Further refinement of Defend categories v2
Defend categories:
Runtime Application Security (detects new exploits to existing code and potentially production scanning; key is automatically takes ACTION to stop the threat)
- Runtime Application Instrumentation
- WAF
Threat detection and management
- Threat Detection
- UEBA (aka machine learning)
- Honeypots
- Add: Vulnerability Management (could be combo of security dashboards and issue boards)
Data Security
- Data Encryption (potential for auto-remediation to add check for encryption)
- Data Loss Prevention (let’s move it under Data Security)
- Data Storage (if it’s a thing and it doesn’t fit under App Infrastructure below)
ADD: Application Infrastructure Security
- Cloud Security Gateway (like ZScaler)
- Container security (like NueVector)
I would also add this to Manage:
Continuous Compliance (or Software Compliance) - defend against cyber security risks from intervention in the SDLC (the compliance features like audit, approvers, etc)
@markpundsack @bikebilly What do you think (after we push the other MR live: gitlab-com/www-gitlab-com!17542 (comment 127575555))