WAF),
Intrusion Detection/Prevention (IDS/IPS),
Security Information & Event Management (SIEM),
Encryption and Key Management,
Business Continuity and Disaster Recovery,
Security Management,
Distributed Denial of Service Protection
There are three main categories of security assessments:
•• Traditional security/vulnerability assessments of assets that are deployed in the cloud (e.g.
virtual machines/instances for patches and vulnerabilities) or on-premises.
•• Application security assessments, including SAST, DAST, and management of RASP (Runtime Application Self-Protection).
•• Cloud platform assessment tools that connect directly with the cloud service over API to assess not merely the assets deployed in the cloud, but the cloud configuration as well.