A cloud native security platform (CNSP) is a set of security practices and technologies designed specifically for applications built and deployed in cloud environments. It involves a shift in mindset from traditional security approaches, which often rely on network-based protections, to a more application-focused approach that emphasizes identity and access management, container security and workload security, and continuous monitoring and response. A CNSP offers three main benefits for cloud native applications:

• Agility: A CNSP enables faster and more frequent delivery of software updates, as security is built into the application and infrastructure from the ground up, rather than added on as an afterthought. This allows for seamless integration of security controls into the continuous integration/continuous delivery (CI/CD) pipeline, reducing the risk of security gaps or delays. A CNSP also leverages automation and orchestration to simplify and streamline security operations, such as configuration, patching, scanning, and remediation.
• Digital transformation: A CNSP supports the adoption of cloud native technologies, such as microservices, containers, serverless, and platform as a service (PaaS), which enable greater scalability, deployability, manageability, and performance of cloud applications. These technologies also allow for more innovation and experimentation, as developers can easily create, test, and deploy new features and functionalities. A CNSP helps to protect these cloud native architectures from threats and vulnerabilities, while also ensuring compliance with regulations and standards.
• Flexibility: A CNSP provides consistent and comprehensive security across different cloud environments, such as public, private, and multi-cloud. It also allows for customization and adaptation of security policies and controls to suit the specific needs and preferences of each application and organization. A CNSP can also integrate with other security tools and platforms, such as firewalls, endpoint protection, threat intelligence, and security information and event management (SIEM), to provide a holistic and unified view of the security posture and risk level of cloud applications.

References:

• What Is a Cloud Native Security Platform?
• What Is Cloud-Native Security?
• All You Need to Know About Cloud Native Security
• Top Five Benefits of Cloud Native Application Security

Simplicity: Because each device is centrally managed, with routing based on application policies, WAN managers can create and update security rules in real time as network requirements change. Also, when SD-WAN is combined with zero-touch provisioning, a feature that helps automate the deployment and configuration processes, organizations can further reduce the complexity, resources, and operating expenses required to spin up new sites. ● Improved performance: By allowing efficient access to cloud-based resources without the need to backhaul traffic to centralized locations, organizations can provide a better user experience.

Short-range wireless:

● Adaptive Network Technology+ (ANT+): ANT+ is a proprietary multicast wireless sensor

network technology primarily used in personal wearables, such as sports and fitness sensors.

● Bluetooth/Bluetooth Low-Energy (BLE): Bluetooth is a low-power, short-range

communications technology primarily designed for point-to-point communications between wireless devices in a hub-and-spoke topology. BLE (also known as Bluetooth Smart or Bluetooth 4.0+) devices consume significantly less power than Bluetooth devices and can access the internet directly through 6LoWPAN connectivity.

● Internet Protocol version 6 (IPv6) over Low-Power Wireless Personal Area Networks

(6LoWPAN): 6LoWPAN allows IPv6 traffic to be carried over low-power wireless mesh

networks. 6LoWPAN is designed for nodes and applications that require wireless internet

connectivity at relatively low data rates in small form factors, such as smart light bulbs

and smart meters.

● Wi-Fi/802.11: The Institute of Electrical and Electronics Engineers (IEEE) defines the 802

LAN protocol standards. 802.11 is the set of standards used for Wi-Fi networks typically

operating in the 2.4GHz and 5GHz frequency bands. The most common implementations

today include:

‒ 802.11n (labeled Wi-Fi 4 by the Wi-Fi Alliance), which operates on both 2.4GHz and 5GHz

bands at ranges from 54Mbps to 600Mbps

‒ 802.11ac (Wi-Fi 5), which operates on the 5GHz band at ranges from 433Mbps to 3.46

Gbps

‒ 802.11ax (Wi-Fi 6), which operates on the 2.4GHz and 5GHz bands (and all bands between 1 and 6GHz, when they become available for 802.11 use) at ranges up to 11Gbps

● Z-Wave: Z-Wave is a low-energy wireless mesh network protocol primarily used for home

automation applications such as smart appliances, lighting control, security systems,

smart thermostats, windows and locks, and garage doors.

● Zigbee/802.14: Zigbee is a low-cost, low-power wireless mesh network protocol based on the IEEE 802.15.4 standard. Zigbee is the dominant protocol in the low-power networking market, with a large installed base in industrial environments and smart home products.

● Reduce the attack surface: Best-of-breed technologies that are natively integrated provide a prevention architecture that inherently reduces the attack surface. This type of architecture allows organizations to exert positive control based on applications, users, and content, with support for open communication, orchestration, and visibility.

● Prevent all known threats, fast: A coordinated security platform accounts for the full scope of an attack across the various security controls that compose the security posture, thus enabling organizations to quickly identify and block known threats.

● Detect and prevent new, unknown threats with automation: Security that simply detects

threats and requires a manual response is too little, too late. Automated creation and

delivery of near-real-time protections against new threats to the various security solutions in the organization’s environments enable dynamic policy updates. These updates are

designed to allow enterprises to scale defenses with technology, rather than people.

Layer 4 of the TCP/IP model is the transport layer, which is responsible for providing reliable and efficient data transmission between hosts. The transport layer can use different protocols, such as TCP or UDP, depending on the requirements of the application. The transport layer also performs functions such as segmentation, acknowledgement, flow control, and error recovery. 1

The transport layer of the TCP/IP model corresponds to three layers of the OSI model: the transport layer, the session layer, and the presentation layer. The session layer of the OSI model manages the establishment, maintenance, and termination of sessions between applications. The session layer also provides services such as synchronization, dialogue control, and security. The presentation layer of the OSI model handles the representation, encoding, and formatting of data for the application layer. The presentation layer also performs functions such as compression, encryption, and translation. 23

References:

•1: TCP/IP Model - GeeksforGeeks

•2: Transport Layer | Layer 4 | The OSI-Model

•3: Transport Layer Explanation – Layer 4 of the OSI Model

 In SecOps, the identify stage is the first step in the security operations lifecycle. It involves gaining knowledge and understanding of the possible security threats and establishing methods to detect, respond and proactively prevent them from occurring1. Two of the components included in the identify stage are:

• Initial Research: This component involves gathering information about the organization’s assets, vulnerabilities, risks, and compliance requirements. It also involves identifying the key stakeholders, objectives, and metrics for the SecOps project2.
• Content Engineering: This component involves developing and maintaining the security content, such as rules, policies, signatures, and alerts, that will be used by the SecOps tools and processes. It also involves testing and validating the security content for accuracy and effectiveness3.

References: What is SecOps? (and what are the benefits and best practices?), SecOps - definition & overview, The Six Pillars of Effective Security Operations

Personally identifiable information (PII) is any data that can be used to identify someone. All information that directly or indirectly links to a person is considered PII1. Among PII, some pieces of information are more sensitive than others. Sensitive PII is sensitive information that directly identifies an individual and could cause significant harm if leaked or stolen2. Birthplace and name are examples of sensitive PII, as they can be used to distinguish or trace an individual’s identity, either alone or when combined with other information3. Login 10 and profession are not considered sensitive PII, as they are not unique to a person and do not reveal their identity. Login 10 is a non-sensitive PII that is easily accessible from public sources, while profession is not a PII at all, as it does not link to a specific individual4. References:

• 1: What is PII (personally identifiable information)? - Cloudflare
• 2: What is Personally Identifiable Information (PII)? | IBM
• 3: personally identifiable information - Glossary | CSRC
• 4: What Is Personally Identifiable Information (PII)? Types and Examples

In cloud computing, there are three main service models: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Each model defines the level of responsibility and control that the cloud provider and the cloud customer have over the cloud resources and services. The cloud provider is responsible for vulnerability and patch management of the underlying operating system in SaaS and PaaS models, while the cloud customer is responsible for it in IaaS model. In SaaS, the cloud provider delivers software applications over the internet and manages all aspects of the cloud infrastructure, platform, and application. The cloud customer only needs to access the software through a web browser or an API. In PaaS, the cloud provider offers a platform for developing, testing, and deploying applications and manages the cloud infrastructure and operating system. The cloud customer can use the platform tools and services to create and run their own applications. In IaaS, the cloud provider supplies the basic cloud infrastructure, such as servers, storage, and networking, and the cloud customer can provision and configure their own operating system, middleware, and applications. References: Cloud Computing Service Models, Cloud Security Fundamentals - Module 2: Cloud Computing Models, Palo Alto Networks Certified Cybersecurity Entry-level Technician (PCCET)