article

Types of cybersecurity

What is cybersecurity?

Cybersecurity is the practice of using technology, controls, and processes to protect digital networks, devices, and data from unauthorized access by malicious attackers or unintentional activity. It protects the confidentiality, integrity, and availability of information.

Ten types of cybersecurity

Many types of cybersecurity are employed to protect digital systems from malicious and accidental threats. It is helpful to understand the ten most commonly referenced types of cybersecurity.

  1. Application security
    Application security prevents unauthorized access and use of applications and connected data. Because most vulnerabilities are introduced during the development and publishing stages, application security includes many types of cybersecurity solutions to help identify flaws during the design and development phases that could be exploited and alert teams so they can be fixed.

    Despite best efforts, flaws do slip through the cracks. Application security also helps protect against these vulnerabilities.

    A subset of application security is web application security. It focuses on protecting web applications, which are frequently targeted by cyber attacks.
  2. Cloud security
    Cloud security focuses on protecting cloud-based assets and services, including applications, data, and infrastructure. Most cloud security is managed as a shared responsibility between organizations and cloud service providers.

    In this shared responsibility model, cloud service providers handle security for the cloud environment, and organizations secure what is in the cloud. Generally, the responsibilities are divided as shown below.
  3. Critical infrastructure security
    Special security processes and types of cybersecurity solutions are used to protect the networks, applications, systems, and digital assets depended on by critical infrastructure organizations (e.g., communications, dams, energy, public sector, and transportation). Critical infrastructure has been more vulnerable to cyber attacks that target legacy systems, such as SCADA (supervisory control and data acquisition) systems. While critical infrastructure organizations use many of the same types of cybersecurity as other subcategories, it is often deployed in different ways.
  4. Data security
    A subset of information security, data security combines many types of cybersecurity solutions to protect the confidentiality, integrity, and availability of digital assets at rest (i.e., while being stored) and in motion (i.e., while being transmitted).
  5. Endpoint security
    Desktops, laptops, mobile devices, servers, and other endpoints are the most common entry point for cyber attacks. Endpoint security protects these devices and the data they house. It also encompasses other types of cybersecurity that are used to protect networks from cyber attacks that use endpoints as the point of entry.
  6. IoT (Internet of Things) security
    IoT security seeks to minimize the vulnerabilities that these proliferating devices bring to organizations. It uses different types of cybersecurity to detect and classify them, segment them to limit network exposure, and seek to mitigate threats related to unpatched firmware and other related flaws.
  7. Mobile security
    Mobile security encompasses types of cybersecurity used to protect mobile devices (e.g., phones, tablets, and laptops) from unauthorized access and becoming an attack vector used to get into and move networks.
  8. Network security
    Network security includes software and hardware solutions that protect against incidents that result in unauthorized access or service disruption. This includes monitoring and responding to risks that impact network software (e.g., operating systems and protocols) and hardware (e.g., servers, clients, hubs, switches, bridges, peers, and connecting devices).

    The majority of cyber attacks start over a network. Network cybersecurity is designed to monitor, detect, and respond to network-focused threats.
  9. Operational security
    Operational security covers many types of cybersecurity processes and technology used to protect sensitive systems and data by establishing protocols for access and monitoring to detect unusual behavior that could be a sign of malicious activity.
  10. Zero trust
    The zero trust security model replaces the traditional perimeter-focused approach of building walls around an organization’s critical assets and systems. There are several defining characteristics of the zero trust approach, which leverages many types of cybersecurity.

    At its core, zero trust is based on several practices, including:
    1. Continuously verifying users’ identity
    2. Establishing and enforcing the principle of least privilege for access, granting only the access that is explicitly required for a user to perform a job and only for as long as that access is required
    3. Microsegmenting networks
    4. Trusting no users (i.e., internal or external)

Cybersecurity subcategories

Many of the solutions within each of these types of cybersecurity are used across subcategories, including the following.

Anti-malware or anti-virus software

Anti-malware, also called anti-virus software, is a type of software designed to protect digital systems from malicious software, such as viruses, worms, and trojans that spread malware like keyloggers, spyware, adware, and ransomware. These programs continuously scan for malware and can automatically quarantine or remove it when it is detected.

Data backup

Data backup is considered a critical component of a robust cybersecurity strategy. Having readily accessible copies of data facilitates a rapid recovery in the event of a cyber attack, especially in the event of a ransomware attack.

Data backups involve creating and storing duplicates of critical information. A best practice for data backups is to use the 3-2-1 method, which stores three copies of data. Two copies are stored on different types of storage media, and one copy is stored at an offsite location.

Data loss prevention (DLP)

Data loss prevention solutions identify and prevent unauthorized sharing, transfer, or use of data on on-premise systems, cloud environments, and endpoint devices (e.g., end-user systems). Used to protect sensitive information, DLP plays a vital role in preventing data breaches and other inappropriate data exfiltration. DLP solutions protect information in motion, in use, and at rest.

Encryption

Encryption is a cybersecurity tool that encodes data into an unreadable format that can only be decoded with a unique key. The most widely used type of encryption is the Advanced Encryption Standard (AES), which uses a symmetric encryption algorithm to encode data. Once encrypted, the information is protected from unauthorized viewing or modification. This makes encryption a cornerstone of data security but, unfortunately, a powerful weapon in the hands of threat actors who use it for malicious purposes, such as ransomware attacks.

Endpoint detection and response (EDR)

Endpoint detection and response continuously monitor endpoint devices, such as desktop systems, laptops, servers, smartphones, tablets, virtual machines, workstations, and IoT devices (e.g., cameras, printers, and scanners), to identify and proactively respond to cyber threats.

Also referred to as endpoint threat detection and response (EDTR), EDR solutions also provide insights to help security teams respond to threats. These tools track what happened in the event of an incident, including the point of entry, the scope of the spread, and recommendations for how to mitigate it. EDR systems can also perform automatic actions when threats are detected, such as sending alerts and quarantining affected systems.

Enterprise mobility management (EMM)

With enterprise mobility management, organizations can secure employees’ use of mobile devices, including bring your own device (BYOD), wireless networks, and mobile applications. EMM also helps IT departments more easily distribute and update applications on mobile devices.

Firewalls

Firewalls are a type of network security system that monitors and controls traffic coming into and out of a network. Usually positioned between public or untrusted networks (e.g., the internet) and private networks or intranets, firewalls stop unauthorized or malicious traffic from moving in or out of networks. Traffic content is assessed based on an established set of security rules. The three types of firewalls are hardware-based appliances, software-based systems, and those that are hosted and offered as a cloud service.

Identity and access management (IAM)

Identity and access management (IAM) is a collection of cybersecurity technology, policies, and processes that are used to protect data, applications systems, and services located on-premises, remote locations, and in the cloud. The components of IAM solutions are used in concert to control access to digital resources by managing and maintaining users’ digital identities and associated access privileges throughout their lifecycle. These tools ensure that users (i.e., human and non-human) have access to the digital resources that they need when they need them while restricting excessive or unauthorized access.

Intrusion detection and prevention system (IDPS)

An intrusion detection and prevention system (IDPS) combines the capabilities of intrusion detection and intrusion prevention into a single solution. These tools provide end-to-end network protection by monitoring for and identifying suspicious activity, alerting security personnel, and automating responses to mitigate and remediate threats.

Multi-factor authentication (MFA)

Multi-factor authentication is a layered security approach for controlling access to digital systems. With MFA, users are required to provide two or more factors (i.e., unique identifiers) before gaining access to a resource. Three types of factors are commonly used for MFA: Knowledge or something you know (e.g., password), possession or something you have (e.g., a smartphone or token), and inherence or something you are (e.g., fingerprint or iris scan).

Network access control (NAC)

Network access control is a subset of identity and access management that is focused on protecting networks from unauthorized access by people, systems, or applications. NAC solutions enforce policies that ensure that only authenticated users can gain access.

Next-generation firewall (NGFW)

Next-generation firewalls add advanced functionality to traditional firewall capabilities to enhance threat detection and response. NGFWs not only detect threats but prioritize them and offer recommendations for remediation that cannot be handled automatically. Additional capabilities found in NGFWs are application awareness and control, deep packet inspection, intrusion prevention, threat intelligence, and malware protection.

Secure access service edge (SASE)

A secure access service edge (SASE) (pronounced “sassy”) is a cloud-native architecture used to provide a wide area network and security controls as a cloud service. It unifies SD-WAN and security functions, such as secure web gateway (SWG), cloud access security broker (CASB), firewall as a service (FWaaS), and zero trust network architecture (ZTNA) into one cloud service.

Security information and event management (SIEM)

Security information and event management solutions combine security event data from logs and then apply rules and statistical correlations to identify threats. Security teams rely on SIEMs to detect threats in real-time and direct actions to remediate or mitigate them. Insights provided by SIEMs are also used to manage incident response and identify root causes of incidents during forensic investigations.

Security orchestration, automation, and response (SOAR)

Security orchestration, automation, and response systems integrate separate security tools. This integration helps security teams more efficiently coordinate and automate repetitive tasks as well as streamline incident and threat response workflows. The three primary capabilities combined in a SOAR tool are threat management, incident response, and automation of security operations.

Threat intelligence

Threat intelligence is the result of gathering, analyzing, and interpreting data related to security threats. There are three types of threat intelligence—strategic, tactical, and operational. Threat intelligence is generated internally using data from an organization’s systems and externally by third parties.

User and entity behavior analytics (UEBA)

User and entity behavior analytics leverages machine learning algorithms and other advanced analytics approaches to identify unusual user (i.e., human and non-human) and device behavior that could be indicators of security threats. UEBA solutions can help security teams proactively detect lateral movement, the use of compromised credentials, and other malicious behavior.

Virtual private networks (VPNs)

A virtual private network extends a private network across one or more networks that are public, untrusted, or require isolation. VPNs create a virtual tunnel in which data is encrypted and internet protocol (IP) addresses are masked to provide privacy and data protection.

Web application firewalls (WAFs)

A web application firewall protects web applications, mobile apps, and APIs by filtering and monitoring HTTP traffic. WAFs stop attacks application-layer attacks, such as cross-site scripting (XSS), cross-site forgery, cookie poisoning, file inclusion, and SQL injection.

How cybersecurity threats have evolved

Types of cybersecurity threats have changed significantly since 1965, when the first computer vulnerability was exploited. The following is a brief timeline of notable incidents.

1965: Software vulnerability

William D. Mathews from the Massachusetts Institute of Technology (MIT) found a flaw in a Multics Compatible Time-Sharing System (CTSS), the first general-purpose time-sharing operating system. The vulnerability could be used to disclose the contents of the password file. This is widely held to be the first reported vulnerability in a computer system.

1970: Virus

Bob Thomas created the first virus and unleashed the first cyber attack. Meant as a joke, the program moved between computers and displayed the message, “I’m the creeper, catch me if you can.” In response, his friend, Ray Tomlinson, wrote a program that moved from computer to computer and duplicated itself as it went. The message was changed to “I’m the reaper, catch me if you can.” While these were intended to be practical jokes, they started what would evolve into the advent of malicious cyber attacks.

1989: Worm

The Morris Worm, created by Robert Morris to determine the size of the internet, ended up being responsible for the first-ever denial-of-service (DoS) attack. With an initial infection, the worm slowed computers, but by infecting the same system multiple times, the worm was able to cause systems to crash.

1989: Trojan

The first ransomware attack was perpetrated at the 1989 World Health Organization’s AIDS conference when Joseph Popp distrusted 20,000 inflected floppy discs. Once booted, the discs encrypted users’ files and the threat actors demanded payment to unencrypt them.

1990s: Fast-spreading, malicious viruses

Particularly virulent viruses began to emerge in the 1990s, with the I LOVE YOU and Melissa viruses spreading around the world, infecting tens of millions of systems and causing them to crash. These viruses were distributed via email.

Early 2000s: Advanced persistent threats (APTs)

The early 2000s saw the rise of advanced persistent threats (APTs), with the Titan Rain campaign aimed at computer systems in the US and believed to have been initiated by China. Perhaps the most famous ATP is the Stuxnet worm that was used to attack Iran’s SCADA (supervisory control and data acquisition) systems in 2010, which were integral to their nuclear program.

Early 2000s: Ransomware-as-a-service

The first ransomware-as-a-service, Reveton, was made available on the dark web in 2012. This allowed those without specialized technical abilities to rent a ransomware system, including collecting payments.

The 2013 emergency of the CryptoLocker ransomware marked a turning point for this malware. CryptoLocker not only used encryption to lock files, but was distributed using botnets.

2016: Botnets used to attack IoT devices

As the Internet of Things (IoT) exploded, this became a new attack vector. In 2016, the Mirai botnet was used to attack and infect more than 600,000 IoT devices worldwide.

2020: Supply chain attack

In 2020, a vulnerability in one enterprise organization’s network management system software was exploited by a group believed to be working with Russia. More than 18,000 customers were impacted when they deployed a malicious update that came from the compromised organization.

Present

Traditional cyber attack methods continue to be widely used because they remain effective. These are being joined by evolving versions that take advantage of machine learning (ML) and artificial intelligence (AI) to increase their reach and efficacy. Ironically, many of these attack methods take advantage of the technology that cybersecurity solutions use to thwart them.

Gen V attacks

Categorized as Mega attacks, Gen V is the latest generation of cyber threats. Gen V cyberattacks, which emerged in 2017, use large-scale, multi-vector approaches to target IT infrastructure with advanced attack technologies.

These cyber threats are believed to originate with state organizations that leak the technology to public cyber criminals. The hallmark of Gen V cyber attacks is that they attack multiple vectors and are polymorphic, changing as they move around and acting differently on different systems. NotPetya and WannaCry are examples of Gen V cyber attacks.

Supply chain attacks

Supply chain attacks have evolved with other attack vectors, since the same technologies and approaches are usually used. Supply chains have become a target for cyber criminals because these organizations provide an easier point of entry to specific enterprises than attacking those larger companies directly. Supply chain attack targets can be used to gain access to many organizations connected with the target.

Ransomware

Ransomware has seen a fast and virulent evolution due to its efficacy and profitability. Attacks have escalated in terms of the scope of what is held hostage and level of threats. Ransomware is used for extortion, with extorters threatening to disclose information or destroy vital data if the ransom terms are not met. Ransomware-as-a-service has also made it much more accessible to cybercriminals.

Phishing

Phishing attacks persist as a preferred attack vector for cyber criminals, but new approaches are emerging to evade cybersecurity measures, such as using QR codes to direct users to malware. There has also been an increase in multi-stage attacks to bypass multi-factor authentication.

Spear phishing and whale phishing are also on the rise. These approaches target specific individuals with messages developed using in-depth research to increase effectiveness. Phishing attacks are also increasing due to the increase in phishing kits sold on the dark web.

Malware

Malware continues to evolve by augmenting or changing legacy software using the latest technologies. Gen V cyber attacks leverage these newly updated malware packages.

What is a consolidated cybersecurity architecture?

A consolidated security architecture creates a single point of control for managing multiple types of cybersecurity solutions. When there were fairly limited types of cybersecurity products, it was possible to manage point solutions to defend against different threats and use cases. As the number of types of cybersecurity increased, the move to a unified approach was driven by:

  1. A growth of remote workforces that dissolved security perimeters and multiplied threat vectors as users connected from disparate points with varying degrees of protection.
  2. An endpoint explosion that started with desktop and laptop systems and grew to a great sprawl of connected devices, including mobile phones, tablets, and IoT devices.
  3. Increased complexity as new types of cybersecurity solutions were added to the defense mix to address new threats and hybrid environments (i.e., on-premises systems and users along with cloud systems and applications) that were difficult to monitor and manage.
  4. A need for more sophisticated types of cybersecurity to combat more adept cyber attackers with more advanced threats that could not be detected with legacy security tools.

A consolidated cybersecurity architecture was created to solve for these issues by integrating different types of cybersecurity and aggregating them under a centralized, scalable control platform. With this new model, specialized cybersecurity could be leveraged in the fight against threats and risks more cost-effectively and efficiently. A consolidated cybersecurity architecture delivers a number of benefits, including:

  1. Eliminating overlapping functionality that comes with disparate cybersecurity deployments
  2. Expediting the creation of rules and reports
  3. Filling gaps in security coverage due to multiple solutions’ inability to communicate and work together cohesively
  4. Maximizing efficacy of machine learning (ML) and artificial intelligence (AI) to improve detection capabilities and accelerate response times
  5. Providing broad visibility across all cybersecurity functions in the organization
  6. Reducing the expenses associated with purchasing and implementing different types of cybersecurity
  7. Reducing the number of tools and vendors needed to perform different cybersecurity functions
  8. Shifting to an integrated security approach that enhances cybersecurity posture
  9. Simplifying threat monitoring and prevention as well as incident response
  10. Streamlining management and maintenance of the many types of cybersecurity
  11. Unifying cybersecurity solutions to enable protection across all attack surfaces (e.g., networks, devices, and applications)

Many types of cybersecurity are needed to combat cybercrime

Cybercrime, attack surfaces, and attack methods continue to grow and evolve, getting more complex with time. The good news is that there are many types of cybersecurity solutions to combat cyber criminals. Taking time to understand the relevant threats and vulnerabilities helps organizations find the right mix of cybersecurity solutions and the best ways to deploy them.

DISCLAIMER: THE INFORMATION CONTAINED IN THIS ARTICLE IS FOR INFORMATIONAL PURPOSES ONLY, AND NOTHING CONVEYED IN THIS ARTICLE IS INTENDED TO CONSTITUTE ANY FORM OF LEGAL ADVICE. SAILPOINT CANNOT GIVE SUCH ADVICE AND RECOMMENDS THAT YOU CONTACT LEGAL COUNSEL REGARDING APPLICABLE LEGAL ISSUES.

Date: April 6, 2025Reading time: 19 minutes
SecurityZero Trust

Get started

See what SailPoint identity security can do for your organization

Discover how our solutions enable modern enterprises today to meet the challenge of ensuring secure access to resources without compromising productivity or innovation.

Request a demoContact us