Making a Mesh of Things
The Cybersecurity Mesh Architecture Approach
Sign up to the Dedicated Cybersecurity Programme
What is the Cybersecurity Mesh?
The Cybersecurity mesh is a flexible, composable architecture that integrates widely distributed and disparate security services. Cybersecurity mesh enables best-of-breed, stand-alone security solutions to work together to improve overall security while moving control points closer to the assets they’re designed to protect. It can quickly and reliably verify identity, context and policy adherence across cloud and non-cloud environments.
The cybersecurity mesh is a modern conceptual approach to security architecture that enables the distributed enterprise to deploy and integrate security to assets, whether they’re on premises, in data centers or in the cloud.
Gartner predicts that by 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of individual security incidents by an average of 90%!!
The Cybersecurity Mesh is ‘bang on’ trend
This year Gartner listed the Cybersecurity Mesh architecture as one of their top cybersecurity trends for 2022.
Why? Because interoperability – the ability for technologies to communicate and share information – has become an enormous problem within the cybersecurity industry.
Technology manufacturers have historically worked in silos, with the aim of create best-of-breed solutions for businesses to procure. And they’ve been largely successful in doing so, meaning that businesses have lapped up these technologies.
The result? Businesses with a highly complex cybersecurity architecture, with some CISOs reporting that their portfolios contain a staggering 46 or more technologies!!1
Cybersecurity relies upon visibility, but as portfolios grow, visibility declines. Often under-resourced security teams are left having to gather data and information across disparate systems, and it is this interoperability issue that means breaches are not being identified for up to 287 days2.
The Solution? A cybersecurity mesh architecture. This open approach to cybersecurity will reduce complexity whilst improving efficiency, ultimately leading to a better overall security posture.
Learn more about the solutions that comprise the Cybersecurity Mesh
Explore the Cybersecurity Mesh
Devices & Servers
Mobile Threat Defense
As the name suggests, MTD solutions focus upon the threats that occur on our mobile devices. These technologies offer prevention, detection and remediation against attacks on iOS, Android and Chrome devices.
Endpoint Protection Platform
An EPP work to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts. Desirable EPP solutions are primarily cloud-managed, allowing the continuous monitoring and collection of activity data, along with the ability to take remote remediation actions, whether the endpoint is on the corporate network or outside of the office.
Endpoint Detection and Response
These solutions are used to detect and investigate threats at the endpoint. EDR solutions provide detection, investigation, threat hunting, and response capabilities. The telemetry collected by an EDR platform enables attacks to be fully triaged and investigated.
Cloud Access Security Brokers
Placed between cloud service consumers and providers, CASB solutions act as security policy enforcement points as cloud-based resources are accessed. CASBs enforce policies including authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention etc.
Cloud Workload Protection Platform
A CWPP solution ensures that workloads remain secure as they pass through multiple public cloud environments. The key benefit to this solution is that it enables organisations to manage several environments through a single console.
Cloud Security Posture Management
These solutions automate the identification and remediation of risks across cloud infrastructures, including Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS). CSPM is used for risk visualisation and assessment, incident response, compliance monitoring, and DevOps integration, and can uniformly apply best practices for cloud security to hybrid, multi-cloud, and container environments.
Users, Robots & Processes
Cloud Infrastructure Entitlement Management
CIEM solutions are focused upon managing cloud access risk through the governance of entitlements in hybrid and multi-cloud Infrastructure as a Service (IaaS). These solutions detect anomalies in account entitlements and usually provide remediation and enforcement of lease privilege approaches.
MFA is an approach to securing data and applications whereby the user is required to present a combination of two or credentials in order to prove their identity. This approach to authentication ensures that if one credential becomes compromised, the attacker will not be able to access the desired data or application.
Identity Governance and Administration
IGA is at the centre of IT operations, enabling and securing digital identities for all users, applications and data. It allows businesses to provide automated access to an ever-growing number of technology assets while managing potential security and compliance risks.
Privileged Access Management
Businesses implement PAM as part of a comprehensive cybersecurity strategy comprising people processes and technology. PAM protects against threats posed by credential theft and privilege misuse.
These solutions authenticate, authorize, and audit access to applications and IT systems. AM solutions help strengthen security and reduce risk by tightly controlling access to on-premises and cloud-based applications, services, and IT infrastructure.
Data Loss Protection
These solutions classify information content contained within an object whilst in storage, in use, or in transit across a network. DLP solutions can dynamically apply policies as well as apply enterprise data rights management protections.
Data classification is broadly defined as the process of organising data by relevant categories so that it may be used and protected more efficiently. Data classification is of particular importance when it comes to risk management, compliance, and data security. It also eliminates multiple duplications of data, which can reduce storage and backup costs while speeding up the search process.
Enterprise Digital Rights Managements
EDRM effectively protects data from thefts, misuse, or inadvertent disclosure, and mitigates the regulatory risk of collaboration and information exchange with users, partners, and vendors. This is done through managing and enforcing access and usage rights to information throughout its lifecycle.
Intrusion Detection and Prevention Systems
This solution operates to identify possible incidents, log information about them, works to stop them from occurring, and notify security teams about them. They can also be used by organisations to identify problems with security policies , document existing threats, and deter against security policy violations.
Secure Web Gateway
A SWG solution filters unwanted software/malware from user-initiated web traffic, enforcing corporate and regulatory compliance. These gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging (IM).
These solutions are engineered to be the central hub of all network security activity. As a first line of defence, EFWs can filter huge amounts of traffic – both incoming and outgoing – to allow or block traffic based on a defined set of security protocols. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.
Zero Trust Network Access
ZTNA is a solution that provides secure remote access – through a trust broker – to an organisation’s applications, data, and services based on clearly defined access control policies. The broker verifies the identity, context and policy adherence of the specified participants before allowing access and prohibits lateral movement elsewhere in the network. This removes application assets from public visibility and significantly reduces the surface area for attack.
Web Application Firewall
Attacks on applications can be blocked with the right WAF solution in place. Applications contain valuable data, making them a prime target for attacks such as cross-site scripting, SQL injection, cookie poisoning, among others.
Secure Email Gateway
All emails, incoming and outgoing, pass through a SEG. The SEG prevents unwanted emails such as spam, phishing, malware and fraudulent content from being received. It also analyses outgoing emails to prevent sensitive data from the leaving an organisation, encrypting data where applicable.
Interested in the solutions mentioned above?
Complete the form and we will be in touch