| 🔐 MDM / MAM (Mobile Device/Application Management) | Manages, secures, and enforces policies on mobile devices and apps (phones, laptops, tablets). | Device compliance, remote wipe, app control. | Doesn’t protect against advanced malware or network threats. | EDR, IAM |
| 🛡️ EDR (Endpoint Detection & Response) | Monitors endpoints for suspicious activity and provides response tools. | Deep visibility on endpoints, behavioral detection, response actions. | Doesn’t prevent initial infection; reactive. | XDR, SIEM, MDM |
| ⚙️ XDR (Extended Detection & Response) | Combines EDR + network + email + cloud telemetry for unified threat detection. | Cross-domain visibility, correlation across layers. | Newer tech; complex integrations. | EDR, SIEM, NDR |
| 🌐 Firewall (NGFW) | Controls and filters traffic between networks based on rules. | Strong network boundary control, app-aware blocking. | Limited visibility into encrypted or internal traffic. | IPS, NDR, Proxy |
| 🚨 IPS / IDS (Intrusion Prevention/Detection System) | Detects (IDS) and blocks (IPS) suspicious traffic patterns. | Identifies known attack signatures, detects anomalies. | Struggles with encrypted or new/unknown threats. | Firewall, NDR |
| 🕸️ NDR (Network Detection & Response) | Monitors internal and external network traffic for threats. | Sees lateral movement, detects anomalies across the network. | Can’t see endpoint-level details. | EDR, SIEM, IPS |
| 🔍 SIEM (Security Information & Event Management) | Collects, correlates, and analyzes logs from all systems for alerts and reporting. | Central visibility, compliance, incident investigation. | Can be noisy, needs tuning, doesn’t block threats directly. | EDR, NDR, IAM, SOAR |
| 🤖 SOAR (Security Orchestration, Automation & Response) | Automates responses to alerts (from SIEM, EDR, etc.). | Speeds up incident response, reduces analyst fatigue. | Needs strong integrations and predefined playbooks. | SIEM, EDR, XDR |
| 🔑 IAM (Identity & Access Management) | Manages user identities, authentication, and access rights. | Centralized access control, SSO, MFA. | Doesn’t monitor behavior post-login. | PAM, ZTNA, MDM |
| 🧰 PAM (Privileged Access Management) | Secures and audits high-privilege accounts (admins, root). | Strong protection for critical accounts. | Complex setup, limited general user coverage. | IAM, SIEM |
| 🚪 ZTNA (Zero Trust Network Access) | Replaces VPNs with identity-aware, application-specific access. | Enforces least privilege, better remote access security. | May need many integrations and agents. | IAM, SDP, Firewall |
| 🧮 DLP (Data Loss Prevention) | Detects and prevents sensitive data from leaving the organization. | Protects data in motion, rest, and use. | False positives, needs content tuning. | CASB, SIEM |
| ☁️ CASB (Cloud Access Security Broker) | Enforces security policies on SaaS and cloud use. | Visibility and control over cloud apps, user activity. | Limited endpoint visibility. | DLP, ZTNA, IAM |
| 🧩 SASE (Secure Access Service Edge) | Cloud-delivered combo of firewall, ZTNA, CASB, and more. | Centralized cloud-based security, good for remote work. | Depends on internet connectivity, vendor lock-in. | ZTNA, CASB, Firewall |
| 🔍 Vulnerability Management / Scanner (e.g., Nessus, Qualys) | Scans systems for unpatched vulnerabilities. | Great for identifying weaknesses. | Doesn’t block attacks, just reports. | SIEM, EDR |
| 📋 Patch Management | Automates OS and software updates. | Reduces known vulnerabilities quickly. | Limited protection against zero-days. | MDM, EDR |
| 📡 DNS Filtering / Web Proxy | Filters DNS or web traffic for malicious domains or content. | Stops phishing, C2, and malware download attempts early. | Can be bypassed or evaded. | Firewall, CASB |
| 🔎 Email Security Gateway | Filters spam, phishing, and malware in emails. | Protects the #1 attack vector (email). | May miss sophisticated phishing. | SIEM, DLP, CASB |