What are the types of threat management?
Unified threat management (UTM)
UTM security combines multiple network security features or services into a unified platform or appliance that can be managed on-premises or from the cloud. UTM cybersecurity features vary per vendor but often include a VPN, application visibility and control, malware protection, content and URL filtering, threat intelligence, and intrusion prevention systems (IPS).
Managed detection and response (MDR)
MDR is a threat management service led by a team of skilled security experts who monitor security data 24/7 to rapidly detect and respond to threats. MDR solutions leverage advanced threat intelligence tools and human investigation to identify and contain threats faster for organisations.
Extended detection and response (XDR)
XDR solutions provide visibility into data across networks, clouds, endpoints, and applications. They employ analytics and automation to detect, analyse, hunt, and remediate immediate and potential threats.
Security information and event management (SIEM)
SIEM is a security tool that aggregates log and event data, threat intelligence, and security alerts. SIEM cybersecurity software applies customised rules to prioritise threat alerts, helping security professionals better interpret data and respond to events faster.
Security orchestration, automation, and response (SOAR)
SOAR is a technology stack that streamlines threat management. It automates processes, orchestrates security tools, and facilitates incident response. SOAR enhances efficiency by reducing manual tasks, accelerating incident resolution, and enabling better collaboration among security teams.
Vulnerability management (VM)
VM is a proactive component of threat management that aims to reduce the risk of exploits. VM solutions help identify, track, prioritise, and remediate security weaknesses and flaws in IT systems and software to reduce the risk of exploitation, data leakage, and cyberattacks.
Next-generation intrusion prevention system (NGIPS)
NGIPS delivers advanced threat defense by analysing users, applications, devices, and vulnerabilities across the network, for on-premises devices, cloud infrastructure, and common hypervisors. NGIPS supports network segmentation, enforces cloud security, and prioritises vulnerabilities for patching.
Advanced malware protection (AMP)
AMP is an antivirus software that defends against sophisticated malware threats. AMP protects computer systems by proactively identifying and blocking dangerous software viruses like spyware, worms, ransomware, Trojans, and adware.
Next-generation firewall (NGFW)
An NGFW is a network security device that enforces security policies on network traffic to allow traffic or block modern threats like application-layer attacks and advanced malware. A threat-focused NGFW offers added context awareness, dynamic remediation, and network and endpoint event correlation that reduce detection to recovery time.