What is a Security Tech Stack?

Stu Sjouwerman | Jun 7, 2022

What is a security tech stack? This is a bare-bones quick overview. 

First of all, the term “stack” is used because it describes layers that deliver services and exchange information to achieve a higher level service. The concept of a “security stack” communicates that security must be an integrated set of services.
 
Every layer is a particular technology with its own features.  The security stack needs to be designed from the ground up knowing that security is a vital network element, just like multiple blueprints (electrical, plumbing, flooring, etc.) are required to construct a safe and stable building. Whitepaper with more
 
So, what would be a rock-bottom, bare minimum security stack? Here is a picture. We should add secure login to that as a fifth layer. 
security-tech-stack

In general, there are a few things that CISOs agree on in the sense of bare minimum, here is a list of 5 essentials:

  1. Email security
  2. Security awareness training
  3. Multi-factor authentication
  4. A good endpoint protection tool like next-generation antivirus 
  5. Patching and vulnerability management

But there are literally tons of other layers (tools) that in many cases should be added. Here is a picture of a security stack that a managed security service provider (MSSP) created for their customers. The layers together provide a higher level service, and include some of the bare minimum list above. 

mssp-security-tech-stack

However, it can get super sophisticated! Here is an example of a list of technologies in orange on the left that gives you an idea of the potential complexity, of in this case the Azure security stack.

Azure security stack

 

 

Topics: Cybersecurity

Build Your Custom Security Awareness Program in 5 Minutes

Many IT and security professionals struggle to build a security culture program that actually changes behavior. Answer seven quick questions about your organization’s goals, compliance needs, and culture to automatically generate a customized roadmap based on industry best practices, complete with actionable tasks and a scheduling calendar.

Create Your Free ASAP Roadmap

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.