Dave Ishii - Problem Solving Blog

---

SASE (Secure Access Service Edge)

What it does:
Integrates network and security functions into a unified cloud-based service.

• Combines network security (like firewalls and secure gateways) with wide-area networking (WAN).

• Ensures secure, identity-based access regardless of user location.

• Simplifies management by centralizing security policy enforcement across all cloud and edge connections.

Related Tools:

• Cisco Umbrella (SASE)

• Palo Alto Prisma Access

• Zscaler SASE

---

CSPM (Cloud Security Posture Management)

What it does:
Monitors and manages security configurations of cloud services.

• Continuously checks cloud settings (IaaS, PaaS) for misconfigurations.

• Detects and reports compliance violations with security frameworks.

• Automates remediation or alerts to reduce configuration risks.

Related Tools:

• Prisma Cloud (by Palo Alto Networks)

• Check Point CloudGuard

• Wiz Security

---

SOAR (Security Orchestration, Automation and Response)

What it does:
Automates and integrates incident response workflows.

• Collects and correlates security alerts from multiple tools.

• Enables automated response playbooks to handle common threats.

• Helps security teams reduce manual workload and respond faster to incidents.

Related Tools:

• Splunk SOAR (formerly Phantom)

• IBM Security QRadar SOAR

• Cortex XSOAR (Palo Alto Networks)

---

SOC (Security Operation Center)

What it does:
Monitors, detects, and responds to cybersecurity threats in real time.

• Provides centralized oversight of network and system activity.

• Performs threat analysis and incident investigation.

• Coordinates rapid response and mitigation actions for detected attacks.

Related Tools:

• Microsoft Sentinel (SIEM/SOC platform)

• Elastic Security (SIEM)

• Splunk Enterprise Security

---

UEBA (User and Entity Behavior Analytics)

What it does:
Detects abnormal or risky behavior by analyzing user and device activity.

• Uses machine learning to model normal behavior patterns.

• Flags anomalies such as unusual logins or data access.

• Helps identify insider threats or compromised accounts early.

Related Tools:

• Exabeam UEBA

• Securonix UEBA

• Microsoft Defender for Identity

---

IRM (Information Rights Management)

What it does:
Protects sensitive information by controlling access and usage rights.

• Encrypts files and applies usage restrictions (view, edit, print, etc.).

• Manages permissions by user, device, or organization policy.

• Ensures data remains protected even after being shared externally.

Related Tools:

• Microsoft Purview Information Protection

• Seclore IRM

• NextLabs Rights Management

---