Chapter 4

Market Breakdown
by Type

© 2018 | BCC Research LLC IFT174A Cyber Security: North American Markets | 19
Chapter 4: Market Breakdown by Type

Types of Cyber Security

This chapter details the different types of cyber security: network security, endpoint security, wireless
security, content security, cloud security and application security.

Network Security
Organizations dealing in data and information have uncertainty about security and are worried about
hacking. Governments across the North American region have recognized the need for counter actions
and precautionary measures to handle cyberattacks, so they are investing heavily in order to protect
services and infrastructure. In general, it takes more than six months to detect an intrusion in a network
if firewalls are bypassed. The dependence on traditional threat detection, access control and threat
protection is limited. There are options available to mitigate cyber security risk that include limiting the
number of applications made available to end users or reducing the number of users in a network.
However, these actions would make an organization less efficient operationally and could even lead to
prompt users to avoid security rules. An effective network security plan is typically developed with a
comprehensive understanding of a network’s security issues, its potential attackers, the level of security
it needs, and factors that make the network vulnerable to attack.

Various ways to mitigate network security breaches are described below.

Antivirus Software
Antivirus software identifies and removes certain types of malicious codes called viruses. This software
is useful in preventing infections triggered due to different types of malware including worms, Trojan
horses, ransomware, etc. The key vendors for antivirus software are McAfee (Intel), Norton (Symantec)
and Kaspersky Labs, among others.

Anti-spy Software
Anti-spyware software prevents and detects unwanted spyware installations in a system. The software
also helps in removing installed spyware programs if they already exist in the system. There are normally
two ways for detecting spyware; the most common way is rule-based detection, which is based on
predefined rules that can be provided through downloadable definition files. The key vendors in the
anti-spyware software industry are TrendMicro, Sunbelt Software and Webroot, among others.

Firewalls
A firewall is a network security device used for granting access into the network to the traffic flowing in
from an untrusted zone or a trusted zone. In typical configurations, the internet is considered to be the
untrusted zone, and private or corporate networks are usually defined as trusted zones. The firewall
works as the segregation point in the network to grant or reject access to a network. Firewalls follow a
positive control model for access controls, which defines traffic flow that is allowed access into the
network as per an organization’s policy; any other traffic is actively stopped.

© 2018 | BCC Research LLC IFT174A Cyber Security: North American Markets | 20
Intrusion Detection Systems
An intrusion detection system (IDS) that is network based monitors and analyzes network traffic to
protect a system from different network-based threats. Based on the severity, which is identified while
the system is reading the inbound packets and different search patterns, the system could take
immediate action, which includes notifying the administrator or barring the IP of the unidentified
network.

Virtual Private Network

A virtual private network (VPN) is a method used to create an encrypted connection to add security and
privacy over a less secure network. A VPN ensures an appropriate level in the security of the connected
systems, if the original network infrastructure does not operate optimally. Cost and feasibility are the
two major factors that justify the usability of VPN over private networks. As an added benefit, using a
VPN enhances user privacy because the initial IP changes from the IP that is provided by the service
provider.

Endpoint Security
IT security is a priority in the current highly competitive environment. For example, laptops used in
organizations have restrictive security policies; however, laptops used outside of the organization have
fewer or no restrictions. This presents opportunities for theft and data breaches. Endpoint security is
undergoing a major revival with the upcoming new-generation products and services, which have
evolved from the antivirus software mantra of prevention to the more pragmatic and realistic method of
detection and incident response at the user’s device. An effective SSL VPN solution will provide superior
performance and also would slash operational expenses largely. This is sometimes helpful when a
person has hard-to-remove malware, a Windows update that is not working properly, or a user is not
always connected to the internet. Standardization is among the critical components to any thriving
endpoint security program.

An endpoint is still the most striking and soft entry point for cyber criminals and hackers to use to get
into larger targets. There is a treasure trove of intelligence about the attack at the endpoint, and EDR
(endpoint detection and response) tools take advantage of that by gathering and storing that
information in response to an ongoing attack and as intel to thwart future ones. Endpoint security
solutions are being increasingly adopted in various segments, such as government and defense; banking,
financial services and insurance (BFSI); and healthcare, and this has led to the growth of the market. The
availability of free endpoint security solutions and the internal threats targeting endpoints are, however,
restraining the growth of the market. Currently, organizations are exposed to serious risks as there are
too many entry points for potential threats to attack. The major vendors in the endpoint security market
include Symantec Corp., Intel Security, Trend Micro, Sophos and Kaspersky Labs, among others. This
whitelisting service also makes it possible for admins to generate logical groups of applications, for
example, browsers and mail clients, and also to determine whether each program is allowed to run.

Wireless Security
Network security in a wireless LAN environment is a unique challenge. Whereas wired networks send
electrical signals or pulses through cables, wireless signals propagate through the air. Therefore, it is
much easier to intercept wireless signals. There are a number of extremely serious risks and dangers if
wireless networks are left open and exposed to the outside world. The wireless networks based on

© 2018 | BCC Research LLC IFT174A Cyber Security: North American Markets | 21
802.11x have been plagued by some well-publicized security failings. The IEEE 802.11x protocol provides
a different approach to security and security management that overcomes the failings of 802.11x Wired
Equivalent Privacy (WEP). The wireless security protocols include WEP, WPA and WPA2. WEP was
designed to provide the same level of security as wired networks. WPA (Wi-Fi Protected Access)
Enterprise uses an authentication server to generate keys or certificates. The most significant
enhancement that WPA2 (Wi-Fi Protected Access version 2) offers over WPA is the use of the Advanced
Encryption Standard (AES) for encryption. The security provided by AES is sufficient (and approved) for
use by the U.S. government to encrypt information classified as top secret.

Access control arises from the fact that someone has to know the password to utilize the network. Thus,
one surefire way to handle the privacy issue is to make sure users only use services that are secured
with SSL, SSH, or another encryption technology. Only certain bands of the spectrum are permitted for
commercial usage, thus making bandwidth costly within the wireless world.

The most common wireless attacks are insertion attacks, interception and monitoring of wireless traffic,
misconfiguration, client-to-client attacks and jamming. If there is no password, an intruder can connect
to the internal network simply by enabling a wireless client to communicate with the access point.

As the name suggests, Mobile Ad Hoc Networks (MANET) were created with the aim of offering ad hoc
communication. Wireless alarm systems are among the most common do-it-yourself residential security
solutions. By employing the newest technology, wireless systems also provide reliable physical security.
In addition, wireless alarm systems can be installed just about anywhere.

Content Security
Security over internet activities is ensured by filtering content in various cases. Content filtering is
commonly implemented over the internet, and such filtering is achieved by firewalls. Firewalls block the
delivery of potentially harmful content to computers and devices, which protects the system from
attacks. There are several types of filters available in the market, such as email filters, filtered ISPs,
search-engine filters, network-based filters, client-side filters, etc. The filtering of content is
implemented by a range of approaches involving the use of firewalls, antivirus settings, etc. In current
networked systems, media filtering and data filtering, among others, are popular with organizations
because they prevent employees from downloading videos, files, etc. from undesirable web sources.
Individual users are adopting firewall settings that provide functions such as parental control. This
filtering is based on URLs, keywords, file types and databases.

Numerous cyber security providers are offering content filtering as part of their products. Firewall
solutions provisioned by market players could be customized as per a customer’s requirements.
Cyberoam, a SOPHOS company, offers its firewalls, which are developed according to the needs of
individual and corporate users. The company has provisioned its products under several brands such as
iView, NetGenie, etc. Another market player, Symantec, has provisioned its products such as firewalls,
client management suites, etc., to offer high-end content filtering solutions. McAfee (acquired by Intel)
offers filter solutions in its software, which are targeted for family protection.

The content security market is currently being driven by developments in overall business activities in
North America. Employees expect to access an organization’s records over the internet through login
gateways. Therefore, the need to maintain confidentiality and security of business data as well as the

© 2018 | BCC Research LLC IFT174A Cyber Security: North American Markets | 22
necessity to optimize internet traffic on the office network are driving the use of filtering firewalls. These
firewalls restrict the access and downloading of undesirable data as per a user’s level. Apart from this,
the concerns of parents about their children’s internet use are influencing the adoption of parental
control software. This software blocks the delivery of undesirable internet content to children.

Cloud Security
“Cloud security” and “security within the cloud” sound similar, but they are actually two separate types
of security. Organizations like the Cloud Security Alliance (CSA) are working towards building an action
plan to handle cloud security issues along with developing the methods that can be used to address
them. There can be some great benefits to using cloud applications prior to, during and following a
cyberattack as long as an organization maintains strict security policies.

Cloud computing has now developed into a highly demanding service or utility because of the following
advantages: significant computing power, low expense of services, superior performance, scalability,
and accessibility along with availability. Companies offer both free-of-charge limited storage and paid
accounts whose price depends upon the quantity of space needed. Security-as-a-service offerings
likewise make heavy usage of APIs (application program interface).

Turning to security within the cloud must be the very first field of defense of an integrated security
strategy. Cloud security has caused a shift in investment priorities, with new investments in intrusion
prevention systems (IPS) and security info and event management (SIEM). Users must look closely at
application security, and also security issues enclosing the management APIs, for example,
authentication, authorization and auditing. Typically that is permitted in their own privacy policies,
which users need to agree to before they begin using cloud services.

Cloud services may be a significant segment of the business enterprise continuity strategy. There are a
variety of methods to preventing data loss. In the top case, they might involve re-selling storage from a
reliable provider like Amazon Web Services.

As cloud computing grows in popularity, tens of thousands of companies are simply rebranding their
non-cloud services and products as cloud computing. The result of the mid-point in migration is
increased network complexity. This abstraction is steadily turning into a reality as a handful of academic
and company leaders in this area of science are spiraling toward cloud computing. Regaining control and
visibility is a sign that the vendors may soon reap the price, flexibility and productivity benefits of the
cloud-first strategy that the modern IT environment demands.

The cloud may have been in the promotion stage four decades ago, but today it is a required small
business driver. Cloud computing boosts security in ways that many could not have afforded in years
prior. Furthermore, today users can readily pick up the tools essential to create a cloud implementation
strategy to guarantee security on their own personal or company network. Despite the fact that
different methodologies might be implemented in inspecting a system’s integrity, an action plan needs
to be developed that is specific to each company. There is, however, a slight reluctance on part of the
cloud providers to generate standards before the industry landscape is totally formed.

© 2018 | BCC Research LLC IFT174A Cyber Security: North American Markets | 23