Antivirus or anti-virus software (often abbreviated as AV), sometimes known as anti-malware software, is computer software used to prevent, detect and remove malicious software.
Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the propagation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from: malicious Browser Helper Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT) and botnet DDoS attacks.
A firewall is a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet (i.e., the local network to which you are connected) must pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
The application-specific granular security policies provided by Next Generation Firewalls help them detect application-specific attacks, giving them the potential to catch more malicious activity than more traditional firewalls. Next Generation Firewalls (NGFWs) blend the features of a standard firewall with quality of service (QoS) functionalities in order to provide smarter and deeper inspection.
All firewalls can also work also VPN gateways which allows network admins to extend network to remote offices securely through public media and to enable remote access for mobile users.
Unified Threat Management systems include those features of firewalls plus additional technologies such as email security, URL filtering, wireless security and web application firewalls.
Web Application Firewalls
WAFs are designed to protect web applications/servers from web-based attacks that IPSs cannot prevent. Where IPSs interrogate traffic against signatures and anomalies, WAFs interrogate the behavior and logic of what is requested and returned. WAFs protect against web application threats like SQL injection, cross-site scripting, session hijacking, parameter or URL tampering and buffer overflows. They do so in the same manner an IPS does, by analyzing the contents of each incoming and outgoing packet. WAFs are typically deployed in some sort of proxy fashion just in front of the web applications, so they do not see all traffic on our networks. By monitoring the traffic before it reaches the web application, WAFs can analyze requests before passing them on. This is what gives them such an advantage over IPSs. Because IPSs are designed to interrogate all network traffic, they cannot analyze the application layer as thoroughly.
WAFs not only detect attacks that are known to occur in web application environments, they also detect (and can prevent) new unknown types of attacks. By watching for unusual or unexpected patterns in the traffic they can alert and/or defend against unknown attacks. For example- if a WAF detects that the application is returning much more data than it is expected to, the WAF can block it and alert someone.
Security Information and Event Management
Compliance requirements (Governmental, PCI, etc)., obtaining and continuing certifications (such as ISO 27000), Log management and retention, security event correlation and real-time monitoring, confirmation of Policy enforcement and violations, Zero-day threat detection, APT detection, Forensics are the top reasons for any organization to implement SIEM solution in their network. It helps security analysts to make logical, well-versed investigations into activities on the network to determine their impact on security integrity and business continuity.